package net.takela.common.security;

import java.util.ArrayList;
import net.takela.common.security.filter.AuthFilterSecurityInterceptor;
import net.takela.common.security.filter.LoginFilter;
import net.takela.common.security.filter.RequestParamSignAuthFilter;
import net.takela.common.security.filter.TokenAuthFilter;
import net.takela.common.security.handler.AuthDeniedHandler;
import net.takela.common.security.handler.AuthEntryPoint;
import net.takela.common.security.handler.AuthFailureHandler;
import net.takela.common.security.handler.AuthSuccessHandler;
import net.takela.common.security.handler.PermissionVoter;
import net.takela.common.security.service.AuthSecurityMetadataSource;
import net.takela.common.security.service.AuthTokenManager;
import net.takela.common.security.service.SysFunctionLoadService;
import net.takela.common.security.service.TokenRememberServiceImpl;
import net.takela.common.security.service.TokenRepositoryImpl;
import net.takela.common.security.service.UserAuthTokenService;
import net.takela.common.security.service.UserAuthTokenServiceImpl;
import net.takela.common.security.service.UserDetailServiceImpl;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.rememberme.AbstractRememberMeServices;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;

@Configuration
/* loaded from: input_file:net/takela/common/security/SecurityAutoConfig.class */
public class SecurityAutoConfig {

    @Value("${auth.token.key}")
    private String authTokenKey;

    @ConfigurationProperties(prefix = "auth.token")
    @ConditionalOnMissingBean({AuthTokenManager.class})
    @Bean
    @Order(1)
    public AuthTokenManager authTokenManager() {
        return new AuthTokenManager();
    }

    @ConditionalOnMissingBean({UserDetailsService.class})
    @Bean
    public UserDetailsService userDetailsService() {
        return new UserDetailServiceImpl();
    }

    @ConditionalOnMissingBean({UserAuthTokenService.class})
    @Bean
    public UserAuthTokenService userAuthTokenService() {
        return new UserAuthTokenServiceImpl();
    }

    @ConditionalOnMissingBean({AbstractRememberMeServices.class})
    @Bean
    public AbstractRememberMeServices rememberMeServices(UserDetailsService userDetailsService, UserAuthTokenService userAuthTokenService) {
        return new TokenRememberServiceImpl(this.authTokenKey, userDetailsService, userAuthTokenService);
    }

    @ConditionalOnMissingBean({AuthenticationSuccessHandler.class})
    @Bean
    public AuthSuccessHandler authenticationSuccessHandler() {
        return new AuthSuccessHandler(authTokenManager(), userAuthTokenService());
    }

    @ConditionalOnMissingBean({AuthenticationFailureHandler.class})
    @Bean
    public AuthenticationFailureHandler authenticationFailureHandler() {
        return new AuthFailureHandler();
    }

    @ConditionalOnMissingBean({SysFunctionLoadService.class})
    @Bean
    public SysFunctionLoadService sysFunctionLoadService() {
        return new SysFunctionLoadService();
    }

    @ConditionalOnMissingBean({RequestParamSignAuthFilter.class})
    @ConfigurationProperties(prefix = "auth.param.sign")
    @Bean
    public RequestParamSignAuthFilter requestParamSignAuthFilter() {
        return new RequestParamSignAuthFilter();
    }

    @ConditionalOnMissingBean({TokenAuthFilter.class})
    @Bean
    public TokenAuthFilter tokenAuthFilter(AuthTokenManager authTokenManager, SecurityProperties securityProperties) {
        return new TokenAuthFilter(authTokenManager, securityProperties);
    }

    @ConfigurationProperties(prefix = "auth.spring-security")
    @Bean
    public SecurityProperties securityProperties() {
        return new SecurityProperties();
    }

    @ConditionalOnMissingBean({AuthFilterSecurityInterceptor.class})
    @Bean
    public AuthFilterSecurityInterceptor authFilterSecurityInterceptor(AuthenticationConfiguration authenticationConfiguration, SysFunctionLoadService sysFunctionLoadService, SecurityProperties securityProperties) throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new PermissionVoter());
        AuthFilterSecurityInterceptor authFilterSecurityInterceptor = new AuthFilterSecurityInterceptor(securityProperties);
        authFilterSecurityInterceptor.setSecurityMetadataSource(new AuthSecurityMetadataSource(sysFunctionLoadService.getRequestConfigMap()));
        authFilterSecurityInterceptor.setAccessDecisionManager(new AffirmativeBased(arrayList));
        authFilterSecurityInterceptor.setAuthenticationManager(authenticationConfiguration.getAuthenticationManager());
        authFilterSecurityInterceptor.afterPropertiesSet();
        return authFilterSecurityInterceptor;
    }

    @Bean
    public WebSecurityCustomizer webSecurityCustomizer(SecurityProperties securityProperties) {
        return webSecurity -> {
            webSecurity.debug(true).ignoring().requestMatchers((String[]) securityProperties.getAnonymousUrls().toArray(new String[0]));
        };
    }

    @Bean
    PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public PersistentTokenRepository persistentTokenRepository() {
        return new TokenRepositoryImpl();
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity, SecurityProperties securityProperties, TokenAuthFilter tokenAuthFilter, RequestParamSignAuthFilter requestParamSignAuthFilter, AuthFilterSecurityInterceptor authFilterSecurityInterceptor, AuthenticationConfiguration authenticationConfiguration, AuthTokenManager authTokenManager, AuthenticationSuccessHandler authenticationSuccessHandler, AuthenticationFailureHandler authenticationFailureHandler) throws Exception {
        httpSecurity.csrf(csrfConfigurer -> {
            csrfConfigurer.disable();
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers((String[]) securityProperties.getPermitUrls().toArray(new String[0]))).permitAll().anyRequest()).authenticated();
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.defaultAuthenticationEntryPointFor(new AuthEntryPoint(), AnyRequestMatcher.INSTANCE).accessDeniedHandler(new AuthDeniedHandler()).authenticationEntryPoint(new AuthEntryPoint());
        }).addFilterBefore(tokenAuthFilter, UsernamePasswordAuthenticationFilter.class).addFilterAfter(requestParamSignAuthFilter, FilterSecurityInterceptor.class).addFilterAfter(authFilterSecurityInterceptor, FilterSecurityInterceptor.class);
        if (securityProperties.getLoginEnabled().booleanValue()) {
            httpSecurity.addFilterAt(new LoginFilter(authenticationConfiguration.getAuthenticationManager(), authTokenManager, authenticationSuccessHandler, authenticationFailureHandler), UsernamePasswordAuthenticationFilter.class);
        }
        return (SecurityFilterChain) httpSecurity.build();
    }
}
