package com.yanyun.auth.config;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.yanyun.auth.api.ApiController;
import com.yanyun.auth.api.AuthController;
import com.yanyun.auth.dto.ResultDto;
import com.yanyun.auth.model.SystemUserModel;
import com.yanyun.auth.service.AuthPermissionService;
import com.yanyun.auth.service.AuthRoleService;
import com.yanyun.auth.service.AuthSystemService;
import com.yanyun.auth.service.AuthUserService;
import com.yanyun.auth.swagger.SwaggerPluginConfiguration;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Set;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpMethod;
import org.springframework.scheduling.annotation.EnableAsync;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.web.client.RestTemplate;

@EnableConfigurationProperties({AuthProperties.class})
@Configuration
@EnableAsync
@Import({AuthAnnotationConfiguration.class, SwaggerPluginConfiguration.class})
/* loaded from: input_file:com/yanyun/auth/config/AuthResourceAutoConfiguration.class */
public class AuthResourceAutoConfiguration {
    private static final Logger logger = LoggerFactory.getLogger(AuthResourceAutoConfiguration.class);

    @Autowired
    private AuthProperties authProperties;

    @Configuration
    @EnableResourceServer
    @ConditionalOnProperty(prefix = "authentication", name = {"enable"}, matchIfMissing = false)
    @EnableGlobalMethodSecurity(prePostEnabled = true)
    /* loaded from: input_file:com/yanyun/auth/config/AuthResourceAutoConfiguration$CustomAuthConfigruation.class */
    class CustomAuthConfigruation extends ResourceServerConfigurerAdapter {
        CustomAuthConfigruation() {
        }

        public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) throws Exception {
            resourceServerSecurityConfigurer.tokenStore(AuthResourceAutoConfiguration.this.jwtTokenStore()).accessDeniedHandler((httpServletRequest, httpServletResponse, accessDeniedException) -> {
                httpServletResponse.setContentType("application/json;charset=utf-8");
                ObjectMapper objectMapper = new ObjectMapper();
                HashMap hashMap = new HashMap();
                hashMap.put("code", "403");
                hashMap.put("path", httpServletRequest.getRequestURI());
                hashMap.put("msg", "权限不足,请与管理员联系");
                objectMapper.writeValue(httpServletResponse.getOutputStream(), hashMap);
            }).authenticationEntryPoint((httpServletRequest2, httpServletResponse2, authenticationException) -> {
                httpServletResponse2.setContentType("application/json;charset=utf-8");
                ObjectMapper objectMapper = new ObjectMapper();
                HashMap hashMap = new HashMap();
                hashMap.put("path", httpServletRequest2.getRequestURI());
                if (authenticationException.getCause() instanceof InvalidTokenException) {
                    hashMap.put("code", "403");
                    hashMap.put("msg", "token无效,请确定token是否正确");
                } else {
                    hashMap.put("code", "401");
                    hashMap.put("msg", "需要认证才可以访问");
                }
                objectMapper.writeValue(httpServletResponse2.getOutputStream(), hashMap);
            });
        }

        public void configure(HttpSecurity httpSecurity) throws Exception {
            Set<String> allPermission;
            httpSecurity.csrf().disable();
            if (AuthResourceAutoConfiguration.this.authProperties.isDev()) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/**"})).permitAll();
                return;
            }
            String str = AuthResourceAutoConfiguration.this.authProperties.getClientId() + "_admin";
            AuthUserService authUserService = AuthResourceAutoConfiguration.this.authUserService();
            ResultDto<SystemUserModel> systemUsersByClientIdAndUsername = authUserService.getSystemUsersByClientIdAndUsername(AuthResourceAutoConfiguration.this.authProperties.getClientId(), AuthResourceAutoConfiguration.this.authProperties.getClientId() + "admin");
            if (systemUsersByClientIdAndUsername == null || systemUsersByClientIdAndUsername.getCode().intValue() != 200) {
                new Thread(() -> {
                    SystemUserModel systemUserModel = new SystemUserModel();
                    systemUserModel.setUsername(AuthResourceAutoConfiguration.this.authProperties.getClientId() + "admin");
                    systemUserModel.setClientId(AuthResourceAutoConfiguration.this.authProperties.getClientId());
                    HashMap hashMap = new HashMap();
                    hashMap.put("info", "系统初始化的超级管理员");
                    systemUserModel.setCustomInfo(hashMap);
                    systemUserModel.setRoles(new HashSet(Arrays.asList(str)));
                    String substring = UUID.randomUUID().toString().replaceAll("-", "").substring(0, 6);
                    AuthResourceAutoConfiguration.logger.info("系统初始化用户[" + AuthResourceAutoConfiguration.this.authProperties.getClientId() + "admin],密码为:[" + substring + "],请牢记！！！");
                    systemUserModel.setPassword(substring);
                    authUserService.registerSystemUser(systemUserModel, null);
                }).start();
            }
            ScanPermissionComponent scanPermissionComponent = AuthResourceAutoConfiguration.this.scanPermissionComponent();
            if (scanPermissionComponent != null && (allPermission = scanPermissionComponent.getAllPermission()) != null && allPermission.size() > 0) {
                allPermission.stream().forEach(str2 -> {
                    String[] split = str2.split(":");
                    if (split == null || split.length != 3) {
                        return;
                    }
                    String str2 = split[0];
                    String str3 = split[1];
                    String str4 = split[2];
                    try {
                        boolean z = -1;
                        switch (str3.hashCode()) {
                            case -531492226:
                                if (str3.equals("OPTIONS")) {
                                    z = 7;
                                    break;
                                }
                                break;
                            case 70454:
                                if (str3.equals("GET")) {
                                    z = false;
                                    break;
                                }
                                break;
                            case 79599:
                                if (str3.equals("PUT")) {
                                    z = 2;
                                    break;
                                }
                                break;
                            case 2213344:
                                if (str3.equals("HEAD")) {
                                    z = 5;
                                    break;
                                }
                                break;
                            case 2461856:
                                if (str3.equals("POST")) {
                                    z = true;
                                    break;
                                }
                                break;
                            case 75900968:
                                if (str3.equals("PATCH")) {
                                    z = 4;
                                    break;
                                }
                                break;
                            case 80083237:
                                if (str3.equals("TRACE")) {
                                    z = 6;
                                    break;
                                }
                                break;
                            case 2012838315:
                                if (str3.equals("DELETE")) {
                                    z = 3;
                                    break;
                                }
                                break;
                        }
                        switch (z) {
                            case false:
                                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(HttpMethod.GET, new String[]{str4})).hasAnyRole(new String[]{str2, str});
                                break;
                            case true:
                                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(HttpMethod.POST, new String[]{str4})).hasAnyRole(new String[]{str2, str});
                                break;
                            case true:
                                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(HttpMethod.PUT, new String[]{str4})).hasAnyRole(new String[]{str2, str});
                                break;
                            case true:
                                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(HttpMethod.DELETE, new String[]{str4})).hasAnyRole(new String[]{str2, str});
                                break;
                            case true:
                                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(HttpMethod.PATCH, new String[]{str4})).hasAnyRole(new String[]{str2, str});
                                break;
                            case true:
                                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(HttpMethod.HEAD, new String[]{str4})).hasAnyRole(new String[]{str2, str});
                                break;
                            case true:
                                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(HttpMethod.TRACE, new String[]{str4})).hasAnyRole(new String[]{str2, str});
                                break;
                            case true:
                                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(HttpMethod.OPTIONS, new String[]{str4})).hasAnyRole(new String[]{str2, str});
                                break;
                            default:
                                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{str4})).hasAnyRole(new String[]{str2, str});
                                break;
                        }
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                });
            }
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).permitAll();
        }
    }

    @ConditionalOnMissingBean
    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        jwtAccessTokenConverter.setSigningKey(this.authProperties.getSigningKey());
        return jwtAccessTokenConverter;
    }

    @ConditionalOnMissingBean
    @Bean
    public JwtTokenStore jwtTokenStore() {
        return new CustomJwtTokenStore(accessTokenConverter());
    }

    @ConditionalOnMissingBean
    @Bean
    public RestTemplate restTemplate() {
        return new RestTemplate();
    }

    @ConditionalOnMissingBean
    @Bean
    public AuthSystemService authSystemService() {
        return new AuthSystemService(restTemplate(), this.authProperties.getAuthUrl(), this.authProperties.getAuthKey());
    }

    @ConditionalOnMissingBean
    @Bean
    public AuthUserService authUserService() {
        return new AuthUserService(restTemplate(), this.authProperties.getClientId(), this.authProperties.getClientSecret(), this.authProperties.getAuthUrl(), this.authProperties.getAuthKey());
    }

    @ConditionalOnMissingBean
    @Bean
    public AuthRoleService authRoleService() {
        return new AuthRoleService(restTemplate(), this.authProperties.getClientId(), this.authProperties.getAuthUrl(), this.authProperties.getAuthKey());
    }

    @ConditionalOnMissingBean
    @Bean
    public AuthPermissionService authPermissionService() {
        return new AuthPermissionService(restTemplate(), this.authProperties.getClientId(), this.authProperties.getAuthUrl(), this.authProperties.getAuthKey());
    }

    @ConditionalOnMissingBean
    @ConditionalOnProperty(prefix = "authentication", name = {"enableScanPermission"}, matchIfMissing = false)
    @Bean
    public ScanPermissionComponent scanPermissionComponent() {
        return new ScanPermissionComponent(this.authProperties, authPermissionService());
    }

    @ConditionalOnMissingBean
    @Bean
    public AuthController authController() {
        return new AuthController(authUserService(), authRoleService(), authSystemService(), authPermissionService());
    }

    @Bean
    public ApiController apiController() {
        return new ApiController();
    }
}
