package net.sinodawn.boot.security;

import java.util.Optional;
import java.util.function.Function;
import net.sinodawn.framework.context.ApplicationContextHelper;
import net.sinodawn.framework.context.filter.ContextServletRequestFilter;
import net.sinodawn.framework.security.constant.SecurityConstant;
import net.sinodawn.framework.security.filter.RefreshFilterSecurityInterceptor;
import net.sinodawn.framework.security.service.DefaultTokenBasedRememberMeServices;
import net.sinodawn.framework.security.service.DefaultUserDetailsService;
import net.sinodawn.framework.security.support.AjaxAuthenticationFailureHandler;
import net.sinodawn.framework.security.support.AjaxAuthenticationSuccessHandler;
import net.sinodawn.framework.security.support.DefaultDaoAuthenticationProvider;
import net.sinodawn.framework.security.support.Http401UnauthorizedEntryPoint;
import net.sinodawn.framework.spring.filter.SinoFilterConfig;
import net.sinodawn.framework.spring.filter.SinoFilterRegistry;
import net.sinodawn.framework.support.table.TableConstant;
import net.sinodawn.framework.utils.EncryptUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.channel.ChannelProcessingFilter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:net/sinodawn/boot/security/SinoSecurityConfiguration.class */
public class SinoSecurityConfiguration extends WebSecurityConfigurerAdapter {
    public static final String CUSTOM_SECURITY_CONFIGURE_FUNCTION_NAME = "customSecurityConfigure";
    public static final String LOGIN_ORG_ID_KEY = "orgId";
    public static final String LOGIN_ROLE_ID_KEY = "roleId";

    @Autowired
    Environment env;

    @Autowired
    @Lazy
    UserDetailsService userDetailsService;

    @Autowired
    @Lazy
    RememberMeServices rememberMeServices;

    @Autowired
    @Lazy
    PasswordEncoder passwordEncoder;

    @Autowired
    @Lazy
    AuthenticationProvider authenticationProvider;

    @Bean
    public UserDetailsService userDetailsService() {
        return new DefaultUserDetailsService();
    }

    @Bean
    public AuthenticationProvider authenticationProvider() {
        DefaultDaoAuthenticationProvider defaultDaoAuthenticationProvider = new DefaultDaoAuthenticationProvider();
        defaultDaoAuthenticationProvider.setUserDetailsService(this.userDetailsService);
        defaultDaoAuthenticationProvider.setPasswordEncoder(this.passwordEncoder);
        return defaultDaoAuthenticationProvider;
    }

    @Bean
    public RememberMeServices rememberMeServices() {
        return defaultTokenBasedRememberMeServices();
    }

    @Bean
    public DefaultTokenBasedRememberMeServices defaultTokenBasedRememberMeServices() {
        DefaultTokenBasedRememberMeServices defaultTokenBasedRememberMeServices = new DefaultTokenBasedRememberMeServices();
        Optional.ofNullable(this.env.getProperty("sino.security.token-validity-seconds")).or(() -> {
            return Optional.of("36000");
        }).ifPresent(str -> {
            defaultTokenBasedRememberMeServices.setTokenValiditySeconds(Integer.parseInt(str));
        });
        return defaultTokenBasedRememberMeServices;
    }

    private void init(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.exceptionHandling().authenticationEntryPoint((AuthenticationEntryPoint) ApplicationContextHelper.getBean(Http401UnauthorizedEntryPoint.class));
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        httpSecurity.rememberMe().rememberMeServices(this.rememberMeServices).key(SecurityConstant.REMEMBER_ME_KEY);
        httpSecurity.formLogin().loginPage("/").loginProcessingUrl("/core/module/sys/login").failureHandler((AuthenticationFailureHandler) ApplicationContextHelper.getBean(AjaxAuthenticationFailureHandler.class)).successHandler((AuthenticationSuccessHandler) ApplicationContextHelper.getBean(AjaxAuthenticationSuccessHandler.class)).usernameParameter(TableConstant.PIVOT_EXT_ID).passwordParameter("pwd");
        httpSecurity.logout().logoutSuccessUrl("/").logoutUrl("/core/module/sys/logout").addLogoutHandler((LogoutHandler) ApplicationContextHelper.getBean(DefaultTokenBasedRememberMeServices.class)).logoutSuccessHandler((LogoutSuccessHandler) ApplicationContextHelper.getBean(LogoutSuccessHandler.class)).deleteCookies(new String[]{"security#rememberme", "JSESSIONID"});
    }

    @ConditionalOnMissingBean({PasswordEncoder.class})
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new PasswordEncoder() { // from class: net.sinodawn.boot.security.SinoSecurityConfiguration.1
            public String encode(CharSequence charSequence) {
                return EncryptUtils.MD5Encrypt((String) charSequence);
            }

            public boolean matches(CharSequence charSequence, String str) {
                return charSequence != null && encode(charSequence).equals(str);
            }
        };
    }

    @Bean
    public HttpFirewall allowUrlEncodedSlashHttpFirewall() {
        StrictHttpFirewall strictHttpFirewall = new StrictHttpFirewall();
        strictHttpFirewall.setAllowUrlEncodedPercent(true);
        strictHttpFirewall.setAllowUrlEncodedSlash(true);
        strictHttpFirewall.setAllowSemicolon(true);
        return strictHttpFirewall;
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.httpFirewall(allowUrlEncodedSlashHttpFirewall());
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        init(httpSecurity);
        if (getApplicationContext().containsBean(CUSTOM_SECURITY_CONFIGURE_FUNCTION_NAME)) {
            ((Function) getApplicationContext().getBean(CUSTOM_SECURITY_CONFIGURE_FUNCTION_NAME)).apply(httpSecurity);
        }
        httpSecurity.csrf().disable();
        if (((Boolean) this.env.getProperty("sino.security.headers.xss", Boolean.class)).booleanValue()) {
            httpSecurity.headers().frameOptions().sameOrigin().addHeaderWriter(new XXssProtectionHeaderWriter());
        } else {
            httpSecurity.headers().frameOptions().disable().addHeaderWriter(new XXssProtectionHeaderWriter());
        }
        SinoFilterRegistry.INSTANCE.getConfigList().forEach(sinoFilterConfig -> {
            if (SinoFilterConfig.FilterPos.AFTER.equals(sinoFilterConfig.getFilterPos())) {
                httpSecurity.addFilterAfter(sinoFilterConfig.getFilter(), sinoFilterConfig.getFilterClass());
            } else if (SinoFilterConfig.FilterPos.BEFORE.equals(sinoFilterConfig.getFilterPos())) {
                httpSecurity.addFilterBefore(sinoFilterConfig.getFilter(), sinoFilterConfig.getFilterClass());
            } else if (SinoFilterConfig.FilterPos.AT.equals(sinoFilterConfig.getFilterPos())) {
                httpSecurity.addFilterAt(sinoFilterConfig.getFilter(), sinoFilterConfig.getFilterClass());
            }
        });
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/**/*.md", "/**/*.sql", "/**/*.jar", "/**/*.jsp", "/**/*.asp", "/**/*.aspx", "/**/*.php", "/**/*.py"})).denyAll().antMatchers(new String[]{"/secure/core/module/mdm/user-permissions/login-org/queries/post-selectable", "/secure/core/module/mdm/user-permissions/login-role/queries/post-selectable", "/*", "/static/**", "/open/**", "/files/open/**", "/core/module/sys/login"})).permitAll().antMatchers(new String[]{"/module/index/workspaces/**", "/core/module/sys/logins/account", "/core/module/sys/logout", "/core/module/item/files", "/secure/**"})).authenticated();
    }

    static {
        SinoFilterRegistry.INSTANCE.registerBefore(new ContextServletRequestFilter(), ChannelProcessingFilter.class);
        SinoFilterRegistry.INSTANCE.registerAfter(new RefreshFilterSecurityInterceptor(), FilterSecurityInterceptor.class);
    }
}
