package com.elitescloud.cloudt.authorization.api.provider.config;

import com.elitescloud.cloudt.authorization.api.client.config.AuthorizationProperties;
import com.elitescloud.cloudt.authorization.api.client.config.CloudtAuthorizationCacheAutoConfiguration;
import com.elitescloud.cloudt.authorization.api.client.config.security.handler.DelegateAuthenticationCallable;
import com.elitescloud.cloudt.authorization.api.client.config.support.AuthenticationCache;
import com.elitescloud.cloudt.authorization.api.client.config.support.AuthenticationCallable;
import com.elitescloud.cloudt.authorization.api.client.util.JwtUtil;
import com.elitescloud.cloudt.authorization.api.provider.AuthenticationService;
import com.elitescloud.cloudt.authorization.api.provider.config.servlet.ServletOAuth2ServerConfig;
import com.elitescloud.cloudt.authorization.api.provider.config.servlet.ServletSingleConfig;
import com.elitescloud.cloudt.authorization.api.provider.provider.user.UserDetailManager;
import com.elitescloud.cloudt.authorization.api.provider.security.AuthenticationCheckService;
import com.elitescloud.cloudt.authorization.api.provider.security.generator.token.JwtTokenGenerator;
import com.elitescloud.cloudt.authorization.api.provider.security.generator.token.TokenGenerator;
import com.elitescloud.cloudt.authorization.api.provider.security.grant.InternalAuthenticationGranter;
import com.elitescloud.cloudt.authorization.api.provider.security.handler.CacheUserAuthenticationCallable;
import com.elitescloud.cloudt.authorization.api.provider.security.handler.LoginLogHandler;
import com.elitescloud.cloudt.authorization.api.provider.security.impl.DefaultAuthenticationCheckServiceImpl;
import com.elitescloud.cloudt.authorization.api.provider.security.impl.DefaultAuthenticationService;
import com.elitescloud.cloudt.authorization.api.provider.web.controller.LoginController;
import com.elitescloud.cloudt.core.config.log.config.LogProperties;
import com.elitescloud.cloudt.core.config.log.queue.LogEvent;
import com.elitescloud.cloudt.security.entity.GeneralUserDetails;
import com.lmax.disruptor.RingBuffer;
import com.nimbusds.jose.jwk.RSAKey;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.jwt.JwtClaimsSet;
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
import org.springframework.util.Assert;

@EnableWebSecurity
@AutoConfigureAfter({CloudtAuthorizationCacheAutoConfiguration.class})
@ConditionalOnProperty(prefix = "elitesland.authorization", name = {"enabled"}, havingValue = "true", matchIfMissing = true)
@Import({ServletSingleConfig.class, ServletOAuth2ServerConfig.class, SystemConfig.class, SsoConfig.class, CloudtCasClientConfig.class, LoginLogConfig.class})
/* loaded from: input_file:com/elitescloud/cloudt/authorization/api/provider/config/AuthorizationAutoConfiguration.class */
public class AuthorizationAutoConfiguration {
    private static final Logger log = LogManager.getLogger(AuthorizationAutoConfiguration.class);
    private final AuthorizationProperties authorizationProperties;

    @EnableConfigurationProperties({LogProperties.class})
    @ConditionalOnProperty(prefix = "elitesland.log.login-log", name = {"enabled"}, havingValue = "true")
    /* loaded from: input_file:com/elitescloud/cloudt/authorization/api/provider/config/AuthorizationAutoConfiguration$LoginLogConfig.class */
    static class LoginLogConfig {
        private final LogProperties logProperties;
        private final RingBuffer<LogEvent> ringBuffer;

        public LoginLogConfig(LogProperties logProperties, RingBuffer<LogEvent> ringBuffer) {
            this.logProperties = logProperties;
            this.ringBuffer = ringBuffer;
            AuthorizationAutoConfiguration.log.info("启用登录日志纪录");
        }

        @Bean
        public AuthenticationCallable authenticationCallbackLoginLog(final LoginLogHandler loginLogHandler) {
            return new AuthenticationCallable() { // from class: com.elitescloud.cloudt.authorization.api.provider.config.AuthorizationAutoConfiguration.LoginLogConfig.1
                public void onLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, Authentication authentication) throws IOException, ServletException {
                    loginLogHandler.loginLog(httpServletRequest, authentication, null);
                }

                public void onLoginFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) {
                    loginLogHandler.loginLog(httpServletRequest, null, authenticationException);
                }
            };
        }

        @Bean
        public LoginLogHandler loginLogHandler() {
            return new LoginLogHandler(this.ringBuffer, this.logProperties);
        }
    }

    public AuthorizationAutoConfiguration(AuthorizationProperties authorizationProperties) {
        this.authorizationProperties = authorizationProperties;
        Assert.notNull(authorizationProperties.getType(), "未知服务认证方式");
        log.info("服务认证方式：{}", authorizationProperties.getType());
    }

    @ConditionalOnMissingBean
    @Bean
    TokenGenerator tokenGenerator(RSAKey rSAKey, OAuth2TokenCustomizer<JwtEncodingContext> oAuth2TokenCustomizer) {
        JwtTokenGenerator jwtTokenGenerator = new JwtTokenGenerator(this.authorizationProperties, JwtUtil.buildJwtEncoder(rSAKey));
        jwtTokenGenerator.setTokenCustomizer(oAuth2TokenCustomizer);
        return jwtTokenGenerator;
    }

    @Bean
    OAuth2TokenCustomizer<JwtEncodingContext> jwtCustomizer() {
        return jwtEncodingContext -> {
            Object principal = jwtEncodingContext.getPrincipal().getPrincipal();
            JwtClaimsSet.Builder claims = jwtEncodingContext.getClaims();
            if (!(principal instanceof GeneralUserDetails)) {
                claims.claim("yst_pt", "cli");
                return;
            }
            GeneralUserDetails generalUserDetails = (GeneralUserDetails) principal;
            claims.claim("yst_un", generalUserDetails.getUsername());
            claims.claim("yst_ui", generalUserDetails.getUser().getId());
            if (generalUserDetails.getTenant() != null) {
                claims.claim("yst_ti", generalUserDetails.getTenant().getId());
            }
            claims.claim("yst_pt", "us");
        };
    }

    @Bean
    AuthenticationCallable authenticationCallableCacheUser(AuthenticationCache authenticationCache) {
        return new CacheUserAuthenticationCallable(this.authorizationProperties, authenticationCache);
    }

    @ConditionalOnMissingBean
    @Bean
    AuthenticationService authenticationService(ObjectProvider<AuthenticationCallable> objectProvider) {
        return new DefaultAuthenticationService(DelegateAuthenticationCallable.getInstance(objectProvider));
    }

    @ConditionalOnBean({AuthenticationService.class})
    @Bean
    LoginController loginSupportController(AuthenticationService authenticationService) {
        return new LoginController(authenticationService);
    }

    @Bean
    AuthenticationCheckService defaultAuthenticationCheckService() {
        return new DefaultAuthenticationCheckServiceImpl(this.authorizationProperties);
    }

    @ConditionalOnBean({UserDetailManager.class})
    @Bean
    InternalAuthenticationGranter internalAuthenticationGranter(UserDetailManager userDetailManager, TokenGenerator tokenGenerator, ObjectProvider<AuthenticationCallable> objectProvider) {
        InternalAuthenticationGranter internalAuthenticationGranter = new InternalAuthenticationGranter(userDetailManager, tokenGenerator);
        internalAuthenticationGranter.setDelegateAuthenticationCallable(DelegateAuthenticationCallable.getInstance(objectProvider));
        return internalAuthenticationGranter;
    }
}
