package com.el.core.security;

import com.el.core.security.auth.AuthListener;
import com.el.core.security.auth.AuthRealm;
import com.el.core.security.auth.AuthRealmsSecurityManager;
import com.el.core.security.rbac.RbacOperationPermission;
import com.el.core.security.rbac.RbacRepository;
import com.el.core.web.OpResult;
import java.util.Collections;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

@EnableConfigurationProperties({SecurityProperties.class})
@Configuration
/* loaded from: input_file:com/el/core/security/SecurityConfig.class */
public class SecurityConfig {
    private static final Logger log = LoggerFactory.getLogger(SecurityConfig.class);

    @Bean
    public FilterRegistrationBean securityFilterRegistrationBean(SecurityFilter securityFilter) {
        log.info("[CORE-SEC] securityFilterRegistrationBean");
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter(securityFilter);
        filterRegistrationBean.addInitParameter("targetFilterLifecycle", "true");
        filterRegistrationBean.addUrlPatterns(new String[]{"/*"});
        return filterRegistrationBean;
    }

    @ConditionalOnMissingBean({AuthcChecker.class})
    @Bean
    public AuthcChecker authcChecker() {
        return AuthcChecker.OK;
    }

    @Bean
    public SecurityFilter securityFilter(SecurityProperties securityProperties, AuthRealmsSecurityManager authRealmsSecurityManager, SecurityFilterChainsBuilder securityFilterChainsBuilder, AuthcChecker authcChecker) {
        log.info("[CORE-SEC] securityFilter: {}", securityProperties);
        return new SecurityFilter(authRealmsSecurityManager, securityFilterChainsBuilder.build(), authcChecker, httpServletRequest -> {
            return !securityProperties.xsrfEnabled() || SecurityUtil.checkXsrfToken(httpServletRequest);
        });
    }

    @Bean
    public SecurityFilterChainsBuilder securityFilterChainsBuilder(RolesBasedPermissionProvider rolesBasedPermissionProvider) {
        log.info("[CORE-SEC] securityFilterChainsBuilder");
        return new SecurityFilterChainsBuilder(rolesBasedPermissionProvider);
    }

    @Bean
    public SecurityFilterChainsOperator securityFilterChainsOperator(SecurityFilter securityFilter, SecurityFilterChainsBuilder securityFilterChainsBuilder) {
        log.info("[CORE-SEC] securityFilterChainsOperator");
        return new SecurityFilterChainsOperator(securityFilter, securityFilterChainsBuilder);
    }

    @Bean
    public AuthRealmsSecurityManager authRealmsSecurityManager(List<AuthRealm> list, RbacRepository rbacRepository, @Autowired(required = false) List<AuthListener> list2) {
        log.info("[CORE-SEC] authRealmsSecurityManager: {} realms and {} listeners", Integer.valueOf(list.size()), Integer.valueOf(list2 == null ? 0 : list2.size()));
        return new AuthRealmsSecurityManager(list, rbacRepository, list2 == null ? Collections.emptyList() : list2);
    }

    @Bean
    public SecurityBeanLifecycleProcessor securityBeanLifecycleProcessor() {
        log.info("[CORE-SEC] securityBeanLifecycleProcessor");
        return new SecurityBeanLifecycleProcessor();
    }

    @ConditionalOnProperty({"security.cors"})
    @Bean
    public FilterRegistrationBean corsFilterRegistrationBean(SecurityProperties securityProperties) {
        String allowedOrigin = securityProperties.allowedOrigin();
        log.info("[CORE-SEC] CORS enabled with {}", allowedOrigin);
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean(new CorsFilter(corsConfigSource(allowedOrigin)), new ServletRegistrationBean[0]);
        filterRegistrationBean.setOrder(0);
        return filterRegistrationBean;
    }

    private UrlBasedCorsConfigurationSource corsConfigSource(String str) {
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowCredentials(true);
        corsConfiguration.addAllowedOrigin(str);
        corsConfiguration.addAllowedHeader(RbacOperationPermission.WILD_OPERATION);
        corsConfiguration.addAllowedMethod(RbacOperationPermission.WILD_OPERATION);
        corsConfiguration.addExposedHeader(OpResult.HTTP_HEADER_ATTR);
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return urlBasedCorsConfigurationSource;
    }
}
