package security.config;

import framework.captcha.Captcha;
import framework.captcha.CaptchaSimple;
import framework.config.SecurityConfig;
import framework.exceptions.ConfigurationException;
import framework.runtime.SystemContext;
import framework.security.AccountLoader;
import framework.security.AuthService;
import framework.security.FunctionPermission;
import framework.security.password.PasswordService;
import framework.security.token.AuthTokenBuilder;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.Filter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.cache.CacheManager;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.util.StringUtils;
import security.filters.TokenAuthenticationFilter;
import security.processor.AuthFailedProcessor;
import security.processor.AuthSuccessProcessor;
import security.processor.LogoutSuccessProcessor;
import security.processor.NoAuthProcessor;
import security.processor.NoPermissionProcessor;
import security.service.AuthServiceImpl;
import security.service.PasswordServiceImpl;

/* loaded from: input_file:security/config/SecurityConfiguration.class */
public abstract class SecurityConfiguration {
    private static final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);

    public PasswordService newPasswordService(SecurityConfig securityConfig) {
        return new PasswordServiceImpl();
    }

    public AuthTokenBuilder newTokenBuilder(SecurityConfig securityConfig) {
        return new AuthTokenBuilder(securityConfig.getTokenSecret());
    }

    public AuthService newAuthService(SecurityConfig securityConfig) {
        return new AuthServiceImpl();
    }

    public abstract AccountLoader newAccountLoader(SecurityConfig securityConfig);

    protected AuthenticationFailureHandler loadAuthenticationFailureHandler(SecurityConfig securityConfig) {
        return (AuthenticationFailureHandler) SystemContext.getBean(AuthFailedProcessor.class);
    }

    protected AuthenticationSuccessHandler loadAuthenticationSuccessHandler(SecurityConfig securityConfig) {
        return (AuthenticationSuccessHandler) SystemContext.getBean(AuthSuccessProcessor.class);
    }

    protected LogoutSuccessHandler loadLogoutSuccessHandler(SecurityConfig securityConfig) {
        return (LogoutSuccessHandler) SystemContext.getBean(LogoutSuccessProcessor.class);
    }

    protected AuthenticationEntryPoint loadAuthenticationEntryPoint(SecurityConfig securityConfig) {
        return (AuthenticationEntryPoint) SystemContext.getBean(NoAuthProcessor.class);
    }

    protected AccessDeniedHandler loadAccessDeniedHandler(SecurityConfig securityConfig) {
        return (AccessDeniedHandler) SystemContext.getBean(NoPermissionProcessor.class);
    }

    public Captcha newloadCaptcha(CacheManager cacheManager) {
        return new CaptchaSimple(cacheManager.getCache("Captcha"));
    }

    public SecurityFilterChain chain(HttpSecurity httpSecurity) throws Exception {
        return (SecurityFilterChain) httpSecurity.build();
    }

    public SecurityConfiguration configure(HttpSecurity httpSecurity) throws Exception {
        SecurityConfig loadSecurityConfig = loadSecurityConfig();
        configure00Before(httpSecurity, loadSecurityConfig);
        configure01CORS(httpSecurity, loadSecurityConfig);
        configure02Login(httpSecurity, loadSecurityConfig);
        configure03Logout(httpSecurity, loadSecurityConfig);
        configure04Exception(httpSecurity, loadSecurityConfig);
        configure05FunctionPermissions(httpSecurity, loadSecurityConfig);
        configure06Anonymous(httpSecurity, loadSecurityConfig);
        configureNoSetAuth(httpSecurity, loadSecurityConfig);
        configure07CSRF(httpSecurity, loadSecurityConfig);
        configure08Frame(httpSecurity, loadSecurityConfig);
        configure09BasicAuth(httpSecurity, loadSecurityConfig);
        configure10BearerFilter(httpSecurity, loadSecurityConfig);
        configure11Session(httpSecurity, loadSecurityConfig);
        configure99After(httpSecurity, loadSecurityConfig);
        return this;
    }

    protected void configureNoSetAuth(HttpSecurity httpSecurity, SecurityConfig securityConfig) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).denyAll();
    }

    protected void configure00Before(HttpSecurity httpSecurity, SecurityConfig securityConfig) {
    }

    protected void configure99After(HttpSecurity httpSecurity, SecurityConfig securityConfig) {
    }

    protected void configure11Session(HttpSecurity httpSecurity, SecurityConfig securityConfig) throws Exception {
        if (securityConfig.getEnableSession().booleanValue()) {
            httpSecurity.sessionManagement().sessionCreationPolicy(sessionPolicy(securityConfig));
        } else {
            httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }
    }

    protected void configure10BearerFilter(HttpSecurity httpSecurity, SecurityConfig securityConfig) throws Exception {
        if (securityConfig.getEnableBearerToken().booleanValue()) {
            httpSecurity.addFilterBefore(loadTokenAuthenticationFilter(securityConfig), UsernamePasswordAuthenticationFilter.class);
        }
    }

    protected void configure09BasicAuth(HttpSecurity httpSecurity, SecurityConfig securityConfig) throws Exception {
        if (securityConfig.getEnableBasicAuth().booleanValue()) {
            httpSecurity.httpBasic();
        }
    }

    protected void configure08Frame(HttpSecurity httpSecurity, SecurityConfig securityConfig) throws Exception {
        httpSecurity.headers().frameOptions().disable();
    }

    protected void configure07CSRF(HttpSecurity httpSecurity, SecurityConfig securityConfig) throws Exception {
        if (securityConfig.getEnableCsrf().booleanValue()) {
            httpSecurity.csrf();
        } else {
            httpSecurity.csrf().disable();
        }
    }

    protected void configure06Anonymous(HttpSecurity httpSecurity, SecurityConfig securityConfig) throws Exception {
        List<String> loadAnonymousPaths = loadAnonymousPaths(securityConfig);
        String pathAnonList = securityConfig.getPathAnonList();
        if (StringUtils.hasText(pathAnonList)) {
            for (String str : pathAnonList.split(",")) {
                if (StringUtils.hasText(str)) {
                    loadAnonymousPaths.add(str);
                }
            }
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers((String[]) loadAnonymousPaths.toArray(new String[0]))).permitAll();
        Iterator<String> it = loadAnonymousPaths.iterator();
        while (it.hasNext()) {
            log.info("anonymous path: {}", it.next());
        }
    }

    protected void configure04Exception(HttpSecurity httpSecurity, SecurityConfig securityConfig) throws Exception {
        httpSecurity.exceptionHandling().accessDeniedHandler(loadAccessDeniedHandler(securityConfig)).authenticationEntryPoint(loadAuthenticationEntryPoint(securityConfig));
    }

    protected void configure03Logout(HttpSecurity httpSecurity, SecurityConfig securityConfig) throws Exception {
        httpSecurity.logout().logoutUrl(securityConfig.getLogoutPath()).logoutSuccessHandler(loadLogoutSuccessHandler(securityConfig));
    }

    protected void configure02Login(HttpSecurity httpSecurity, SecurityConfig securityConfig) throws Exception {
        httpSecurity.formLogin().loginPage(securityConfig.getLoginPath()).successHandler(loadAuthenticationSuccessHandler(securityConfig)).failureHandler(loadAuthenticationFailureHandler(securityConfig));
    }

    protected void configure01CORS(HttpSecurity httpSecurity, SecurityConfig securityConfig) throws Exception {
        httpSecurity.cors();
    }

    protected SessionCreationPolicy sessionPolicy(SecurityConfig securityConfig) {
        return SessionCreationPolicy.IF_REQUIRED;
    }

    protected void configure05FunctionPermissions(HttpSecurity httpSecurity, SecurityConfig securityConfig) throws Exception {
        List<FunctionPermission> loadFunctionPermissionList = loadFunctionPermissionList(securityConfig);
        String pathAuthList = securityConfig.getPathAuthList();
        if (StringUtils.hasText(pathAuthList)) {
            for (String str : pathAuthList.split(",")) {
                if (StringUtils.hasText(str)) {
                    loadFunctionPermissionList.add(new FunctionPermission(str, "AUTH", (String) null));
                }
            }
        }
        int i = 0;
        if (loadFunctionPermissionList != null) {
            for (FunctionPermission functionPermission : loadFunctionPermissionList) {
                if (StringUtils.hasText(functionPermission.getPath()) && functionPermission.getPath().startsWith("/") && StringUtils.hasText(functionPermission.getPermission())) {
                    if (StringUtils.hasText(functionPermission.getPermission())) {
                        String[] split = functionPermission.getPermission().split(",");
                        if (StringUtils.hasLength(functionPermission.getMethod())) {
                            try {
                                HttpMethod valueOf = HttpMethod.valueOf(functionPermission.getMethod());
                                if (split.length > 1) {
                                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(valueOf, new String[]{functionPermission.getPath()})).hasAnyAuthority(split);
                                } else if (functionPermission.getPermission().equals("AUTH")) {
                                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{functionPermission.getMethod(), functionPermission.getPath()})).authenticated();
                                } else if (functionPermission.getPermission().equals("ANON")) {
                                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{functionPermission.getMethod(), functionPermission.getPath()})).anonymous();
                                } else {
                                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(valueOf, new String[]{functionPermission.getPath()})).hasAuthority(functionPermission.getPermission());
                                }
                            } catch (Exception e) {
                                throw new ConfigurationException("FunctionPermission invalid by " + functionPermission.getPath(), e);
                            }
                        } else if (split.length > 1) {
                            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{functionPermission.getPath()})).hasAnyAuthority(split);
                        } else if (functionPermission.getPermission().equals("AUTH")) {
                            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{functionPermission.getPath()})).authenticated();
                        } else if (functionPermission.getPermission().equals("ANON")) {
                            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{functionPermission.getPath()})).anonymous();
                        } else {
                            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{functionPermission.getPath()})).hasAuthority(functionPermission.getPermission());
                        }
                    }
                    i++;
                }
            }
        }
        log.info("Load {} function permission", Integer.valueOf(i));
    }

    protected List<FunctionPermission> loadFunctionPermissionList(SecurityConfig securityConfig) {
        return loadUserLoader(securityConfig).loadFunctionPermission();
    }

    protected List<String> loadAnonymousPaths(SecurityConfig securityConfig) {
        ArrayList arrayList = new ArrayList();
        arrayList.add("/");
        arrayList.add("/favicon.ico");
        arrayList.add("/robots.txt");
        arrayList.add("/js/**");
        arrayList.add("/css/**");
        arrayList.add("/img/**");
        arrayList.add("/swagger-ui/**");
        arrayList.add("/swagger-resources/**");
        arrayList.add("/v3/api-docs");
        arrayList.add("/v2/api-docs");
        return arrayList;
    }

    protected Filter loadTokenAuthenticationFilter(SecurityConfig securityConfig) {
        return (Filter) SystemContext.getBean(TokenAuthenticationFilter.class);
    }

    protected AccountLoader loadUserLoader(SecurityConfig securityConfig) {
        return (AccountLoader) SystemContext.getBean(AccountLoader.class);
    }

    protected SecurityConfig loadSecurityConfig() {
        return (SecurityConfig) SystemContext.getBean(SecurityConfig.class);
    }
}
