package com.java2e.martin.common.security;

import cn.hutool.core.convert.Convert;
import com.java2e.martin.common.feign.remote.RemoteUrl;
import com.java2e.martin.common.security.component.PermitAllUrlProperties;
import com.java2e.martin.common.security.component.RemoteTokenServiceProperties;
import com.java2e.martin.common.security.component.ResourceAuthExceptionEntryPoint;
import com.java2e.martin.common.security.dynamic.DynamicAccessDecisionManager;
import com.java2e.martin.common.security.dynamic.DynamicSecurityFilter;
import com.java2e.martin.common.security.dynamic.DynamicSecurityMetadataSource;
import com.java2e.martin.common.security.dynamic.RestAuthenticationEntryPoint;
import com.java2e.martin.common.security.dynamic.RestfulAccessDeniedHandler;
import com.java2e.martin.common.security.handler.RestResponseErrorHandler;
import com.java2e.martin.common.security.interceptor.FeignInnerInterceptor;
import com.java2e.martin.common.security.interceptor.MartinOAuth2FeignRequestInterceptor;
import com.java2e.martin.common.security.provider.token.MartinUserAuthenticationConverter;
import feign.RequestInterceptor;
import java.util.ArrayList;
import java.util.Map;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.security.oauth2.OAuth2ClientProperties;
import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cache.annotation.EnableCaching;
import org.springframework.cloud.client.loadbalancer.LoadBalanced;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.http.HttpMethod;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.http.client.OkHttp3ClientHttpRequestFactory;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.servlet.config.annotation.CorsRegistry;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@EnableConfigurationProperties({PermitAllUrlProperties.class, RemoteTokenServiceProperties.class})
@Configuration
@EnableResourceServer
@ConditionalOnProperty(prefix = "martin.resource-server", name = {"enabled"}, havingValue = "true", matchIfMissing = true)
@EnableCaching
@ComponentScan(basePackages = {"com.java2e.martin.common.security", "com.java2e.martin.common.core"})
/* loaded from: input_file:com/java2e/martin/common/security/MartinSecurityAutoConfiguration.class */
public class MartinSecurityAutoConfiguration extends ResourceServerConfigurerAdapter implements WebMvcConfigurer, ApplicationContextAware {
    private static final Logger log = LoggerFactory.getLogger(MartinSecurityAutoConfiguration.class);

    @Autowired
    private PermitAllUrlProperties permitAllUrlProperties;

    @Autowired
    private RemoteTokenServiceProperties remoteTokenServiceProperties;

    @Autowired
    private ResourceAuthExceptionEntryPoint resourceAuthExceptionEntryPoint;

    @Autowired
    private FeignInnerInterceptor feignInnerInterceptor;
    private ApplicationContext applicationContext;

    public void configure(HttpSecurity httpSecurity) {
        httpSecurity.headers().frameOptions().disable();
        ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry authorizeRequests = httpSecurity.authorizeRequests();
        Set set = RemoteUrl.REMOTE_URLS;
        log.debug("feignClientPermitAll urls : {}", Convert.toStr(set));
        set.forEach(str -> {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{str})).permitAll();
        });
        authorizeRequests.and().addFilterAfter(dynamicSecurityFilter(), FilterSecurityInterceptor.class);
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(HttpMethod.OPTIONS)).permitAll();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.antMatchers(new String[]{"/", "/error", "/v2/api-docs", "/webjars/**", "/swagger-resources/**", "/configuration/**", "/*.html", "/favicon.ico", "/**/*.html", "/**/*.css", "/**/*.js"})).permitAll();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.and().authorizeRequests().anyRequest()).authenticated().and().csrf().disable().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and().exceptionHandling().accessDeniedHandler(restfulAccessDeniedHandler()).authenticationEntryPoint(restAuthenticationEntryPoint());
    }

    @Bean
    public RestfulAccessDeniedHandler restfulAccessDeniedHandler() {
        return new RestfulAccessDeniedHandler();
    }

    @Bean
    public RestAuthenticationEntryPoint restAuthenticationEntryPoint() {
        return new RestAuthenticationEntryPoint();
    }

    @Bean
    public DynamicAccessDecisionManager dynamicAccessDecisionManager() {
        return new DynamicAccessDecisionManager();
    }

    @Bean
    public DynamicSecurityFilter dynamicSecurityFilter() {
        return new DynamicSecurityFilter();
    }

    @Bean
    public DynamicSecurityMetadataSource dynamicSecurityMetadataSource() {
        return new DynamicSecurityMetadataSource();
    }

    public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) {
        RemoteTokenServices remoteTokenServices = new RemoteTokenServices();
        OAuth2ClientProperties oAuth2ClientProperties = this.remoteTokenServiceProperties.getOAuth2ClientProperties();
        log.debug("oAuth2ClientProperties==============={}", Convert.toStr(oAuth2ClientProperties));
        ResourceServerProperties resourceServerProperties = this.remoteTokenServiceProperties.getResourceServerProperties();
        log.debug("resourceServerProperties==============={}", Convert.toStr(resourceServerProperties));
        remoteTokenServices.setCheckTokenEndpointUrl(resourceServerProperties.getTokenInfoUri());
        remoteTokenServices.setClientId(oAuth2ClientProperties.getClientId());
        remoteTokenServices.setClientSecret(oAuth2ClientProperties.getClientSecret());
        DefaultAccessTokenConverter defaultAccessTokenConverter = new DefaultAccessTokenConverter();
        defaultAccessTokenConverter.setUserTokenConverter(new MartinUserAuthenticationConverter());
        remoteTokenServices.setAccessTokenConverter(defaultAccessTokenConverter);
        resourceServerSecurityConfigurer.tokenServices(remoteTokenServices);
        remoteTokenServices.setRestTemplate(OKHttp3RestTemplate());
        resourceServerSecurityConfigurer.authenticationEntryPoint(this.resourceAuthExceptionEntryPoint);
    }

    public void addCorsMappings(CorsRegistry corsRegistry) {
        corsRegistry.addMapping("/**").allowedOrigins(new String[]{"http://localhost:8000", "http://127.0.0.1:8000", "https://martinui.java2e.com/", "*"}).allowCredentials(true).allowedMethods(new String[]{"GET", "POST", "PUT", "DELETE", "HEAD"});
    }

    @Bean
    public RequestInterceptor martinOAuth2FeignRequestInterceptor() {
        return new MartinOAuth2FeignRequestInterceptor();
    }

    public void addInterceptors(InterceptorRegistry interceptorRegistry) {
        interceptorRegistry.addInterceptor(this.feignInnerInterceptor);
    }

    @Bean
    public BCryptPasswordEncoder encode() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    @Primary
    @LoadBalanced
    public RestTemplate restTemplate() {
        Map beansOfType = this.applicationContext.getBeansOfType(ClientHttpRequestInterceptor.class);
        RestTemplate restTemplate = new RestTemplate();
        restTemplate.setInterceptors(new ArrayList(beansOfType.values()));
        restTemplate.setErrorHandler(new RestResponseErrorHandler());
        return restTemplate;
    }

    @Bean({"OKHttp3"})
    @Primary
    @LoadBalanced
    public RestTemplate OKHttp3RestTemplate() {
        Map beansOfType = this.applicationContext.getBeansOfType(ClientHttpRequestInterceptor.class);
        RestTemplate restTemplate = new RestTemplate(new OkHttp3ClientHttpRequestFactory());
        restTemplate.setInterceptors(new ArrayList(beansOfType.values()));
        restTemplate.setErrorHandler(new RestResponseErrorHandler());
        return restTemplate;
    }

    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
    }
}
