package org.zodiac.security.config;

import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.http.HttpMethod;
import org.springframework.http.server.PathContainer;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
import org.springframework.security.web.server.authentication.ServerAuthenticationFailureHandler;
import org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler;
import org.springframework.security.web.server.authentication.ServerFormLoginAuthenticationConverter;
import org.springframework.security.web.server.context.ServerSecurityContextRepository;
import org.springframework.security.web.server.context.WebSessionServerSecurityContextRepository;
import org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.util.MultiValueMap;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.util.pattern.PathPattern;
import org.springframework.web.util.pattern.PathPatternParser;
import org.zodiac.commons.logging.SmartSlf4jLogger;
import org.zodiac.commons.logging.SmartSlf4jLoggerFactory;
import org.zodiac.commons.util.ArrayUtil;
import org.zodiac.commons.util.Colls;
import org.zodiac.commons.util.Strings;
import org.zodiac.commons.util.spring.Springs;
import org.zodiac.security.SecurityWebPermitedMatcher;
import org.zodiac.security.auth.authentication.reactive.DispatchServerAuthenticationFailureHandler;
import org.zodiac.security.auth.authentication.reactive.DispatchServerAuthenticationSuccessHandler;
import org.zodiac.security.constants.SecurityConstants;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/zodiac/security/config/ReactiveSecurityWebConfigurer.class */
public abstract class ReactiveSecurityWebConfigurer {
    protected final SmartSlf4jLogger log = SmartSlf4jLoggerFactory.getLogger(getClass());
    private final ConfigurableEnvironment environment;
    private final SecurityConfigInfo securityConfigInfo;

    @Resource
    private ServerFormLoginAuthenticationConverter serverFormLoginAuthenticationConverter;
    private ServerSecurityContextRepository securityContextRepository;
    private ServerAuthenticationFailureHandler authenticationFailureHandler;
    private ServerAuthenticationSuccessHandler authenticationSuccessHandler;

    public ReactiveSecurityWebConfigurer(ConfigurableEnvironment configurableEnvironment, SecurityConfigInfo securityConfigInfo, ObjectProvider<ServerSecurityContextRepository> objectProvider) {
        this.environment = configurableEnvironment;
        this.securityConfigInfo = securityConfigInfo;
        this.securityContextRepository = (ServerSecurityContextRepository) objectProvider.getIfAvailable(() -> {
            return new WebSessionServerSecurityContextRepository();
        });
    }

    public void setSecurityContextRepository(ServerSecurityContextRepository serverSecurityContextRepository) {
        this.securityContextRepository = serverSecurityContextRepository;
    }

    protected final ConfigurableEnvironment getEnvironment() {
        return this.environment;
    }

    protected final SecurityConfigInfo getSecurityConfigInfo() {
        return this.securityConfigInfo;
    }

    protected PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    protected ReactiveUserDetailsService userDetailsService(ObjectProvider<PasswordEncoder> objectProvider) {
        Collection<SecurityUserInfo> values = this.securityConfigInfo.getUsers().values();
        List list = Colls.list();
        for (SecurityUserInfo securityUserInfo : values) {
            list.add(getUserDetails(securityUserInfo, getOrDeducePassword(securityUserInfo, (PasswordEncoder) objectProvider.getIfAvailable())));
        }
        return new MapReactiveUserDetailsService((UserDetails[]) list.toArray(new UserDetails[0]));
    }

    protected ServerSecurityContextRepository securityContextRepository() {
        return this.securityContextRepository;
    }

    protected ReactiveAuthenticationManager authenticationManager() {
        return null;
    }

    protected ServerFormLoginAuthenticationConverter serverFormLoginAuthenticationConverter() {
        return new ServerFormLoginAuthenticationConverter() { // from class: org.zodiac.security.config.ReactiveSecurityWebConfigurer.1
            public Mono<Authentication> convert(ServerWebExchange serverWebExchange) {
                return serverWebExchange.getFormData().map(multiValueMap -> {
                    return createAuthentication(multiValueMap);
                });
            }

            private UsernamePasswordAuthenticationToken createAuthentication(MultiValueMap<String, String> multiValueMap) {
                return new UsernamePasswordAuthenticationToken((String) multiValueMap.getFirst(ReactiveSecurityWebConfigurer.this.securityConfigInfo.getWeb().getUsernameParameter()), (String) multiValueMap.getFirst(ReactiveSecurityWebConfigurer.this.securityConfigInfo.getWeb().getPasswordParameter()));
            }
        };
    }

    protected SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity serverHttpSecurity) throws Exception {
        configure(serverHttpSecurity);
        return serverHttpSecurity.build();
    }

    protected final void configure(ServerHttpSecurity serverHttpSecurity) throws Exception {
        this.log.info("Start reactive HTTP security configuration.");
        configureContextRepository(serverHttpSecurity);
        if (isDisableAuthentication(this.securityConfigInfo)) {
            authorizeAll(serverHttpSecurity);
        } else {
            authorizeGeneral(serverHttpSecurity);
            authorizeMatchedPermit(serverHttpSecurity);
            authorizeMatched(serverHttpSecurity);
        }
        this.log.info("End reactive HTTP security configuration.");
    }

    protected void configureContextRepository(ServerHttpSecurity serverHttpSecurity) {
        String securityContextKey = this.securityConfigInfo.getWeb().getSession().getSecurityContextKey();
        if (null != securityContextKey && WebSessionServerSecurityContextRepository.class.isAssignableFrom(this.securityContextRepository.getClass())) {
            this.securityContextRepository.setSpringSecurityContextAttrName(securityContextKey);
        }
        serverHttpSecurity.securityContextRepository(this.securityContextRepository);
    }

    protected final boolean isDisableAuthentication(SecurityConfigInfo securityConfigInfo) {
        return null != securityConfigInfo && securityConfigInfo.getWeb().isPermitAllUrls();
    }

    protected final void authorizeAll(ServerHttpSecurity serverHttpSecurity) throws Exception {
        ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) serverHttpSecurity.authorizeExchange().pathMatchers(new String[]{"/**"})).permitAll();
    }

    protected final void authorizeGeneral(ServerHttpSecurity serverHttpSecurity) throws Exception {
        String trimToNull = Strings.trimToNull(obtainLoginPage(this.securityConfigInfo));
        String trimToNull2 = Strings.trimToNull(obtainLogoutUrl(this.securityConfigInfo));
        if (Springs.isReactiveWeb()) {
        }
        Collection<SecurityWebPermitedMatcher> permitedMatchers = permitedMatchers();
        if (Colls.notEmptyColl(permitedMatchers)) {
            for (SecurityWebPermitedMatcher securityWebPermitedMatcher : permitedMatchers) {
                Iterator<HttpMethod> it = securityWebPermitedMatcher.getMethods().iterator();
                while (it.hasNext()) {
                    ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) serverHttpSecurity.authorizeExchange().pathMatchers(it.next(), securityWebPermitedMatcher.getAntPatterns())).permitAll();
                }
            }
        }
        serverHttpSecurity.authorizeExchange().anyExchange().authenticated();
        ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) serverHttpSecurity.formLogin().loginPage(trimToNull).and().authorizeExchange().pathMatchers(new String[]{trimToNull})).permitAll();
        if (null != trimToNull2) {
            ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) serverHttpSecurity.logout().logoutUrl(trimToNull2).and().authorizeExchange().pathMatchers(new String[]{trimToNull2})).permitAll();
        }
        serverHttpSecurity.formLogin().authenticationFailureHandler(obtainAuthenticationFailureHandler());
        serverHttpSecurity.formLogin().authenticationSuccessHandler(obtainAuthenticationSuccessHandler());
        serverHttpSecurity.logout().logoutHandler((webFilterExchange, authentication) -> {
            authentication.getAuthorities().clear();
            authentication.setAuthenticated(false);
            this.securityContextRepository.save(webFilterExchange.getExchange(), (SecurityContext) null);
            return Mono.empty();
        });
        SecurityCsrfInfo csrf = this.securityConfigInfo.getWeb().getCsrf();
        if (!csrf.isEnabled()) {
            serverHttpSecurity.csrf().disable();
        } else if (Colls.notEmptyColl(csrf.getIgnoredPatterns())) {
            serverHttpSecurity.csrf().requireCsrfProtectionMatcher(serverWebExchange -> {
                ServerHttpRequest request = serverWebExchange.getRequest();
                Map map = Colls.map();
                Iterator<String> it2 = csrf.getIgnoredPatterns().iterator();
                while (it2.hasNext()) {
                    PathPattern parse = new PathPatternParser().parse(it2.next());
                    PathContainer pathWithinApplication = request.getPath().pathWithinApplication();
                    if (parse.matches(pathWithinApplication)) {
                        return ServerWebExchangeMatcher.MatchResult.notMatch();
                    }
                    map.putAll(parse.matchAndExtract(pathWithinApplication).getUriVariables());
                }
                return ServerWebExchangeMatcher.MatchResult.match(map);
            });
        }
        serverHttpSecurity.headers().cache().disable().frameOptions(frameOptionsSpec -> {
            frameOptionsSpec.mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
        });
    }

    protected final void authorizeMatchedPermit(ServerHttpSecurity serverHttpSecurity) throws Exception {
        List<SecurityPermition> permits = this.securityConfigInfo.getWeb().getPermits();
        if (Colls.emptyColl(permits)) {
            return;
        }
        for (SecurityPermition securityPermition : permits) {
            if (!ArrayUtil.emptyArray(securityPermition.getPathPatterns())) {
                List<HttpMethod> methods = securityPermition.getMethods();
                ServerHttpSecurity.AuthorizeExchangeSpec authorizeExchange = serverHttpSecurity.authorizeExchange();
                if (Colls.emptyColl(methods)) {
                    authorizeExchange.pathMatchers(securityPermition.getPathPatterns());
                } else {
                    Iterator<HttpMethod> it = methods.iterator();
                    while (it.hasNext()) {
                        authorizeExchange.pathMatchers(it.next(), securityPermition.getPathPatterns());
                    }
                }
                boolean z = false;
                if (ArrayUtil.notEmptyArray(securityPermition.getRoles())) {
                    authorizeExchange.anyExchange().hasAnyRole(securityPermition.getRoles());
                    z = true;
                }
                if (ArrayUtil.notEmptyArray(securityPermition.getAuthorities())) {
                    authorizeExchange.anyExchange().hasAnyAuthority(securityPermition.getAuthorities());
                    z = true;
                }
                if (!z) {
                    ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) authorizeExchange.pathMatchers(new String[]{"/**"})).permitAll();
                }
            }
        }
    }

    protected final void authorizeMatched(ServerHttpSecurity serverHttpSecurity) throws Exception {
    }

    protected String obtainLoginPage(SecurityConfigInfo securityConfigInfo) {
        return Strings.trimTo((null == securityConfigInfo || !securityConfigInfo.getWeb().isCustomizedLoginPage()) ? null : securityConfigInfo.getWeb().getLoginPage(), "/login");
    }

    protected String obtainLoginProcessingUrl(SecurityConfigInfo securityConfigInfo) {
        if (null == securityConfigInfo || !securityConfigInfo.getWeb().isCustomizedProcessingUrl()) {
            return null;
        }
        return securityConfigInfo.getWeb().getLoginProcessingUrl();
    }

    protected String obtainRememberMeParameter(SecurityConfigInfo securityConfigInfo) {
        if (null == securityConfigInfo || !securityConfigInfo.getWeb().isCustomizedRememberMeParameter()) {
            return null;
        }
        return securityConfigInfo.getWeb().getRememberMeParameter();
    }

    protected String obtainLoginFailureForwardUrl(SecurityConfigInfo securityConfigInfo) {
        if (null == securityConfigInfo || !securityConfigInfo.getWeb().isCustomizedFailureForwardUrl()) {
            return null;
        }
        return securityConfigInfo.getWeb().getFailureForwardUrl();
    }

    protected String obtainLoginSuccessForwardUrl(SecurityConfigInfo securityConfigInfo) {
        if (null == securityConfigInfo || !securityConfigInfo.getWeb().isCustomizedSuccessForwardUrl()) {
            return null;
        }
        return securityConfigInfo.getWeb().getSuccessForwardUrl();
    }

    protected String obtainLogoutUrl(SecurityConfigInfo securityConfigInfo) {
        if (null == securityConfigInfo || !securityConfigInfo.getWeb().isCustomizedLogoutUrl()) {
            return null;
        }
        return securityConfigInfo.getWeb().getLogoutUrl();
    }

    protected Collection<SecurityWebPermitedMatcher> permitedMatchers() {
        return null;
    }

    protected ServerAuthenticationFailureHandler obtainAuthenticationFailureHandler() {
        if (null == this.authenticationFailureHandler) {
            this.authenticationFailureHandler = new DispatchServerAuthenticationFailureHandler(Strings.trimTo(obtainLoginFailureForwardUrl(this.securityConfigInfo), obtainLoginPage(this.securityConfigInfo)), this.securityConfigInfo.getWeb().isFailureRedirect());
        }
        return this.authenticationFailureHandler;
    }

    protected ServerAuthenticationSuccessHandler obtainAuthenticationSuccessHandler() {
        if (null == this.authenticationSuccessHandler) {
            this.authenticationSuccessHandler = new DispatchServerAuthenticationSuccessHandler(Strings.trimTo(obtainLoginSuccessForwardUrl(this.securityConfigInfo), "/"), this.securityConfigInfo.getWeb().isFailureRedirect());
        }
        return this.authenticationSuccessHandler;
    }

    protected String getOrDeducePassword(SecurityUserInfo securityUserInfo, PasswordEncoder passwordEncoder) {
        String password = securityUserInfo.getPassword();
        if (securityUserInfo.isPasswordGenerated()) {
            this.log.info(String.format("%n%nUsing generated security password: %s%n", securityUserInfo.getPassword()));
        }
        return (passwordEncoder != null || SecurityConstants.DEFAULT_PASSWORD_ALGORITHM_PATTERN.matcher(password).matches()) ? password : SecurityConstants.NOOP_PASSWORD_PREFIX + password;
    }

    private UserDetails getUserDetails(SecurityUserInfo securityUserInfo, String str) {
        return User.withUsername(securityUserInfo.getName()).password(str).roles(Strings.toStringArray(securityUserInfo.getRoles())).build();
    }

    private AuthenticationWebFilter authenticationWebFilter() {
        AuthenticationWebFilter authenticationWebFilter = new AuthenticationWebFilter(authenticationManager());
        authenticationWebFilter.setSecurityContextRepository(securityContextRepository());
        authenticationWebFilter.setServerAuthenticationConverter(this.serverFormLoginAuthenticationConverter);
        return authenticationWebFilter;
    }
}
