package com.bizunited.nebula.security.local.config;

import com.bizunited.nebula.common.filters.CleanupTenantFilter;
import com.bizunited.nebula.security.local.login.DefaultAuthenticationUserEventListener;
import com.bizunited.nebula.security.local.login.NebulaSecurityAuthenticationFailureHandler;
import com.bizunited.nebula.security.local.login.NebulaSecurityAuthenticationSuccessHandler;
import com.bizunited.nebula.security.local.login.SimpleNebulaSecurityAuthenticationSuccessPrinter;
import com.bizunited.nebula.security.local.loginform.SimpleLoginValidateStrategy;
import com.bizunited.nebula.security.local.transform.JwtSecurityAuthorizationFilter;
import com.bizunited.nebula.security.local.voter.DefaultAuthenticationCompetenceEventListener;
import com.bizunited.nebula.security.local.voter.NebulaSecurityAccessDecisionVoter;
import com.bizunited.nebula.security.local.voter.SimpleAccessDeniedHandler;
import com.bizunited.nebula.security.sdk.config.CustomFilterAfterConfig;
import com.bizunited.nebula.security.sdk.config.CustomFilterBeforeConfig;
import com.bizunited.nebula.security.sdk.config.NebulaWebSecurityConfigurerAdapter;
import com.bizunited.nebula.security.sdk.config.SimpleSecurityProperties;
import com.bizunited.nebula.security.sdk.event.AuthenticationCompetenceEventListener;
import com.bizunited.nebula.security.sdk.event.AuthenticationUserEventListener;
import com.bizunited.nebula.security.sdk.loginform.LoginDetails;
import com.bizunited.nebula.security.sdk.password.Aes2PasswordEncoder;
import com.google.common.collect.Lists;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.CollectionUtils;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.CorsUtils;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Configuration
@EnableWebSecurity
@ComponentScan(basePackages = {"com.bizunited.nebula.security"})
/* loaded from: input_file:com/bizunited/nebula/security/local/config/SecurityConfigAutoConfiguration.class */
public class SecurityConfigAutoConfiguration {

    @Autowired
    @Lazy
    private AuthenticationConfiguration authenticationConfiguration;

    @Autowired
    private SimpleSecurityProperties simpleSecurityProperties;

    @Autowired
    @Lazy
    private AuthenticationDetailsSource<HttpServletRequest, LoginDetails> authenticationDetailsSource;

    @Autowired
    @Lazy
    private AuthenticationSuccessHandler authenticationSuccessHandler;

    @Autowired
    @Lazy
    private AuthenticationFailureHandler authenticationFailureHandler;

    @Autowired
    @Lazy
    private LogoutSuccessHandler logoutSuccessHandler;

    @Autowired
    @Lazy
    private SimpleAccessDeniedHandler simpleAccessDeniedHandler;

    @Autowired(required = false)
    private NebulaWebSecurityConfigurerAdapter nebulaWebSecurityConfigurerAdapter;

    @Autowired
    private JwtSecurityAuthorizationFilter jwtSecurityAuthorizationFilter;

    @Autowired
    @Lazy
    private AccessDecisionManager accessDecisionManager;

    @Autowired
    private CleanupTenantFilter cleanupTenantFilter;

    @Autowired(required = false)
    private List<CustomFilterBeforeConfig> customFilterBeforeConfigs;

    @Autowired(required = false)
    private List<CustomFilterAfterConfig> customFilterAfterConfigs;
    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityConfigAutoConfiguration.class);

    @Bean
    public AuthenticationManager authenticationManager() throws Exception {
        return this.authenticationConfiguration.getAuthenticationManager();
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        String loginUrl = this.simpleSecurityProperties.getLoginUrl();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.cors().configurationSource(corsConfigurationSource()).and().headers().frameOptions().disable().and().sessionManagement().enableSessionUrlRewriting(true).and().authorizeRequests().requestMatchers(new RequestMatcher[]{CorsUtils::isPreFlightRequest})).permitAll().anyRequest()).authenticated().and().authorizeRequests().accessDecisionManager(this.accessDecisionManager).and().exceptionHandling().authenticationEntryPoint(this.simpleAccessDeniedHandler).accessDeniedHandler(this.simpleAccessDeniedHandler).and().formLogin().loginPage(loginUrl).loginProcessingUrl(loginUrl).successHandler(this.authenticationSuccessHandler).failureHandler(this.authenticationFailureHandler).authenticationDetailsSource(this.authenticationDetailsSource).permitAll().and().logout().logoutUrl(this.simpleSecurityProperties.getLogoutUrl()).logoutSuccessHandler(this.logoutSuccessHandler).permitAll().and().csrf().disable().addFilterBefore(this.jwtSecurityAuthorizationFilter, UsernamePasswordAuthenticationFilter.class).addFilterBefore(this.cleanupTenantFilter, JwtSecurityAuthorizationFilter.class);
        if (!CollectionUtils.isEmpty(this.customFilterBeforeConfigs)) {
            Iterator<CustomFilterBeforeConfig> it = this.customFilterBeforeConfigs.iterator();
            while (it.hasNext()) {
                httpSecurity.addFilterBefore(it.next().getCustomFilterBefore(), UsernamePasswordAuthenticationFilter.class);
            }
        }
        if (!CollectionUtils.isEmpty(this.customFilterAfterConfigs)) {
            Iterator<CustomFilterAfterConfig> it2 = this.customFilterAfterConfigs.iterator();
            while (it2.hasNext()) {
                httpSecurity.addFilterAfter(it2.next().getCustomFilterAfter(), FilterSecurityInterceptor.class);
            }
        }
        if (this.nebulaWebSecurityConfigurerAdapter != null) {
            this.nebulaWebSecurityConfigurerAdapter.configure(httpSecurity);
        }
        return (SecurityFilterChain) httpSecurity.build();
    }

    private CorsConfigurationSource corsConfigurationSource() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowedOriginPatterns(Arrays.asList("*"));
        corsConfiguration.setAllowedMethods(Arrays.asList("*"));
        corsConfiguration.setAllowedHeaders(Arrays.asList("*"));
        corsConfiguration.setAllowCredentials(true);
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return urlBasedCorsConfigurationSource;
    }

    @ConditionalOnMissingBean
    @Bean
    public NebulaSecurityAccessDecisionVoter getNebulaSecurityAccessDecisionVoter() {
        return new NebulaSecurityAccessDecisionVoter();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Bean
    public AccessDecisionManager accessDecisionManager(NebulaSecurityAccessDecisionVoter nebulaSecurityAccessDecisionVoter) {
        return new AffirmativeBased(Lists.newArrayList(new AccessDecisionVoter[]{nebulaSecurityAccessDecisionVoter}));
    }

    @ConditionalOnMissingBean
    @Bean({"nebulaSecurityAuthenticationSuccessHandler"})
    public AuthenticationSuccessHandler getAuthenticationSuccessHandler() {
        return new NebulaSecurityAuthenticationSuccessHandler();
    }

    @ConditionalOnMissingBean
    @Bean({"nebulaSecurityAuthenticationFailureHandler"})
    public AuthenticationFailureHandler getAuthenticationFailureHandler() {
        return new NebulaSecurityAuthenticationFailureHandler();
    }

    @ConditionalOnMissingBean
    @Bean({"SimpleLoginValidateStrategy"})
    public SimpleLoginValidateStrategy getLoginValidateStrategy() {
        return new SimpleLoginValidateStrategy();
    }

    @ConditionalOnMissingBean
    @Bean({"SimpleNebulaSecurityAuthenticationSuccessPrinter"})
    public SimpleNebulaSecurityAuthenticationSuccessPrinter getSimpleNebulaSecurityAuthenticationSuccessPrinter() {
        return new SimpleNebulaSecurityAuthenticationSuccessPrinter();
    }

    @ConditionalOnMissingBean
    @Bean(name = {"passwordEncoder"})
    public PasswordEncoder passwordEncoder() {
        return new Pbkdf2PasswordEncoder();
    }

    @ConditionalOnMissingBean
    @Bean(name = {"aes2PasswordEncoder"})
    public Aes2PasswordEncoder aes2PasswordEncoder() {
        return new Aes2PasswordEncoder();
    }

    @ConditionalOnMissingBean
    @Bean
    public AuthenticationCompetenceEventListener getDefaultAuthenticationCompetenceEventListener() {
        LOGGER.warn(" ==== 当前应用程序使用了默认的AuthenticationCompetenceEventListener监听接口实现com.bizunited.nebula.security.local.notifier.AuthenticationCompetenceEventListener，该实现默认所有的方法都可以访问，如果需要限制方法权限，请自行实现AuthenticationCompetenceEventListener监听接口（若已使用@Primary注解，则可以忽略该警告）!! ");
        return new DefaultAuthenticationCompetenceEventListener();
    }

    @ConditionalOnMissingBean
    @Bean
    public AuthenticationUserEventListener getDefaultAuthenticationUserEventListener() {
        LOGGER.warn(" ==== 当前应用程序使用了默认的AuthenticationUserEventListener监听接口实现com.bizunited.nebula.security.local.notifier.DefaultAuthenticationUserEventListener，该实现默认所有的操作者都拥有ADMIN角色，如需要限制用户的角色，请自行实现AuthenticationUserEventListener监听接口(若已使用@Primary注解，则可以忽略该警告)!! ");
        return new DefaultAuthenticationUserEventListener();
    }
}
