package org.zodiac.security.config;

import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.MessageSource;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationEventPublisher;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.annotation.web.configurers.LogoutConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.zodiac.commons.logging.SmartSlf4jLogger;
import org.zodiac.commons.logging.SmartSlf4jLoggerFactory;
import org.zodiac.commons.util.Colls;
import org.zodiac.commons.util.spring.Springs;
import org.zodiac.sdk.toolkit.util.lang.ArrayUtil;
import org.zodiac.sdk.toolkit.util.lang.StrUtil;
import org.zodiac.security.SecurityWebPermitedMatcher;
import org.zodiac.security.auth.authentication.servlet.DefaultServletUsernamePasswordAuthenticationHandler;
import org.zodiac.security.auth.authentication.servlet.DispatchAuthenticationFailureHandler;
import org.zodiac.security.auth.authentication.servlet.DispatchAuthenticationSuccessHandler;
import org.zodiac.security.auth.authentication.servlet.SecurityRememberMeServices;
import org.zodiac.security.auth.authentication.servlet.SecurityTokenBasedRememberMeServices;
import org.zodiac.security.auth.authentication.servlet.ServletAuthenticationHandler;
import org.zodiac.security.constants.SecurityConstants;

/* loaded from: input_file:org/zodiac/security/config/SecurityWebConfigurer.class */
public abstract class SecurityWebConfigurer extends WebSecurityConfigurerAdapter {
    protected final SmartSlf4jLogger log;

    @Autowired(required = false)
    private ConfigurableEnvironment environment;

    @Autowired(required = false)
    private SecurityConfigInfo securityConfigInfo;

    @Autowired(required = false)
    private PasswordEncoder passwordEncoder;

    @Autowired(required = false)
    private UserDetailsService userDetailsService;

    @Autowired
    private AuthenticationProvider authenticationProvider;

    @Autowired(required = false)
    @Qualifier(SecurityConstants.SPRING_SECURITY_MESSAGE_SOURCE_BEAN_NAME)
    protected MessageSource springSecurityMessageSource;
    private AuthenticationFailureHandler authenticationFailureHandler;
    private AuthenticationSuccessHandler authenticationSuccessHandler;

    public SecurityWebConfigurer() {
        this.log = SmartSlf4jLoggerFactory.getLogger(getClass());
    }

    public SecurityWebConfigurer(boolean z) {
        super(z);
        this.log = SmartSlf4jLoggerFactory.getLogger(getClass());
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        Set<String> ignoredUrls = this.securityConfigInfo.getWeb().getIgnoredUrls();
        if (Colls.emptyColl(ignoredUrls)) {
            return;
        }
        ignoredUrls.forEach(str -> {
            String trimToNull = StrUtil.trimToNull(str);
            if (null != trimToNull) {
                webSecurity.ignoring().antMatchers(new String[]{StrUtil.trimToEmpty(trimToNull)});
            }
        });
        SecurityHttpFirewallInfo firewall = this.securityConfigInfo.getWeb().getFirewall();
        if (firewall.isCustomized()) {
            StrictHttpFirewall strictHttpFirewall = new StrictHttpFirewall();
            strictHttpFirewall.setAllowBackSlash(firewall.isAllowBackSlash());
            strictHttpFirewall.setAllowSemicolon(firewall.isAllowSemicolon());
            strictHttpFirewall.setAllowUrlEncodedPercent(firewall.isAllowUrlEncodedPercent());
            strictHttpFirewall.setAllowUrlEncodedPeriod(firewall.isAllowUrlEncodedPeriod());
            strictHttpFirewall.setAllowUrlEncodedSlash(firewall.isAllowUrlEncodedSlash());
            strictHttpFirewall.setUnsafeAllowAnyHttpMethod(firewall.isUnsafeAllowAnyHttpMethod());
            if (Colls.notEmptyColl(firewall.getAllowedHttpMethods())) {
                strictHttpFirewall.setAllowedHttpMethods(firewall.getAllowedHttpMethods());
            }
            webSecurity.httpFirewall(strictHttpFirewall);
        }
    }

    protected ServletAuthenticationHandler authenticationHandler(AuthenticationFailureHandler authenticationFailureHandler, AuthenticationSuccessHandler authenticationSuccessHandler, AuthenticationManager authenticationManager, UserDetailsService userDetailsService, SecurityRememberMeServices securityRememberMeServices, SessionAuthenticationStrategy sessionAuthenticationStrategy, ApplicationEventPublisher applicationEventPublisher, AuthenticationDetailsSource<HttpServletRequest, WebAuthenticationDetails> authenticationDetailsSource) {
        return new DefaultServletUsernamePasswordAuthenticationHandler(this.securityConfigInfo, authenticationFailureHandler, authenticationSuccessHandler, authenticationManager, userDetailsService, securityRememberMeServices, sessionAuthenticationStrategy, applicationEventPublisher, authenticationDetailsSource);
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        super.configure(authenticationManagerBuilder);
        authenticationManagerBuilder.inMemoryAuthentication().passwordEncoder(this.passwordEncoder).and().userDetailsService(this.userDetailsService).and().authenticationProvider(this.authenticationProvider);
    }

    protected final void configure(HttpSecurity httpSecurity) throws Exception {
        this.log.info("Start HTTP security configuration.");
        if (isDisableAuthentication()) {
            authorizeAll(httpSecurity);
        } else {
            authorizeGeneral(httpSecurity);
        }
        this.log.info("End HTTP security configuration.");
    }

    protected final ConfigurableEnvironment getEnvironment() {
        return this.environment;
    }

    protected AuthenticationFailureHandler authenticationFailureHandler() {
        return obtainAuthenticationFailureHandler();
    }

    protected AuthenticationSuccessHandler authenticationSuccessHandler() {
        return obtainAuthenticationSuccessHandler();
    }

    protected AuthenticationManager authenticationManager(ObjectProvider<AuthenticationProvider> objectProvider, ObjectProvider<AuthenticationEventPublisher> objectProvider2) throws Exception {
        ProviderManager providerManager = new ProviderManager((List) objectProvider.stream().collect(Collectors.toList()));
        providerManager.setMessageSource(this.springSecurityMessageSource);
        AuthenticationEventPublisher authenticationEventPublisher = (AuthenticationEventPublisher) objectProvider2.getIfAvailable();
        if (null != authenticationEventPublisher) {
            providerManager.setAuthenticationEventPublisher(authenticationEventPublisher);
        }
        return providerManager;
    }

    protected SecurityRememberMeServices rememberMeServices(UserDetailsService userDetailsService) {
        return new SecurityTokenBasedRememberMeServices(this.securityConfigInfo.getRememberMeKey(), userDetailsService).setRememberMe(this.securityConfigInfo.isRememberMe());
    }

    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new SessionFixationProtectionStrategy();
    }

    protected AuthenticationDetailsSource<HttpServletRequest, WebAuthenticationDetails> authenticationDetailsSource() {
        return new WebAuthenticationDetailsSource();
    }

    protected void configureContextRepository(HttpSecurity httpSecurity) {
        if (null == ((SecurityContextRepository) httpSecurity.getSharedObject(SecurityContextRepository.class))) {
            HttpSessionSecurityContextRepository httpSessionSecurityContextRepository = new HttpSessionSecurityContextRepository();
            String securityContextKey = this.securityConfigInfo.getWeb().getSession().getSecurityContextKey();
            if (null != securityContextKey) {
                httpSessionSecurityContextRepository.setSpringSecurityContextKey(securityContextKey);
            }
            httpSecurity.setSharedObject(SecurityContextRepository.class, httpSessionSecurityContextRepository);
        }
    }

    protected final boolean isDisableAuthentication() {
        return null != this.securityConfigInfo && this.securityConfigInfo.getWeb().isPermitAllUrls();
    }

    protected final void authorizeAll(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).permitAll();
    }

    protected final void authorizeGeneral(HttpSecurity httpSecurity) throws Exception {
        String trimToNull = StrUtil.trimToNull(obtainLoginPage());
        String trimToNull2 = StrUtil.trimToNull(obtainLoginProcessingUrl());
        String trimToNull3 = StrUtil.trimToNull(obtainLogoutUrl());
        if (Springs.isServletWeb()) {
        }
        Collection<SecurityWebPermitedMatcher> permitedMatchers = permitedMatchers();
        if (Colls.notEmptyColl(permitedMatchers)) {
            for (SecurityWebPermitedMatcher securityWebPermitedMatcher : permitedMatchers) {
                Iterator<HttpMethod> it = securityWebPermitedMatcher.getMethods().iterator();
                while (it.hasNext()) {
                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(it.next(), securityWebPermitedMatcher.getAntPatterns())).permitAll();
                }
            }
        }
        httpSecurity.formLogin().usernameParameter(this.securityConfigInfo.getWeb().getUsernameParameter()).passwordParameter(this.securityConfigInfo.getWeb().getPasswordParameter());
        if (null != trimToNull) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.formLogin().loginPage(trimToNull).and().authorizeRequests().antMatchers(new String[]{trimToNull})).permitAll();
            if (null != trimToNull2) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.formLogin().loginProcessingUrl(trimToNull2).and().authorizeRequests().antMatchers(new String[]{trimToNull})).permitAll();
            } else {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.formLogin().loginProcessingUrl("/login").and().authorizeRequests().antMatchers(new String[]{"/login"})).permitAll();
            }
        }
        if (null != trimToNull3) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.logout().logoutUrl(trimToNull3).and().authorizeRequests().antMatchers(new String[]{trimToNull3})).permitAll();
        }
        authorizeMatchedPermit(httpSecurity);
        authorizeMatched(httpSecurity);
        if (this.securityConfigInfo.getWeb().isPermitFully()) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).fullyAuthenticated();
        } else {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).authenticated();
        }
        LogoutConfigurer logout = httpSecurity.logout();
        logout.clearAuthentication(true).invalidateHttpSession(true).deleteCookies(new String[]{"SESSION"});
        if (this.securityConfigInfo.isRememberMe()) {
            httpSecurity.rememberMe().rememberMeParameter(this.securityConfigInfo.getWeb().getRememberMeParameter()).rememberMeCookieName(this.securityConfigInfo.getWeb().getRememberMeCookieName());
            logout.deleteCookies(new String[]{this.securityConfigInfo.getWeb().getRememberMeCookieName()});
        }
        SecurityCsrfInfo csrf = this.securityConfigInfo.getWeb().getCsrf();
        if (!csrf.isEnabled()) {
            httpSecurity.csrf().disable();
        } else if (Colls.notEmptyColl(csrf.getIgnoredPatterns())) {
            httpSecurity.csrf().ignoringAntMatchers((String[]) csrf.getIgnoredPatterns().toArray(ArrayUtil.EMPTY_STRING_ARRAY));
        }
        httpSecurity.headers().cacheControl().disable().frameOptions().sameOrigin();
    }

    protected final void authorizeMatchedPermit(HttpSecurity httpSecurity) throws Exception {
        List<SecurityPermition> permits = this.securityConfigInfo.getWeb().getPermits();
        if (Colls.emptyColl(permits)) {
            return;
        }
        for (SecurityPermition securityPermition : permits) {
            if (!ArrayUtil.isEmptyArray(securityPermition.getPathPatterns())) {
                List<HttpMethod> methods = securityPermition.getMethods();
                ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests = httpSecurity.authorizeRequests();
                List<ExpressionUrlAuthorizationConfigurer.AuthorizedUrl> list = Colls.list();
                if (Colls.emptyColl(methods)) {
                    list.add(authorizeRequests.antMatchers(securityPermition.getPathPatterns()));
                } else {
                    Iterator<HttpMethod> it = methods.iterator();
                    while (it.hasNext()) {
                        list.add(authorizeRequests.antMatchers(it.next(), securityPermition.getPathPatterns()));
                    }
                }
                for (ExpressionUrlAuthorizationConfigurer.AuthorizedUrl authorizedUrl : list) {
                    if (ArrayUtil.isNotEmptyArray(securityPermition.getRoles())) {
                        authorizedUrl.hasAnyRole(securityPermition.getRoles());
                    }
                    if (ArrayUtil.isNotEmptyArray(securityPermition.getAuthorities())) {
                        authorizedUrl.hasAnyAuthority(securityPermition.getAuthorities());
                    }
                    if (Colls.notEmptyColl(securityPermition.getIpExpressions())) {
                        Iterator<String> it2 = securityPermition.getIpExpressions().iterator();
                        while (it2.hasNext()) {
                            authorizedUrl.hasIpAddress(it2.next());
                        }
                    }
                    authorizedUrl.permitAll();
                }
            }
        }
    }

    protected final void authorizeMatched(HttpSecurity httpSecurity) throws Exception {
    }

    protected String obtainLoginPage() {
        return (null == this.securityConfigInfo || !this.securityConfigInfo.getWeb().isCustomizedLoginPage()) ? null : this.securityConfigInfo.getWeb().getLoginPage();
    }

    protected String obtainLoginProcessingUrl() {
        return (null == this.securityConfigInfo || !this.securityConfigInfo.getWeb().isCustomizedProcessingUrl()) ? null : this.securityConfigInfo.getWeb().getLoginProcessingUrl();
    }

    protected String obtainRememberMeParameter() {
        if (null == this.securityConfigInfo || !this.securityConfigInfo.getWeb().isCustomizedRememberMeParameter()) {
            return null;
        }
        return this.securityConfigInfo.getWeb().getRememberMeParameter();
    }

    protected String obtainLoginFailureForwardUrl() {
        if (null == this.securityConfigInfo || !this.securityConfigInfo.getWeb().isCustomizedFailureForwardUrl()) {
            return null;
        }
        return this.securityConfigInfo.getWeb().getFailureForwardUrl();
    }

    protected String obtainLoginSuccessForwardUrl() {
        if (null == this.securityConfigInfo || !this.securityConfigInfo.getWeb().isCustomizedSuccessForwardUrl()) {
            return null;
        }
        return this.securityConfigInfo.getWeb().getSuccessForwardUrl();
    }

    protected String obtainLogoutUrl() {
        if (null == this.securityConfigInfo || !this.securityConfigInfo.getWeb().isCustomizedLogoutUrl()) {
            return null;
        }
        return this.securityConfigInfo.getWeb().getLogoutUrl();
    }

    protected Collection<SecurityWebPermitedMatcher> permitedMatchers() {
        return null;
    }

    protected AuthenticationFailureHandler obtainAuthenticationFailureHandler() {
        if (null == this.authenticationFailureHandler) {
            this.authenticationFailureHandler = new DispatchAuthenticationFailureHandler(StrUtil.trimTo(obtainLoginFailureForwardUrl(), StrUtil.trimTo(obtainLoginPage(), "/login")), this.securityConfigInfo.getWeb().isFailureRedirect());
        }
        return this.authenticationFailureHandler;
    }

    protected AuthenticationSuccessHandler obtainAuthenticationSuccessHandler() {
        if (null == this.authenticationSuccessHandler) {
            this.authenticationSuccessHandler = new DispatchAuthenticationSuccessHandler(StrUtil.trimTo(obtainLoginSuccessForwardUrl(), "/"), this.securityConfigInfo.getWeb().isFailureRedirect());
        }
        return this.authenticationSuccessHandler;
    }
}
