package com.github.hippoom.wechat.mp.autoconfigure.security.web;

import com.github.hippoom.wechat.mp.security.web.RestAuthenticationEntryPoint;
import com.github.hippoom.wechat.mp.security.web.authentication.WeChatMpOAuth2AuthenticationProcessingFilter;
import com.github.hippoom.wechat.mp.security.web.authentication.WeChatMpOAuth2AuthenticationSuccessHandler;
import me.chanjar.weixin.mp.api.WxMpService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.csrf.CsrfAuthenticationStrategy;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

/* loaded from: input_file:com/github/hippoom/wechat/mp/autoconfigure/security/web/WeChatMpWebSecurityConfigurerAdapter.class */
public class WeChatMpWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

    @Autowired
    private WxMpService wxMpService;

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        configureAuthorizeRequests(defaultHttp(httpSecurity));
    }

    protected void configureAuthorizeRequests(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.antMatcher("/**").authorizeRequests().antMatchers(new String[]{"/rel/**/me"})).authenticated().anyRequest()).permitAll();
    }

    protected HttpSecurity defaultHttp(HttpSecurity httpSecurity) throws Exception {
        return httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and().csrf().requireCsrfProtectionMatcher(requireCsrfProtectionMatcher()).csrfTokenRepository(csrfTokenRepository()).and().addFilterAfter(weChatMpOAuth2AuthenticationProcessingFilter(this.wxMpService), CsrfFilter.class).exceptionHandling().authenticationEntryPoint(restAuthenticationEntryPoint()).and();
    }

    private AntPathRequestMatcher requireCsrfProtectionMatcher() {
        return new AntPathRequestMatcher("/rel/**/me");
    }

    @Bean
    protected CsrfTokenRepository csrfTokenRepository() {
        return CookieCsrfTokenRepository.withHttpOnlyFalse();
    }

    @Bean
    protected CsrfAuthenticationStrategy sessionAuthenticationStrategy() {
        return new CsrfAuthenticationStrategy(csrfTokenRepository());
    }

    @Bean
    protected RestAuthenticationEntryPoint restAuthenticationEntryPoint() {
        return new RestAuthenticationEntryPoint();
    }

    protected WeChatMpOAuth2AuthenticationProcessingFilter weChatMpOAuth2AuthenticationProcessingFilter(WxMpService wxMpService) {
        WeChatMpOAuth2AuthenticationProcessingFilter weChatMpOAuth2AuthenticationProcessingFilter = new WeChatMpOAuth2AuthenticationProcessingFilter("/wechat/oauth/token");
        weChatMpOAuth2AuthenticationProcessingFilter.setWxMpService(wxMpService);
        weChatMpOAuth2AuthenticationProcessingFilter.setAuthenticationSuccessHandler(new WeChatMpOAuth2AuthenticationSuccessHandler());
        weChatMpOAuth2AuthenticationProcessingFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy());
        return weChatMpOAuth2AuthenticationProcessingFilter;
    }

    public WxMpService getWxMpService() {
        return this.wxMpService;
    }
}
