package cn.home1.oss.lib.security.starter;

import cn.home1.oss.boot.autoconfigure.AppProperties;
import cn.home1.oss.boot.autoconfigure.AppSecurity;
import cn.home1.oss.boot.autoconfigure.AppSecurityProperties;
import cn.home1.oss.boot.autoconfigure.ConditionalOnAppSecurity;
import cn.home1.oss.lib.common.crypto.Cryptos;
import cn.home1.oss.lib.common.crypto.EncodeCipher;
import cn.home1.oss.lib.common.crypto.Jwt;
import cn.home1.oss.lib.security.api.BaseUserDetailsAuthenticationProvider;
import cn.home1.oss.lib.security.api.GenericUser;
import cn.home1.oss.lib.security.internal.preauth.PreAuthTestUserFilter;
import cn.home1.oss.lib.security.internal.preauth.PreAuthTokenAuthenticationProvider;
import cn.home1.oss.lib.security.internal.preauth.PreAuthTokenFilter;
import cn.home1.oss.lib.security.internal.preauth.PreAuthTokenProcessingFilter;
import cn.home1.oss.lib.webmvc.api.DomainResolver;
import cn.home1.oss.lib.webmvc.api.JsonToken;
import cn.home1.oss.lib.webmvc.api.JsonWebToken;
import cn.home1.oss.lib.webmvc.api.RequestResolver;
import cn.home1.oss.lib.webmvc.api.SecureToken;
import cn.home1.oss.lib.webmvc.api.TokenBasedCookie;
import cn.home1.oss.lib.webmvc.api.TypeSafeCookie;
import cn.home1.oss.lib.webmvc.api.TypeSafeToken;
import cn.home1.oss.lib.webmvc.api.UrlEncodedToken;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;

@ConfigurationProperties(prefix = "app.security")
@Configuration
@Order(PreAuthConfiguration.ORDER_PRE_AUTH)
/* loaded from: input_file:cn/home1/oss/lib/security/starter/PreAuthConfiguration.class */
public class PreAuthConfiguration extends SecurityConfigurerAdapter<PreAuthConfiguration> {
    private static final Logger log = LoggerFactory.getLogger(PreAuthConfiguration.class);
    public static final int ORDER_PRE_AUTH = 2147483644;
    static final String PRE_AUTH_AUTHENTICATION_PROVIDER = "preAuthAuthenticationProvider";

    @Autowired
    private AppProperties appProperties;

    @Autowired
    private DomainResolver domainResolver;

    @Autowired
    private Environment environment;

    @Autowired
    private ObjectMapper objectMapper;

    @Autowired(required = false)
    @Qualifier(PermitedRequestConfiguration.PERMITED_REQUEST_MATCHER)
    private RequestMatcher permitedRequestMatcher;

    @Autowired
    private RequestResolver requestResolver;

    @Autowired
    private ServerProperties serverProperties;

    @Autowired(required = false)
    private BaseUserDetailsAuthenticationProvider userDetailsAuthenticationProvider;

    public static int getMaxAge(ServerProperties serverProperties) {
        Integer maxAge = serverProperties.getSession().getCookie().getMaxAge();
        return maxAge != null ? maxAge.intValue() : (int) TimeUnit.DAYS.toSeconds(1L);
    }

    @Override // cn.home1.oss.lib.security.starter.SecurityConfigurerAdapter, cn.home1.oss.lib.security.starter.SecurityConfigurer
    public void configure(HttpSecurity httpSecurity) {
        if (this.appProperties.getSecurityEnabled().booleanValue()) {
            httpSecurity.addFilterBefore(preAuthTokenFilter(), UsernamePasswordAuthenticationFilter.class);
            if (!this.appProperties.getSecurityUseTestUser().booleanValue()) {
                httpSecurity.addFilterAfter(preAuthTokenProcessingFilter(), BasicAuthenticationFilter.class);
            } else {
                httpSecurity.addFilterAfter(preAuthTestUserFilter(), BasicAuthenticationFilter.class);
                httpSecurity.addFilterAfter(preAuthTokenProcessingFilter(), PreAuthTestUserFilter.class);
            }
        }
    }

    @Bean(name = {GenericUser.GENERIC_USER_COOKIE})
    public TypeSafeCookie<GenericUser> genericUserCookie() {
        return new TokenBasedCookie(this.domainResolver, true, getMaxAge(this.serverProperties), "generic_user", false, genericUserToken());
    }

    @Bean(name = {GenericUser.GENERIC_USER_TOKEN})
    public TypeSafeToken<GenericUser> genericUserToken() {
        AppSecurityProperties security = this.appProperties.getSecurity();
        TypeSafeToken jsonToken = new JsonToken(GenericUser.class, this.objectMapper);
        Jwt cipher = Cryptos.cipher(security.getJwtKey());
        if (cipher != null) {
            jsonToken = new JsonWebToken(jsonToken, cipher, getMaxAge(this.serverProperties));
        } else {
            log.warn("INSECURE ! JwtKey not set. Using plain text token.");
        }
        EncodeCipher cipher2 = Cryptos.cipher(security.getCookieKey());
        if (cipher2 != null) {
            jsonToken = new SecureToken(jsonToken, cipher2);
        }
        return new UrlEncodedToken(jsonToken);
    }

    public PreAuthTokenFilter preAuthTokenFilter() {
        PreAuthTokenFilter preAuthTokenFilter = new PreAuthTokenFilter();
        preAuthTokenFilter.setCookie(genericUserCookie());
        preAuthTokenFilter.setEnvironment(this.environment);
        preAuthTokenFilter.setPermitedRequestMatcher(this.permitedRequestMatcher);
        preAuthTokenFilter.setToken(genericUserToken());
        return preAuthTokenFilter;
    }

    public PreAuthTokenProcessingFilter preAuthTokenProcessingFilter() {
        PreAuthTokenProcessingFilter preAuthTokenProcessingFilter = new PreAuthTokenProcessingFilter();
        preAuthTokenProcessingFilter.setEnvironment(this.environment);
        return preAuthTokenProcessingFilter;
    }

    public PreAuthTestUserFilter preAuthTestUserFilter() {
        PreAuthTestUserFilter preAuthTestUserFilter;
        if (this.appProperties.getSecurityUseTestUser().booleanValue()) {
            preAuthTestUserFilter = new PreAuthTestUserFilter(this.appProperties.getSecurityDefaultTestUser(), this.userDetailsAuthenticationProvider.initTestUsers());
            preAuthTestUserFilter.setEnvironment(this.environment);
            preAuthTestUserFilter.setToken(genericUserToken());
        } else {
            this.userDetailsAuthenticationProvider.deleteTestUsers();
            preAuthTestUserFilter = null;
        }
        return preAuthTestUserFilter;
    }

    @Bean(name = {PRE_AUTH_AUTHENTICATION_PROVIDER})
    @ConditionalOnAppSecurity(AppSecurity.ENABLED)
    public AuthenticationProvider preAuthAuthenticationProvider() {
        return new PreAuthTokenAuthenticationProvider(Boolean.FALSE);
    }
}
