package org.shoulder.autoconfigure.security.token;

import org.shoulder.autoconfigure.condition.ConditionalOnAuthType;
import org.shoulder.autoconfigure.security.code.ValidateCodeSecurityConfig;
import org.shoulder.core.log.ShoulderLoggers;
import org.shoulder.security.SecurityConst;
import org.shoulder.security.authentication.AuthenticationType;
import org.shoulder.security.authentication.FormAuthenticationSecurityConfig;
import org.shoulder.security.authentication.sms.PhoneNumAuthenticationSecurityConfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider;
import org.springframework.security.oauth2.server.resource.web.BearerTokenAuthenticationFilter;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.access.ExceptionTranslationFilter;

@EnableWebSecurity
@AutoConfiguration(after = {TokenAuthBeanConfiguration.class})
@ConditionalOnClass({SecurityConst.class})
@ConditionalOnAuthType(type = AuthenticationType.TOKEN)
@ConditionalOnProperty(name = {"shoulder.security.auth.token.default-config"}, havingValue = "enable", matchIfMissing = true)
/* loaded from: input_file:org/shoulder/autoconfigure/security/token/TokenSecurityConfiguration.class */
public class TokenSecurityConfiguration {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private FormAuthenticationSecurityConfig formAuthenticationSecurityConfig;

    @Autowired(required = false)
    private ValidateCodeSecurityConfig validateCodeSecurityConfig;

    @Autowired(required = false)
    private PhoneNumAuthenticationSecurityConfig phoneNumAuthenticationSecurityConfig;

    @Autowired(required = false)
    AuthenticationEntryPoint authenticationEntryPoint;

    @Autowired(required = false)
    AccessDeniedHandler accessDeniedHandler;

    @Autowired(required = false)
    private OpaqueTokenAuthenticationProvider tokenAuthenticationProvider;

    @Autowired
    @Lazy
    private AuthenticationManager authenticationManager = null;

    public TokenSecurityConfiguration() {
        ShoulderLoggers.SHOULDER_CONFIG.warn("use default TokenSecurityConfiguration, csrf protect was closed.");
    }

    @Bean
    public SecurityFilterChain securityFilterChain_shoulderBrowserSecurityDefaultConfigure(HttpSecurity httpSecurity) throws Exception {
        this.formAuthenticationSecurityConfig.configure(httpSecurity);
        if (this.validateCodeSecurityConfig != null) {
            httpSecurity.with(this.validateCodeSecurityConfig, validateCodeSecurityConfig -> {
            });
        }
        if (this.phoneNumAuthenticationSecurityConfig != null) {
            httpSecurity.with(this.phoneNumAuthenticationSecurityConfig, phoneNumAuthenticationSecurityConfig -> {
            });
        }
        if (this.accessDeniedHandler != null) {
            httpSecurity.exceptionHandling(exceptionHandlingConfigurer -> {
                exceptionHandlingConfigurer.accessDeniedHandler(this.accessDeniedHandler);
            });
        }
        if (this.authenticationEntryPoint != null) {
            httpSecurity.exceptionHandling(exceptionHandlingConfigurer2 -> {
                exceptionHandlingConfigurer2.authenticationEntryPoint(this.authenticationEntryPoint);
            });
        }
        httpSecurity.userDetailsService(this.userDetailsService).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(new String[]{"/error", "/authentication/require", "/code", "/authentication/form", "/authentication/sms"})).permitAll().anyRequest()).authenticated();
        });
        httpSecurity.csrf((v0) -> {
            v0.disable();
        });
        if (this.tokenAuthenticationProvider != null) {
            httpSecurity.addFilterAfter(new BearerTokenAuthenticationFilter(authentication -> {
                return this.tokenAuthenticationProvider.authenticate(authentication);
            }), ExceptionTranslationFilter.class);
            httpSecurity.authenticationProvider(this.tokenAuthenticationProvider);
        }
        return (SecurityFilterChain) httpSecurity.build();
    }
}
