package cn.home1.oss.lib.security.starter;

import cn.home1.oss.lib.security.CsrfHeaderFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.csrf.CsrfTokenRepository;

@Configuration
@Order(CsrfConfiguration.ORDER_CSRF)
/* loaded from: input_file:cn/home1/oss/lib/security/starter/CsrfConfiguration.class */
public class CsrfConfiguration extends SecurityConfigurerAdapter<CsrfConfiguration> {
    public static final int ORDER_CSRF = -98;

    @Autowired(required = false)
    private SecurityProperties securityProperties;

    @Override // cn.home1.oss.lib.security.starter.SecurityConfigurerAdapter, cn.home1.oss.lib.security.starter.SecurityConfigurer
    public void configure(HttpSecurity httpSecurity) {
        if (this.securityProperties == null || !this.securityProperties.isEnableCsrf()) {
            httpSecurity.csrf().disable();
        } else {
            httpSecurity.csrf().csrfTokenRepository(csrfTokenRepository()).and().addFilterAfter(new CsrfHeaderFilter(), CsrfFilter.class);
        }
        if (this.securityProperties == null || !this.securityProperties.getHeaders().isXss()) {
            httpSecurity.headers().xssProtection().disable();
        } else {
            httpSecurity.headers().xssProtection().xssProtectionEnabled(true);
        }
    }

    private CsrfTokenRepository csrfTokenRepository() {
        CookieCsrfTokenRepository cookieCsrfTokenRepository = new CookieCsrfTokenRepository();
        cookieCsrfTokenRepository.setCookieHttpOnly(true);
        cookieCsrfTokenRepository.setHeaderName("X-XSRF-TOKEN");
        cookieCsrfTokenRepository.setParameterName("_csrf");
        return cookieCsrfTokenRepository;
    }
}
