package cn.home1.oss.lib.security.starter;

import cn.home1.oss.boot.autoconfigure.AppProperties;
import cn.home1.oss.boot.autoconfigure.AppSecurity;
import cn.home1.oss.boot.autoconfigure.AppSecurityProperties;
import cn.home1.oss.boot.autoconfigure.AppType;
import cn.home1.oss.boot.autoconfigure.ConditionalOnAppSecurity;
import cn.home1.oss.boot.autoconfigure.ConditionalOnAppType;
import cn.home1.oss.boot.autoconfigure.OnAppTypeCondition;
import cn.home1.oss.lib.common.crypto.Cryptos;
import cn.home1.oss.lib.common.crypto.EncodeCipher;
import cn.home1.oss.lib.common.crypto.KeyExpression;
import cn.home1.oss.lib.common.crypto.Rsa;
import cn.home1.oss.lib.common.crypto.RsaKey;
import cn.home1.oss.lib.errorhandle.api.ResolvedError;
import cn.home1.oss.lib.errorhandle.internal.RestfulExceptionHandler;
import cn.home1.oss.lib.security.api.BaseUserDetailsAuthenticationProvider;
import cn.home1.oss.lib.security.api.GenericUser;
import cn.home1.oss.lib.security.crypto.ReentrantBCryptPasswordEncoder;
import cn.home1.oss.lib.security.internal.preauth.PreAuthTokenCookieClearingLogoutHandler;
import cn.home1.oss.lib.security.internal.rest.RestfulAuthenticationEntryPoint;
import cn.home1.oss.lib.security.internal.rest.RestfulAuthenticationFailureHandler;
import cn.home1.oss.lib.security.internal.rest.RestfulAuthenticationSuccessHandler;
import cn.home1.oss.lib.security.internal.rest.RestfulLoginDisabledFilter;
import cn.home1.oss.lib.security.internal.rest.RestfulLoginPublicKeyFilter;
import cn.home1.oss.lib.security.internal.rest.RestfulLogoutDisabledFilter;
import cn.home1.oss.lib.security.internal.rest.RestfulLogoutSuccessHandler;
import cn.home1.oss.lib.security.internal.template.TemplateAuthenticationEntryPoint;
import cn.home1.oss.lib.security.internal.template.TemplateAuthenticationFailureHandler;
import cn.home1.oss.lib.security.internal.template.TemplateAuthenticationLogoutSuccessHandler;
import cn.home1.oss.lib.security.internal.template.TemplateAuthenticationSuccessHandler;
import cn.home1.oss.lib.webmvc.api.TypeSafeCookie;
import cn.home1.oss.lib.webmvc.api.TypeSafeToken;
import cn.home1.oss.lib.webmvc.internal.DefaultHttpEntityMethodProcessor;
import com.google.common.base.Preconditions;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.security.Http401AuthenticationEntryPoint;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.EncryptDefaultLoginPageConfigurer;
import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
@Order(FormAuthConfiguration.ORDER_FORM_AUTH)
/* loaded from: input_file:cn/home1/oss/lib/security/starter/FormAuthConfiguration.class */
public class FormAuthConfiguration extends SecurityConfigurerAdapter<FormAuthConfiguration> {
    public static final int ORDER_FORM_AUTH = 2147483633;
    public static final String LOGIN_CIPHER = "loginCipher";
    public static final String FORM_AUTHENTICATION_ENTRYPOINT = "formAuthenticationEntryPoint";

    @Autowired
    private AppProperties appProperties;

    @Autowired
    private Environment environment;

    @Autowired
    private RestfulExceptionHandler exceptionHandler;

    @Autowired
    @Qualifier("resolvedErrorCookie")
    private TypeSafeCookie<ResolvedError> resolvedErrorCookie;

    @Autowired(required = false)
    @Qualifier(GenericUser.GENERIC_USER_COOKIE)
    private TypeSafeCookie<GenericUser> genericUserCookie;

    @Autowired(required = false)
    @Qualifier(GenericUser.GENERIC_USER_TOKEN)
    private TypeSafeToken<GenericUser> genericUserToken;

    @Autowired
    private DefaultHttpEntityMethodProcessor httpEntityMethodProcessor;

    @Autowired
    private ServerProperties serverProperties;

    @Autowired(required = false)
    private BaseUserDetailsAuthenticationProvider userDetailsAuthenticationProvider;

    @Override // cn.home1.oss.lib.security.starter.SecurityConfigurerAdapter, cn.home1.oss.lib.security.starter.SecurityConfigurer
    public void configure(HttpSecurity httpSecurity) {
        String str;
        AuthenticationEntryPoint formAuthenticationEntryPoint = formAuthenticationEntryPoint();
        if (formAuthenticationEntryPoint != null) {
            httpSecurity.exceptionHandling().authenticationEntryPoint(formAuthenticationEntryPoint);
        }
        AppType type = this.appProperties.getType();
        AppSecurityProperties security = this.appProperties.getSecurity();
        if (!security.getEnabled().booleanValue() || type == AppType.RESOURCE) {
            httpSecurity.formLogin().disable().logout().disable();
            if (type == AppType.MIXED || type == AppType.RESTFUL) {
                httpSecurity.addFilterBefore(loginDisabledFilter(), UsernamePasswordAuthenticationFilter.class).addFilterBefore(logoutDisabledFilter(), RestfulLoginDisabledFilter.class);
            }
        } else {
            Preconditions.checkState(this.userDetailsAuthenticationProvider != null, "must define a bean that extends " + BaseUserDetailsAuthenticationProvider.class.getName() + " to enable form authentication");
            KeyExpression loginKey = security.getLoginKey();
            if (loginKey.isPresent().booleanValue()) {
                EncodeCipher encodeCipher = (Rsa) Cryptos.cipher(loginKey);
                this.userDetailsAuthenticationProvider.setCipher(encodeCipher);
                str = RsaKey.extractPublicKey(encodeCipher.getEncryptor().getKey().getKeyExpression());
            } else {
                str = "";
            }
            Boolean useDefaultLoginPage = security.useDefaultLoginPage(this.environment);
            httpSecurity.apply(new EncryptDefaultLoginPageConfigurer(security.getLoginPage(), str, useDefaultLoginPage, this.exceptionHandler.getExceptionResolver(), this.resolvedErrorCookie));
            FormLoginConfigurer formLogin = httpSecurity.formLogin();
            if (!useDefaultLoginPage.booleanValue()) {
                formLogin.loginPage(security.getLoginPage());
            }
            formLogin.loginProcessingUrl(security.getLoginProcessingUrl()).failureHandler(authenticationFailureHandler()).successHandler(authenticationSuccessHandler()).and().logout().logoutUrl(security.getLogoutUrl()).addLogoutHandler(logoutHandler()).logoutSuccessHandler(logoutSuccessHandler());
        }
        RestfulLoginPublicKeyFilter restfulLoginPublicKeyFilter = restfulLoginPublicKeyFilter();
        if (restfulLoginPublicKeyFilter != null) {
            httpSecurity.addFilterBefore(restfulLoginPublicKeyFilter, UsernamePasswordAuthenticationFilter.class);
        }
    }

    @ConditionalOnAppType({AppType.MIXED, AppType.RESTFUL, AppType.TEMPLATE})
    @Bean
    @ConditionalOnAppSecurity(AppSecurity.ENABLED)
    public PreAuthTokenCookieClearingLogoutHandler logoutHandler() {
        return new PreAuthTokenCookieClearingLogoutHandler();
    }

    public LogoutSuccessHandler logoutSuccessHandler() {
        return this.appProperties.getType() == AppType.TEMPLATE ? TemplateAuthenticationLogoutSuccessHandler.templateLogoutSuccessHandler() : new RestfulLogoutSuccessHandler();
    }

    public RestfulLoginPublicKeyFilter restfulLoginPublicKeyFilter() {
        RestfulLoginPublicKeyFilter restfulLoginPublicKeyFilter;
        AppSecurityProperties security = this.appProperties.getSecurity();
        if (security.getEnabled().booleanValue() && OnAppTypeCondition.matches(this.appProperties.getType(), new AppType[]{AppType.MIXED, AppType.RESTFUL}).booleanValue() && security.getLoginKey().isPresent().booleanValue()) {
            String loginPublicKeyUrl = security.getLoginPublicKeyUrl();
            restfulLoginPublicKeyFilter = new RestfulLoginPublicKeyFilter(new RsaKey(security.getLoginKey()).getPublicKey());
            restfulLoginPublicKeyFilter.setEnvironment(this.environment);
            restfulLoginPublicKeyFilter.setExceptionHandler(this.exceptionHandler);
            restfulLoginPublicKeyFilter.setHttpEntityMethodProcessor(this.httpEntityMethodProcessor);
            restfulLoginPublicKeyFilter.setRequestMatcher(new AntPathRequestMatcher(loginPublicKeyUrl, HttpMethod.GET.name()));
        } else {
            restfulLoginPublicKeyFilter = null;
        }
        return restfulLoginPublicKeyFilter;
    }

    public RestfulLoginDisabledFilter loginDisabledFilter() {
        RestfulLoginDisabledFilter restfulLoginDisabledFilter;
        AppSecurityProperties security = this.appProperties.getSecurity();
        if (security.getEnabled().booleanValue() || !OnAppTypeCondition.matches(this.appProperties.getType(), new AppType[]{AppType.MIXED, AppType.RESTFUL}).booleanValue()) {
            restfulLoginDisabledFilter = null;
        } else {
            restfulLoginDisabledFilter = new RestfulLoginDisabledFilter();
            restfulLoginDisabledFilter.setEnvironment(this.environment);
            restfulLoginDisabledFilter.setFilterProcessesUrl(security.getLoginProcessingUrl());
            restfulLoginDisabledFilter.setPostOnly(true);
            restfulLoginDisabledFilter.setExceptionHandler(this.exceptionHandler);
        }
        return restfulLoginDisabledFilter;
    }

    public RestfulLogoutDisabledFilter logoutDisabledFilter() {
        RestfulLogoutDisabledFilter restfulLogoutDisabledFilter;
        AppSecurityProperties security = this.appProperties.getSecurity();
        if (security.getEnabled().booleanValue() || !OnAppTypeCondition.matches(this.appProperties.getType(), new AppType[]{AppType.MIXED, AppType.RESTFUL}).booleanValue()) {
            restfulLogoutDisabledFilter = null;
        } else {
            restfulLogoutDisabledFilter = new RestfulLogoutDisabledFilter();
            restfulLogoutDisabledFilter.setEnvironment(this.environment);
            restfulLogoutDisabledFilter.setFilterProcessesUrl(security.getLogoutUrl());
            restfulLogoutDisabledFilter.setExceptionHandler(this.exceptionHandler);
        }
        return restfulLogoutDisabledFilter;
    }

    @ConditionalOnAppType({AppType.MIXED, AppType.RESTFUL, AppType.TEMPLATE})
    @Bean
    @ConditionalOnAppSecurity(AppSecurity.ENABLED)
    public AuthenticationFailureHandler authenticationFailureHandler() {
        AppType type = this.appProperties.getType();
        AppSecurityProperties security = this.appProperties.getSecurity();
        String authFailureHandler = security.getAuthFailureHandler();
        String loginPage = security.getLoginPage();
        return StringUtils.isBlank(authFailureHandler) ? type == AppType.TEMPLATE ? TemplateAuthenticationFailureHandler.templateFailureHandler(loginPage, this.exceptionHandler.getExceptionResolver(), this.resolvedErrorCookie) : RestfulAuthenticationFailureHandler.restfulFailureHandler(this.exceptionHandler) : "restful".equalsIgnoreCase(authFailureHandler) ? RestfulAuthenticationFailureHandler.restfulFailureHandler(this.exceptionHandler) : TemplateAuthenticationFailureHandler.templateFailureHandler(loginPage, this.exceptionHandler.getExceptionResolver(), this.resolvedErrorCookie);
    }

    @ConditionalOnAppType({AppType.MIXED, AppType.RESTFUL, AppType.TEMPLATE})
    @Bean
    @ConditionalOnAppSecurity(AppSecurity.ENABLED)
    public AuthenticationSuccessHandler authenticationSuccessHandler() {
        AppType type = this.appProperties.getType();
        String authSucessHandler = this.appProperties.getSecurity().getAuthSucessHandler();
        return StringUtils.isBlank(authSucessHandler) ? type == AppType.TEMPLATE ? TemplateAuthenticationSuccessHandler.templateSuccessHandler("/") : RestfulAuthenticationSuccessHandler.restfulSuccessHandler(this.genericUserCookie, this.exceptionHandler, this.httpEntityMethodProcessor, this.genericUserToken) : "restful".equalsIgnoreCase(authSucessHandler) ? RestfulAuthenticationSuccessHandler.restfulSuccessHandler(this.genericUserCookie, this.exceptionHandler, this.httpEntityMethodProcessor, this.genericUserToken) : TemplateAuthenticationSuccessHandler.templateSuccessHandler(authSucessHandler);
    }

    @Bean(name = {FORM_AUTHENTICATION_ENTRYPOINT})
    public AuthenticationEntryPoint formAuthenticationEntryPoint() {
        AuthenticationEntryPoint http403ForbiddenEntryPoint;
        AppType type = this.appProperties.getType();
        AppSecurityProperties security = this.appProperties.getSecurity();
        String authEntryPoint = security.getAuthEntryPoint();
        String loginPage = security.getLoginPage();
        if (StringUtils.isBlank(authEntryPoint)) {
            http403ForbiddenEntryPoint = type == AppType.TEMPLATE ? security.useDefaultLoginPage(this.environment).booleanValue() ? null : TemplateAuthenticationEntryPoint.templateEntryPoint(loginPage, this.exceptionHandler.getExceptionResolver(), this.resolvedErrorCookie) : RestfulAuthenticationEntryPoint.restfulEntryPoint(this.exceptionHandler);
        } else if ("401".equals(authEntryPoint)) {
            String name = this.serverProperties.getSession().getCookie().getName();
            http403ForbiddenEntryPoint = new Http401AuthenticationEntryPoint("Session realm=\"" + (StringUtils.isNotBlank(name) ? name : "JSESSIONID") + "\"");
        } else {
            http403ForbiddenEntryPoint = "403".equals(authEntryPoint) ? new Http403ForbiddenEntryPoint() : "loginPage".equalsIgnoreCase(authEntryPoint) ? TemplateAuthenticationEntryPoint.templateEntryPoint(loginPage, this.exceptionHandler.getExceptionResolver(), this.resolvedErrorCookie) : RestfulAuthenticationEntryPoint.restfulEntryPoint(this.exceptionHandler);
        }
        return http403ForbiddenEntryPoint;
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new ReentrantBCryptPasswordEncoder();
    }
}
