package com.elitescloud.boot.auth.client.config.security;

import cn.hutool.core.util.BooleanUtil;
import com.elitescloud.boot.auth.client.common.InterceptUri;
import com.elitescloud.boot.auth.client.config.AuthorizationProperties;
import com.elitescloud.boot.auth.client.config.security.configurer.AuthorizationConfigurerCustomizer;
import com.elitescloud.boot.auth.client.config.security.configurer.DefaultAuthorizationConfigurer;
import com.elitescloud.boot.auth.client.config.security.handler.DefaultAccessDeniedHandler;
import com.elitescloud.boot.auth.client.config.security.handler.DefaultAuthenticationEntryPointHandler;
import com.elitescloud.boot.auth.client.config.support.AuthenticationCache;
import com.elitescloud.boot.auth.config.AuthorizationSdkProperties;
import com.elitescloud.boot.auth.sso.SsoProvider;
import com.elitescloud.boot.auth.sso.configurer.SsoFilterConfigurer;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
import org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.savedrequest.CookieRequestCache;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.util.StringUtils;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

/* loaded from: input_file:com/elitescloud/boot/auth/client/config/security/AbstractServletSecurityConfig.class */
public abstract class AbstractServletSecurityConfig {
    private static final Logger log = LogManager.getLogger(AbstractServletSecurityConfig.class);
    public static final String SECURITY_CHAIN_DEFAULT = "defaultSecurityFilterChain";
    public static final String SECURITY_CHAIN_AUTH2_SERVER = "authorizationServerSecurityFilterChain";
    protected AuthorizationProperties authorizationProperties;
    private AuthorizationSdkProperties authorizationSdkProperties;
    protected ObjectProvider<AuthenticationCache> cacheObjectProvider;
    protected ObjectProvider<SsoProvider> ssoProviderObjectProvider;
    protected ObjectProvider<AuthorizationConfigurerCustomizer> authorizationConfigurerCustomizerObjectProvider;

    /* loaded from: input_file:com/elitescloud/boot/auth/client/config/security/AbstractServletSecurityConfig$DelegateRequestCache.class */
    static class DelegateRequestCache implements RequestCache {
        private final List<RequestCache> requestCaches = new ArrayList();

        public DelegateRequestCache() {
            this.requestCaches.add(new HttpSessionRequestCache());
            this.requestCaches.add(new CookieRequestCache());
        }

        public void saveRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            Iterator<RequestCache> it = this.requestCaches.iterator();
            while (it.hasNext()) {
                it.next().saveRequest(httpServletRequest, httpServletResponse);
            }
        }

        public SavedRequest getRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            Iterator<RequestCache> it = this.requestCaches.iterator();
            while (it.hasNext()) {
                SavedRequest request = it.next().getRequest(httpServletRequest, httpServletResponse);
                if (request != null) {
                    return request;
                }
            }
            return null;
        }

        public HttpServletRequest getMatchingRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            Iterator<RequestCache> it = this.requestCaches.iterator();
            while (it.hasNext()) {
                HttpServletRequest matchingRequest = it.next().getMatchingRequest(httpServletRequest, httpServletResponse);
                if (matchingRequest != null) {
                    return matchingRequest;
                }
            }
            return null;
        }

        public void removeRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            Iterator<RequestCache> it = this.requestCaches.iterator();
            while (it.hasNext()) {
                it.next().removeRequest(httpServletRequest, httpServletResponse);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpSecurity defaultSecurityConfig(HttpSecurity httpSecurity) throws Exception {
        if (Boolean.FALSE.equals(this.authorizationProperties.getCsrfEnabled())) {
            httpSecurity.csrf().disable();
        }
        corsConfiguration(httpSecurity);
        httpSecurity.authorizeRequests(authorizeRequest()).apply(new DefaultAuthorizationConfigurer(this.authorizationProperties, (AuthenticationCache) this.cacheObjectProvider.getIfAvailable(), this.authorizationConfigurerCustomizerObjectProvider)).needBearerTokenAuthenticationFilter(needCloudtBearerTokenAuthenticationFilter()).autoRenewalToken(autoRenewalToken()).and().apply(new SsoFilterConfigurer(this.authorizationSdkProperties)).setSsoProvider((SsoProvider) this.ssoProviderObjectProvider.getIfAvailable()).and().exceptionHandling(exceptionHandlingCustomizer()).sessionManagement(sessionManagementCustomizer()).headers(headersCustomizer());
        return httpSecurity;
    }

    protected Customizer<HeadersConfigurer<HttpSecurity>> headersCustomizer() {
        return headersConfigurer -> {
            headersConfigurer.frameOptions().sameOrigin();
        };
    }

    protected Customizer<SessionManagementConfigurer<HttpSecurity>> sessionManagementCustomizer() {
        return Boolean.FALSE.equals(this.authorizationProperties.getSessionEnabled()) ? sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        } : sessionManagementConfigurer2 -> {
            sessionManagementConfigurer2.sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED);
        };
    }

    protected void corsConfiguration(HttpSecurity httpSecurity) throws Exception {
        if (Boolean.FALSE.equals(this.authorizationProperties.getCorsEnabled())) {
            httpSecurity.cors().disable();
            return;
        }
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        for (AuthorizationProperties.CorsConfig corsConfig : this.authorizationProperties.getCors()) {
            CorsConfiguration corsConfiguration = new CorsConfiguration();
            Set<String> allowedOriginPatterns = corsConfig.getAllowedOriginPatterns();
            Objects.requireNonNull(corsConfiguration);
            allowedOriginPatterns.forEach(corsConfiguration::addAllowedOriginPattern);
            Set<String> allowedOrigins = corsConfig.getAllowedOrigins();
            Objects.requireNonNull(corsConfiguration);
            allowedOrigins.forEach(corsConfiguration::addAllowedOrigin);
            Set<String> allowedHeaders = corsConfig.getAllowedHeaders();
            Objects.requireNonNull(corsConfiguration);
            allowedHeaders.forEach(corsConfiguration::addAllowedHeader);
            Set<String> exposeHeaders = corsConfig.getExposeHeaders();
            Objects.requireNonNull(corsConfiguration);
            exposeHeaders.forEach(corsConfiguration::addExposedHeader);
            Set<String> allowedMethods = corsConfig.getAllowedMethods();
            Objects.requireNonNull(corsConfiguration);
            allowedMethods.forEach(corsConfiguration::addAllowedMethod);
            corsConfiguration.setAllowCredentials(Boolean.valueOf(corsConfig.isAllowCredentials()));
            urlBasedCorsConfigurationSource.registerCorsConfiguration(corsConfig.getPathMatcher(), corsConfiguration);
        }
        httpSecurity.cors(corsConfigurer -> {
            corsConfigurer.configurationSource(urlBasedCorsConfigurationSource);
        });
    }

    protected Customizer<ExceptionHandlingConfigurer<HttpSecurity>> exceptionHandlingCustomizer() {
        return exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(new DefaultAuthenticationEntryPointHandler(this.authorizationProperties.getLoginPage()));
            exceptionHandlingConfigurer.accessDeniedHandler(new DefaultAccessDeniedHandler());
        };
    }

    protected Customizer<ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry> authorizeRequest() {
        return expressionInterceptUrlRegistry -> {
            if (BooleanUtil.isTrue(this.authorizationProperties.getAnonymousEnabled())) {
                Set<String> rejectUris = getRejectUris();
                if (!rejectUris.isEmpty()) {
                    Set set = (Set) rejectUris.stream().filter(this::adapterMvcRequestMatch).collect(Collectors.toSet());
                    if (!set.isEmpty()) {
                        expressionInterceptUrlRegistry.mvcMatchers((String[]) set.toArray(i -> {
                            return new String[i];
                        })).authenticated();
                    }
                    Set set2 = (Set) rejectUris.stream().filter(str -> {
                        return (str == null || set.contains(str)) ? false : true;
                    }).collect(Collectors.toSet());
                    if (!set2.isEmpty()) {
                        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) expressionInterceptUrlRegistry.antMatchers((String[]) set2.toArray(i2 -> {
                            return new String[i2];
                        }))).authenticated();
                    }
                }
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) expressionInterceptUrlRegistry.anyRequest()).permitAll();
                return;
            }
            Set<String> allowUris = getAllowUris();
            if (!allowUris.isEmpty()) {
                Set set3 = (Set) allowUris.stream().filter(this::adapterMvcRequestMatch).collect(Collectors.toSet());
                if (!set3.isEmpty()) {
                    expressionInterceptUrlRegistry.mvcMatchers((String[]) set3.toArray(i3 -> {
                        return new String[i3];
                    })).permitAll();
                }
                Set set4 = (Set) allowUris.stream().filter(str2 -> {
                    return (str2 == null || set3.contains(str2)) ? false : true;
                }).collect(Collectors.toSet());
                if (!set4.isEmpty()) {
                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) expressionInterceptUrlRegistry.antMatchers((String[]) set4.toArray(i4 -> {
                        return new String[i4];
                    }))).permitAll();
                }
            }
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) expressionInterceptUrlRegistry.anyRequest()).authenticated();
        };
    }

    protected boolean adapterMvcRequestMatch(String str) {
        return str != null && str.indexOf("**") == str.length() - 2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Customizer<OAuth2ResourceServerConfigurer<HttpSecurity>> oauth2ResourceServer() {
        return (v0) -> {
            v0.jwt();
        };
    }

    protected Set<String> getRejectUris() {
        HashSet hashSet = new HashSet();
        hashSet.addAll(InterceptUri.getRejectUri());
        hashSet.addAll(this.authorizationProperties.getRejectList());
        return hashSet;
    }

    protected Set<String> getAllowUris() {
        HashSet hashSet = new HashSet();
        hashSet.addAll(InterceptUri.getAllowUri());
        hashSet.addAll(this.authorizationProperties.getAllowList());
        if (StringUtils.hasText(this.authorizationProperties.getLoginPage())) {
            hashSet.add(this.authorizationProperties.getLoginPage());
        }
        return hashSet;
    }

    protected boolean needCloudtBearerTokenAuthenticationFilter() {
        return true;
    }

    protected boolean autoRenewalToken() {
        return true;
    }

    public static RequestCache getRequestCache() {
        return new DelegateRequestCache();
    }

    @Autowired
    public void setAuthorizationProperties(AuthorizationProperties authorizationProperties) {
        this.authorizationProperties = authorizationProperties;
    }

    @Autowired
    public void setAuthorizationSdkProperties(AuthorizationSdkProperties authorizationSdkProperties) {
        this.authorizationSdkProperties = authorizationSdkProperties;
    }

    @Autowired
    public void setCacheObjectProvider(ObjectProvider<AuthenticationCache> objectProvider) {
        this.cacheObjectProvider = objectProvider;
    }

    @Autowired
    public void setSsoProviderObjectProvider(ObjectProvider<SsoProvider> objectProvider) {
        this.ssoProviderObjectProvider = objectProvider;
    }

    @Autowired
    public void setAuthorizationConfigurerCustomizerObjectProvider(ObjectProvider<AuthorizationConfigurerCustomizer> objectProvider) {
        this.authorizationConfigurerCustomizerObjectProvider = objectProvider;
    }
}
