package cn.structure.starter.jwt.configuration;

import cn.structure.common.enums.NumberEnum;
import cn.structure.starter.jwt.interfaces.ICorsFilter;
import cn.structure.starter.jwt.interfaces.ITokenService;
import cn.structure.starter.jwt.interfaces.ITokenStore;
import cn.structure.starter.jwt.properties.JwtConfig;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:cn/structure/starter/jwt/configuration/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Resource
    private AuthenticationEntryPoint jwtAuthenticationEntryPoint;

    @Resource
    private AccessDeniedHandler accessDeniedHandler;

    @Resource
    private UserDetailsService userDetailsService;

    @Resource
    private PasswordEncoder passwordEncoder;

    @Resource
    private ITokenService tokenService;

    @Resource
    private JwtConfig jwtConfig;

    @Resource
    private ITokenStore tokenStore;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.userDetailsService(this.userDetailsService).passwordEncoder(this.passwordEncoder);
    }

    @Bean
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable().authorizeRequests();
        Map<String, List<String>> antMatchers = this.jwtConfig.getAntMatchers();
        if (antMatchers != null) {
            for (String str : antMatchers.keySet()) {
                if (str.equals("unAuthenticated")) {
                    Iterator<String> it = antMatchers.get(str).iterator();
                    while (it.hasNext()) {
                        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().authorizeRequests().antMatchers(new String[]{it.next()})).permitAll();
                    }
                } else {
                    String[] split = str.split("-");
                    if (split.length >= NumberEnum.TWO.getValue()) {
                        String str2 = split[NumberEnum.ZERO.getValue()];
                        String str3 = split[NumberEnum.ONE.getValue()];
                        List<String> list = antMatchers.get(str);
                        if (str2.equals("role")) {
                            Iterator<String> it2 = list.iterator();
                            while (it2.hasNext()) {
                                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().authorizeRequests().antMatchers(new String[]{it2.next()})).hasRole(str3);
                            }
                        }
                        if (str2.equals("auth")) {
                            Iterator<String> it3 = list.iterator();
                            while (it3.hasNext()) {
                                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().authorizeRequests().antMatchers(new String[]{it3.next()})).hasAuthority(str3);
                            }
                        }
                    }
                }
            }
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).authenticated().and().exceptionHandling().accessDeniedHandler(this.accessDeniedHandler).authenticationEntryPoint(this.jwtAuthenticationEntryPoint).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        httpSecurity.addFilterBefore(new JwtRequestFilter(this.tokenService, this.jwtConfig, this.tokenStore), UsernamePasswordAuthenticationFilter.class);
        httpSecurity.addFilterBefore((ICorsFilter) Class.forName(this.jwtConfig.getCorsFilterClass()).newInstance(), JwtRequestFilter.class);
    }
}
