package com.elitescloud.cloudt.authorization.api.client.config;

import com.elitescloud.cloudt.authorization.api.client.config.security.AbstractServletSecurityConfig;
import com.elitescloud.cloudt.authorization.api.client.config.security.OAuth2ResourceServletSecurityConfig;
import com.elitescloud.cloudt.authorization.api.client.config.security.SingleClientServletSecurityConfig;
import com.elitescloud.cloudt.authorization.api.client.config.support.AuthenticationCache;
import com.elitescloud.cloudt.authorization.api.client.config.support.RedisAuthenticationCache;
import com.elitescloud.cloudt.authorization.api.client.config.support.dubbo.SecurityDubboConfig;
import com.elitescloud.cloudt.authorization.api.client.config.support.springcloud.SecuritySpringCloudConfig;
import com.elitescloud.cloudt.authorization.api.client.tool.RedisHelper;
import com.elitescloud.cloudt.authorization.api.client.util.JwtUtil;
import com.elitescloud.cloudt.common.base.BaseCallbackWrapper;
import com.elitescloud.cloudt.common.config.cache.RedisCacheAutoConfiguration;
import com.elitescloud.cloudt.common.util.RedisUtils;
import com.elitescloud.cloudt.context.redis.RedisWrapper;
import com.elitescloud.cloudt.context.threadpool.support.ContextTransfer;
import com.nimbusds.jose.jwk.RSAKey;
import java.util.Collections;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.web.SecurityFilterChain;

@EnableConfigurationProperties({AuthorizationProperties.class})
@Import({OnEnableSecurity.class, OnDisableSecurity.class})
@AutoConfigureAfter({RedisCacheAutoConfiguration.class})
/* loaded from: input_file:com/elitescloud/cloudt/authorization/api/client/config/AuthorizationClientAutoConfiguration.class */
public class AuthorizationClientAutoConfiguration {
    private static final Logger log = LogManager.getLogger(AuthorizationClientAutoConfiguration.class);

    @ConditionalOnProperty(prefix = AuthorizationProperties.CONFIG_PREFIX, name = {"enabled"}, havingValue = "false")
    /* loaded from: input_file:com/elitescloud/cloudt/authorization/api/client/config/AuthorizationClientAutoConfiguration$OnDisableSecurity.class */
    static class OnDisableSecurity {
        public OnDisableSecurity() {
            AuthorizationClientAutoConfiguration.log.info("禁用安全配置");
        }

        @ConditionalOnMissingBean(name = {AbstractServletSecurityConfig.SECURITY_CHAIN_DEFAULT})
        @Bean
        @Order(Integer.MIN_VALUE)
        public SecurityFilterChain defaultFilterChain(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).permitAll();
            return (SecurityFilterChain) httpSecurity.build();
        }
    }

    @ConditionalOnProperty(prefix = AuthorizationProperties.CONFIG_PREFIX, name = {"enabled"}, havingValue = "true", matchIfMissing = true)
    @Import({SingleClientServletSecurityConfig.class, OAuth2ResourceServletSecurityConfig.class, SecuritySpringCloudConfig.class, SecurityDubboConfig.class})
    /* loaded from: input_file:com/elitescloud/cloudt/authorization/api/client/config/AuthorizationClientAutoConfiguration$OnEnableSecurity.class */
    static class OnEnableSecurity {
        private final AuthorizationProperties authorizationProperties;

        public OnEnableSecurity(AuthorizationProperties authorizationProperties) {
            this.authorizationProperties = authorizationProperties;
            AuthorizationClientAutoConfiguration.log.info("启用安全配置");
        }

        @ConditionalOnMissingBean
        @ConditionalOnBean({RedisUtils.class})
        @Bean
        public RedisHelper redisHelper(RedisUtils redisUtils, ObjectProvider<RedisWrapper> objectProvider) {
            return new RedisHelper(redisUtils, (BaseCallbackWrapper) objectProvider.getIfAvailable());
        }

        @ConditionalOnMissingBean
        @ConditionalOnBean({RedisHelper.class})
        @Bean
        public AuthenticationCache defaultAuthenticationCache(RedisHelper redisHelper) {
            return new RedisAuthenticationCache(redisHelper);
        }

        @ConditionalOnMissingBean
        @Bean
        public JwtDecoder jwtDecoder(RSAKey rSAKey) {
            NimbusJwtDecoder buildJwtDecoder = JwtUtil.buildJwtDecoder(rSAKey);
            if (buildJwtDecoder instanceof NimbusJwtDecoder) {
                NimbusJwtDecoder nimbusJwtDecoder = buildJwtDecoder;
                if (this.authorizationProperties.getTokenRenewal() != null && this.authorizationProperties.getTokenRenewal().toSeconds() > 0) {
                    nimbusJwtDecoder.setJwtValidator(new DelegatingOAuth2TokenValidator(Collections.emptyList()));
                }
            }
            return buildJwtDecoder;
        }
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        DelegatingPasswordEncoder createDelegatingPasswordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
        createDelegatingPasswordEncoder.setDefaultPasswordEncoderForMatches(new BCryptPasswordEncoder());
        return createDelegatingPasswordEncoder;
    }

    @Bean
    public ContextTransfer<SecurityContext> contextTransferSecurityContext() {
        return new ContextTransfer<SecurityContext>() { // from class: com.elitescloud.cloudt.authorization.api.client.config.AuthorizationClientAutoConfiguration.1
            /* renamed from: getContext, reason: merged with bridge method [inline-methods] */
            public SecurityContext m7getContext() {
                return SecurityContextHolder.getContext();
            }

            public void setContext(SecurityContext securityContext) {
                SecurityContextHolder.setContext(securityContext);
            }

            public void clearContext() {
                SecurityContextHolder.clearContext();
            }
        };
    }
}
