package top.dcenter.ums.security.core.config;

import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.ServletContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.lang.NonNull;
import org.springframework.lang.Nullable;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.csrf.CsrfFilter;
import top.dcenter.ums.security.core.api.authentication.handler.BaseAuthenticationFailureHandler;
import top.dcenter.ums.security.core.api.authentication.handler.BaseAuthenticationSuccessHandler;
import top.dcenter.ums.security.core.api.config.HttpSecurityAware;
import top.dcenter.ums.security.core.api.logout.DefaultLogoutSuccessHandler;
import top.dcenter.ums.security.core.api.service.AbstractUserDetailsService;
import top.dcenter.ums.security.core.auth.filter.AjaxOrFormRequestFilter;
import top.dcenter.ums.security.core.auth.provider.UsernamePasswordAuthenticationProvider;
import top.dcenter.ums.security.core.consts.SecurityConstants;
import top.dcenter.ums.security.core.properties.ClientProperties;

@Configuration
@EnableWebSecurity
@AutoConfigureAfter({SecurityAutoConfiguration.class, SmsCodeLoginAuthenticationAutoConfigurerAware.class, ClientAutoConfigurerAware.class, CsrfAutoConfigurerAware.class, RememberMeAutoConfigurerAware.class, SessionAutoConfigurerAware.class, ValidateCodeAutoConfigurerAware.class})
/* loaded from: input_file:top/dcenter/ums/security/core/config/SecurityCoreAutoConfigurer.class */
public class SecurityCoreAutoConfigurer extends WebSecurityConfigurerAdapter {
    private static final Logger log = LoggerFactory.getLogger(SecurityCoreAutoConfigurer.class);
    private final ClientProperties clientProperties;
    private final BaseAuthenticationSuccessHandler baseAuthenticationSuccessHandler;
    private final BaseAuthenticationFailureHandler baseAuthenticationFailureHandler;
    private final ObjectMapper objectMapper;
    private final UsernamePasswordAuthenticationProvider usernamePasswordAuthenticationProvider;
    private final DefaultLogoutSuccessHandler defaultLogoutSuccessHandler;
    private final PasswordEncoder passwordEncoder;

    @Autowired(required = false)
    private Map<String, HttpSecurityAware> socialWebSecurityConfigurerMap;

    @Autowired(required = false)
    private AbstractUserDetailsService abstractUserDetailsService;

    public SecurityCoreAutoConfigurer(ClientProperties clientProperties, BaseAuthenticationSuccessHandler baseAuthenticationSuccessHandler, BaseAuthenticationFailureHandler baseAuthenticationFailureHandler, ObjectMapper objectMapper, UsernamePasswordAuthenticationProvider usernamePasswordAuthenticationProvider, DefaultLogoutSuccessHandler defaultLogoutSuccessHandler, PasswordEncoder passwordEncoder) {
        this.clientProperties = clientProperties;
        this.baseAuthenticationSuccessHandler = baseAuthenticationSuccessHandler;
        this.baseAuthenticationFailureHandler = baseAuthenticationFailureHandler;
        this.objectMapper = objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        this.usernamePasswordAuthenticationProvider = usernamePasswordAuthenticationProvider;
        this.defaultLogoutSuccessHandler = defaultLogoutSuccessHandler;
        this.passwordEncoder = passwordEncoder;
    }

    public void configure(WebSecurity webSecurity) {
        webSecurity.ignoring().antMatchers((String[]) Objects.requireNonNullElseGet(this.clientProperties.getIgnoringUrls(), () -> {
            return new String[0];
        }));
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        if (this.abstractUserDetailsService == null) {
            throw new RuntimeException("必须实现 AbstractUserDetailsService 或 top.dcenter.security.social.api.service.AbstractSocialUserDetailsService 抽象类");
        }
        authenticationManagerBuilder.userDetailsService(this.abstractUserDetailsService).passwordEncoder(this.passwordEncoder);
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        HashMap hashMap = new HashMap(16);
        HashMap hashMap2 = new HashMap(16);
        groupingAuthorizeRequestUris(httpSecurity, hashMap, hashMap2);
        String[] strArr = set2ArrayByType(hashMap, HttpSecurityAware.PERMIT_ALL);
        String[] strArr2 = set2ArrayByType(hashMap, HttpSecurityAware.DENY_ALL);
        String[] strArr3 = set2ArrayByType(hashMap, HttpSecurityAware.ANONYMOUS);
        String[] strArr4 = set2ArrayByType(hashMap, HttpSecurityAware.AUTHENTICATED);
        String[] strArr5 = set2ArrayByType(hashMap, HttpSecurityAware.FULLY_AUTHENTICATED);
        String[] strArr6 = set2ArrayByType(hashMap, HttpSecurityAware.REMEMBER_ME);
        Map<String, String[]> mapPlusByType = toMapPlusByType(hashMap2, HttpSecurityAware.HAS_ROLE);
        Map<String, String[]> mapPlusByType2 = toMapPlusByType(hashMap2, HttpSecurityAware.HAS_ANY_ROLE);
        Map<String, String[]> mapPlusByType3 = toMapPlusByType(hashMap2, HttpSecurityAware.HAS_AUTHORITY);
        Map<String, String[]> mapPlusByType4 = toMapPlusByType(hashMap2, HttpSecurityAware.HAS_ANY_AUTHORITY);
        Map<String, String[]> mapPlusByType5 = toMapPlusByType(hashMap2, HttpSecurityAware.HAS_IP_ADDRESS);
        httpSecurity.addFilterBefore(new AjaxOrFormRequestFilter(this.objectMapper), CsrfFilter.class);
        String loginUnAuthenticationUrl = this.clientProperties.getLoginUnAuthenticationUrl();
        if (!this.clientProperties.getOpenAuthenticationRedirect().booleanValue()) {
            loginUnAuthenticationUrl = this.clientProperties.getLogoutUrl();
        }
        httpSecurity.authenticationProvider(this.usernamePasswordAuthenticationProvider).formLogin().usernameParameter(this.clientProperties.usernameParameter).passwordParameter(this.clientProperties.passwordParameter).loginPage(loginUnAuthenticationUrl).failureUrl(this.clientProperties.getFailureUrl()).defaultSuccessUrl(this.clientProperties.getSuccessUrl()).loginProcessingUrl(this.clientProperties.getLoginProcessingUrl()).successHandler(this.baseAuthenticationSuccessHandler).failureHandler(this.baseAuthenticationFailureHandler);
        anonymousConfigurer(httpSecurity);
        urlAuthorizationConfigurer(httpSecurity, strArr, strArr2, strArr3, strArr4, strArr5, strArr6, mapPlusByType, mapPlusByType2, mapPlusByType3, mapPlusByType4, mapPlusByType5);
        logoutConfigurer(httpSecurity);
        if (this.clientProperties.getSameOrigin().booleanValue()) {
            httpSecurity.headers().frameOptions().sameOrigin();
        }
        if (this.socialWebSecurityConfigurerMap != null) {
            Iterator<HttpSecurityAware> it = this.socialWebSecurityConfigurerMap.values().iterator();
            while (it.hasNext()) {
                it.next().postConfigure(httpSecurity);
            }
        }
    }

    private void anonymousConfigurer(HttpSecurity httpSecurity) throws Exception {
        ClientProperties.AnonymousProperties anonymous = this.clientProperties.getAnonymous();
        String[] strArr = new String[anonymous.getAuthorities().size()];
        anonymous.getAuthorities().toArray(strArr);
        if (anonymous.getAnonymousIsOpen().booleanValue()) {
            httpSecurity.anonymous().principal(anonymous.getPrincipal()).authorities(strArr);
        } else {
            httpSecurity.anonymous().disable();
        }
    }

    private void logoutConfigurer(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.logout().logoutUrl(this.clientProperties.getLogoutUrl()).logoutSuccessHandler(this.defaultLogoutSuccessHandler).logoutSuccessUrl(this.clientProperties.getLogoutSuccessUrl()).deleteCookies(new String[]{this.clientProperties.getRememberMe().getRememberMeCookieName(), this.clientProperties.getSession().getSessionCookieName()}).clearAuthentication(true).invalidateHttpSession(true);
    }

    private void urlAuthorizationConfigurer(HttpSecurity httpSecurity, String[] strArr, String[] strArr2, String[] strArr3, String[] strArr4, String[] strArr5, String[] strArr6, Map<String, String[]> map, Map<String, String[]> map2, Map<String, String[]> map3, Map<String, String[]> map4, Map<String, String[]> map5) throws Exception {
        ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests = httpSecurity.authorizeRequests();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(strArr)).permitAll().antMatchers(strArr2)).denyAll().antMatchers(strArr3)).anonymous().antMatchers(strArr4)).authenticated().antMatchers(strArr5)).fullyAuthenticated().antMatchers(strArr6)).rememberMe();
        map.forEach((str, strArr7) -> {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{str})).hasRole(strArr7[0]);
        });
        map2.forEach((str2, strArr8) -> {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{str2})).hasAnyRole(strArr8);
        });
        map3.forEach((str3, strArr9) -> {
            for (String str3 : strArr9) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{str3})).hasAuthority(str3);
            }
        });
        map4.forEach((str4, strArr10) -> {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{str4})).hasAnyAuthority(strArr10);
        });
        map5.forEach((str5, strArr11) -> {
            for (String str5 : strArr11) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{str5})).hasIpAddress(str5);
            }
        });
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.anyRequest()).authenticated();
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    private String[] set2ArrayByType(Map<String, Set<String>> map, String str) {
        Set<String> set = map.get(str);
        if (set == null) {
            return new String[0];
        }
        String[] strArr = new String[set.size()];
        set.toArray(strArr);
        if (log.isDebugEnabled()) {
            log.debug("{} = {}", str, Arrays.toString(strArr));
        }
        return strArr;
    }

    private Map<String, String[]> toMapPlusByType(Map<String, Map<String, Set<String>>> map, String str) {
        Map<String, Set<String>> map2 = map.get(str);
        return map2 != null ? (Map) map2.entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            Set set = (Set) entry.getValue();
            return (String[]) set.toArray(new String[set.size()]);
        })) : new HashMap(0);
    }

    private void groupingAuthorizeRequestUris(@NonNull HttpSecurity httpSecurity, @NonNull Map<String, Set<String>> map, @NonNull Map<String, Map<String, Set<String>>> map2) throws Exception {
        if (this.socialWebSecurityConfigurerMap != null) {
            for (HttpSecurityAware httpSecurityAware : this.socialWebSecurityConfigurerMap.values()) {
                httpSecurityAware.preConfigure(httpSecurity);
                Map<String, Map<String, Set<String>>> authorizeRequestMap = httpSecurityAware.getAuthorizeRequestMap();
                groupByMap(map, authorizeRequestMap, HttpSecurityAware.PERMIT_ALL);
                groupByMap(map, authorizeRequestMap, HttpSecurityAware.DENY_ALL);
                groupByMap(map, authorizeRequestMap, HttpSecurityAware.ANONYMOUS);
                groupByMap(map, authorizeRequestMap, HttpSecurityAware.AUTHENTICATED);
                groupByMap(map, authorizeRequestMap, HttpSecurityAware.FULLY_AUTHENTICATED);
                groupByMap(map, authorizeRequestMap, HttpSecurityAware.REMEMBER_ME);
                groupByMapPlus(map2, authorizeRequestMap, HttpSecurityAware.HAS_ROLE);
                groupByMapPlus(map2, authorizeRequestMap, HttpSecurityAware.HAS_ANY_ROLE);
                groupByMapPlus(map2, authorizeRequestMap, HttpSecurityAware.HAS_AUTHORITY);
                groupByMapPlus(map2, authorizeRequestMap, HttpSecurityAware.HAS_ANY_AUTHORITY);
                groupByMapPlus(map2, authorizeRequestMap, HttpSecurityAware.HAS_IP_ADDRESS);
            }
            ((ServletContext) Objects.requireNonNull(getApplicationContext().getServletContext())).setAttribute(SecurityConstants.SERVLET_CONTEXT_AUTHORIZE_REQUESTS_MAP_KEY, map);
        }
    }

    private void groupByMap(@NonNull Map<String, Set<String>> map, @Nullable Map<String, Map<String, Set<String>>> map2, @NonNull String str) {
        Map<String, Set<String>> map3;
        if (map2 == null || (map3 = map2.get(str)) == null) {
            return;
        }
        Set<String> keySet = map3.keySet();
        map.compute(str, (str2, set) -> {
            if (set == null) {
                set = new HashSet(keySet.size());
            }
            set.addAll(keySet);
            return set;
        });
    }

    private void groupByMapPlus(@NonNull Map<String, Map<String, Set<String>>> map, @Nullable Map<String, Map<String, Set<String>>> map2, @NonNull String str) {
        if (map2 != null) {
            Map<String, Set<String>> map3 = map2.get(str);
            if (map3 == null) {
                map3 = new HashMap(0);
            }
            Map<String, Set<String>> map4 = map3;
            map.compute(str, (str2, map5) -> {
                if (map5 == null) {
                    map5 = new HashMap(map4.size());
                }
                map5.putAll(map4);
                return map5;
            });
        }
    }
}
