package cronapp.framework.authentication.sso;

import com.google.gson.Gson;
import com.google.gson.JsonObject;
import cronapi.Var;
import cronapi.screen.Operations;
import cronapp.framework.api.ApiManager;
import cronapp.framework.api.EventsManager;
import cronapp.framework.authentication.security.CronappUserDetails;
import cronapp.framework.authentication.token.AuthenticationController;
import cronapp.framework.authentication.token.AuthenticationResponse;
import cronapp.framework.i18n.Messages;
import java.time.OffsetDateTime;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.UUID;
import org.apache.commons.lang3.StringUtils;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2SsoProperties;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoRestTemplateFactory;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
import org.springframework.context.ApplicationContext;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.mobile.device.LiteDeviceResolver;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.filter.OAuth2ClientAuthenticationProcessingFilter;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
import org.springframework.web.accept.ContentNegotiationStrategy;
import org.springframework.web.accept.HeaderContentNegotiationStrategy;

/* loaded from: input_file:cronapp/framework/authentication/sso/SsoSecurityConfigurer.class */
class SsoSecurityConfigurer {
    private final ApplicationContext applicationContext;

    /* loaded from: input_file:cronapp/framework/authentication/sso/SsoSecurityConfigurer$OAuth2ClientAuthenticationConfigurer.class */
    private static class OAuth2ClientAuthenticationConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
        private OAuth2ClientAuthenticationProcessingFilter filter;

        OAuth2ClientAuthenticationConfigurer(OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationProcessingFilter) {
            this.filter = oAuth2ClientAuthenticationProcessingFilter;
        }

        public void configure(HttpSecurity httpSecurity) {
            OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationProcessingFilter = this.filter;
            oAuth2ClientAuthenticationProcessingFilter.setSessionAuthenticationStrategy((SessionAuthenticationStrategy) httpSecurity.getSharedObject(SessionAuthenticationStrategy.class));
            httpSecurity.addFilterAfter(oAuth2ClientAuthenticationProcessingFilter, AbstractPreAuthenticatedProcessingFilter.class);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SsoSecurityConfigurer(ApplicationContext applicationContext) {
        this.applicationContext = applicationContext;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void configure(HttpSecurity httpSecurity) throws Exception {
        OAuth2SsoProperties oAuth2SsoProperties = (OAuth2SsoProperties) this.applicationContext.getBean(OAuth2SsoProperties.class);
        httpSecurity.apply(new OAuth2ClientAuthenticationConfigurer(oauth2SsoFilter(oAuth2SsoProperties)));
        addAuthenticationEntryPoint(httpSecurity, oAuth2SsoProperties);
    }

    private void addAuthenticationEntryPoint(HttpSecurity httpSecurity, OAuth2SsoProperties oAuth2SsoProperties) throws Exception {
        ExceptionHandlingConfigurer exceptionHandling = httpSecurity.exceptionHandling();
        HeaderContentNegotiationStrategy headerContentNegotiationStrategy = (ContentNegotiationStrategy) httpSecurity.getSharedObject(ContentNegotiationStrategy.class);
        if (headerContentNegotiationStrategy == null) {
            headerContentNegotiationStrategy = new HeaderContentNegotiationStrategy();
        }
        MediaTypeRequestMatcher mediaTypeRequestMatcher = new MediaTypeRequestMatcher(headerContentNegotiationStrategy, new MediaType[]{MediaType.APPLICATION_XHTML_XML, new MediaType("image", "*"), MediaType.TEXT_HTML, MediaType.TEXT_PLAIN});
        mediaTypeRequestMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
        exceptionHandling.defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint(oAuth2SsoProperties.getLoginPath()), mediaTypeRequestMatcher);
        exceptionHandling.defaultAuthenticationEntryPointFor(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED), new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest"));
    }

    private OAuth2ClientAuthenticationProcessingFilter oauth2SsoFilter(OAuth2SsoProperties oAuth2SsoProperties) {
        OAuth2RestTemplate userInfoRestTemplate = ((UserInfoRestTemplateFactory) this.applicationContext.getBean(UserInfoRestTemplateFactory.class)).getUserInfoRestTemplate();
        UserInfoTokenServices userInfoTokenServices = (UserInfoTokenServices) this.applicationContext.getBean(UserInfoTokenServices.class);
        CustomPrincipalExtractor customPrincipalExtractor = new CustomPrincipalExtractor();
        userInfoTokenServices.setAuthoritiesExtractor(new CustomAuthoritiesExtractor(customPrincipalExtractor));
        userInfoTokenServices.setPrincipalExtractor(customPrincipalExtractor);
        OAuth2ClientAuthenticationProcessingFilter oAuth2ClientAuthenticationProcessingFilter = new OAuth2ClientAuthenticationProcessingFilter(oAuth2SsoProperties.getLoginPath());
        oAuth2ClientAuthenticationProcessingFilter.setRestTemplate(userInfoRestTemplate);
        oAuth2ClientAuthenticationProcessingFilter.setTokenServices(userInfoTokenServices);
        oAuth2ClientAuthenticationProcessingFilter.setApplicationEventPublisher(this.applicationContext);
        oAuth2ClientAuthenticationProcessingFilter.setAuthenticationSuccessHandler(successHandler());
        oAuth2ClientAuthenticationProcessingFilter.setAuthenticationFailureHandler(failureHandler());
        return oAuth2ClientAuthenticationProcessingFilter;
    }

    private AuthenticationSuccessHandler successHandler() {
        return (httpServletRequest, httpServletResponse, authentication) -> {
            CronappUserDetails cronappUserDetails = getCronappUserDetails(((OAuth2Authentication) authentication).getUserAuthentication());
            try {
                JsonObject jsonTree = new Gson().toJsonTree(cronappUserDetails);
                LiteDeviceResolver liteDeviceResolver = new LiteDeviceResolver();
                AuthenticationController authenticationController = new AuthenticationController(null);
                Operations.addTokenClaim(Var.valueOf("SSOAccessToken"), Var.valueOf(String.valueOf(httpServletRequest.getAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE))));
                httpServletResponse.sendRedirect("/auth/signin/sso?_ctk=" + ((AuthenticationResponse) authenticationController.auth(cronappUserDetails.getEmail(), "cronapp", liteDeviceResolver.resolveDevice(httpServletRequest), "SSO", null, jsonTree, httpServletRequest).getBody()).getToken());
                if (EventsManager.hasEvent("onLogin")) {
                    EventsManager.executeEventOnTransaction("onLogin", Var.valueOf("username", authentication.getName()));
                }
            } catch (Exception e) {
                throw new AuthenticationServiceException(Messages.getString("AuthError", e.getMessage()));
            }
        };
    }

    private AuthenticationFailureHandler failureHandler() {
        return (httpServletRequest, httpServletResponse, authenticationException) -> {
            httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
        };
    }

    private static String getAttributeString(Map<String, Object> map, String str) {
        Object obj;
        if (map == null || (obj = map.get(str)) == null) {
            return null;
        }
        return obj.toString();
    }

    public static CronappUserDetails getCronappUserDetails(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        Map map = (Map) usernamePasswordAuthenticationToken.getDetails();
        String valueOf = String.valueOf(usernamePasswordAuthenticationToken.getPrincipal());
        String normalize = ApiManager.normalize(valueOf);
        String attributeString = getAttributeString(map, "email");
        String normalize2 = ApiManager.normalize(attributeString);
        String attributeString2 = getAttributeString(map, "phone");
        if (StringUtils.isEmpty(attributeString2)) {
            attributeString2 = "N/A";
        }
        if (StringUtils.isEmpty(attributeString)) {
            attributeString = normalize + "@no-email";
        }
        if (StringUtils.isEmpty(normalize2)) {
            normalize2 = ApiManager.normalize(attributeString);
        }
        return CronappUserDetails.newBuilder().setName((String) StringUtils.defaultIfEmpty(getAttributeString(map, ApiManager.SECURABLE_ATTRIBUTE_NAME), valueOf)).setUserName(valueOf).setNormalizedUserName(normalize).setEmail(attributeString).setNormalizedEmail(normalize2).setEmailConfirmed(true).setSecurityStamp(UUID.randomUUID().toString()).setPhoneNumber(attributeString2).setPhoneNumberConfirmed(true).setTwoFactorEnabled(false).setLockoutEnd(OffsetDateTime.MIN).setLockoutEnabled(false).setAccessFailedCount(0).setAuthorities(Collections.unmodifiableSet(new LinkedHashSet(usernamePasswordAuthenticationToken.getAuthorities()))).build();
    }
}
