package org.rdlinux.ezsecurity.spring.boot.autoconfig;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.annotation.PostConstruct;
import javax.servlet.Filter;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.subject.SubjectContext;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.DefaultWebSubjectFactory;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.rdlinux.ezsecurity.shiro.content.EzSecurityContent;
import org.rdlinux.ezsecurity.shiro.holder.ErrorConstantHolder;
import org.rdlinux.ezsecurity.shiro.redis.cache.ShiroRedisCacheManager;
import org.rdlinux.ezsecurity.shiro.security.client.AuthClient;
import org.rdlinux.ezsecurity.shiro.security.client.ClientHolder;
import org.rdlinux.ezsecurity.shiro.security.filter.CorsFilter;
import org.rdlinux.ezsecurity.shiro.security.filter.CustomFormAuthenticationFilter;
import org.rdlinux.ezsecurity.shiro.security.filter.HeartbeatRequestFilter;
import org.rdlinux.ezsecurity.shiro.security.filter.LoginFilter;
import org.rdlinux.ezsecurity.shiro.security.filter.LogoutFilter;
import org.rdlinux.ezsecurity.shiro.security.filter.RedirectionFilter;
import org.rdlinux.ezsecurity.shiro.security.interceptor.CustomAuthorizationAttributeSourceAdvisor;
import org.rdlinux.ezsecurity.shiro.security.realm.SecurityRealm;
import org.rdlinux.ezsecurity.shiro.security.rootfilter.secutirylogic.impl.DefaultSecurityLogic;
import org.rdlinux.ezsecurity.shiro.security.session.DefaultSessionKeyStore;
import org.rdlinux.ezsecurity.shiro.security.session.RedisSessionKeyStore;
import org.rdlinux.ezsecurity.shiro.security.session.SecurityShiroRedisSessionDAO;
import org.rdlinux.ezsecurity.shiro.security.session.SecurityWebSessionManager;
import org.rdlinux.ezsecurity.shiro.security.session.SessionKeyStore;
import org.rdlinux.ezsecurity.shiro.spring.ShiroFilterFactoryBean;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.BeanFactoryAware;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.serializer.StringRedisSerializer;
import org.springframework.lang.NonNull;

@EnableConfigurationProperties({EzSecurityProperties.class})
@Configuration
@ConditionalOnClass({EzSecurityProperties.class})
/* loaded from: input_file:org/rdlinux/ezsecurity/spring/boot/autoconfig/EzSecurityAutoConfiguration.class */
public class EzSecurityAutoConfiguration implements BeanFactoryAware {
    private static final Logger log = LoggerFactory.getLogger(EzSecurityAutoConfiguration.class);
    private final EzSecurityProperties ezSecurityProperties;
    private BeanFactory beanFactory;
    private List<AuthClient> clients;
    private RedisTemplate<Serializable, Object> redisTemplate;

    public EzSecurityAutoConfiguration(EzSecurityProperties ezSecurityProperties) {
        this.ezSecurityProperties = ezSecurityProperties;
    }

    private EzSecurityConfigurationAdvice getConfigurationAdvice() {
        try {
            return (EzSecurityConfigurationAdvice) this.beanFactory.getBean(EzSecurityConfigurationAdvice.class);
        } catch (BeansException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public void setBeanFactory(@NonNull BeanFactory beanFactory) throws BeansException {
        this.beanFactory = beanFactory;
        initRedisTemplate();
        initEzSecurityContent();
    }

    private void initEzSecurityContent() {
        final EzSecurityConfigurationAdvice configurationAdvice = getConfigurationAdvice();
        EzSecurityContent.setErrorConstantHolder(new ErrorConstantHolder() { // from class: org.rdlinux.ezsecurity.spring.boot.autoconfig.EzSecurityAutoConfiguration.1
            public int getUnAuthenticated() {
                return EzSecurityAutoConfiguration.this.ezSecurityProperties.getUnAuthenticatedCode();
            }

            public int getUnAuthorized() {
                return EzSecurityAutoConfiguration.this.ezSecurityProperties.getUnAuthorizedCode();
            }

            public String getErrorMsg(int i) {
                return i == EzSecurityAutoConfiguration.this.ezSecurityProperties.getUnAuthenticatedCode() ? configurationAdvice.getUnAuthenticatedMsg() : configurationAdvice.getUnAuthorizedMsg();
            }
        });
        EzSecurityContent.setResponseRetConvert(configurationAdvice.getResponseRetConvert());
    }

    public void initRedisTemplate() {
        RedisConnectionFactory connectionFactory;
        if (this.ezSecurityProperties.isEnableRedisCache() && this.beanFactory.containsBean("redisTemplate") && (connectionFactory = ((RedisTemplate) this.beanFactory.getBean("redisTemplate", RedisTemplate.class)).getConnectionFactory()) != null) {
            RedisTemplate<Serializable, Object> redisTemplate = new RedisTemplate<>();
            redisTemplate.setConnectionFactory(connectionFactory);
            redisTemplate.setKeySerializer(new StringRedisSerializer());
            redisTemplate.setHashKeySerializer(new StringRedisSerializer());
            redisTemplate.afterPropertiesSet();
            this.redisTemplate = redisTemplate;
        }
    }

    @PostConstruct
    public void init() {
        this.clients = new LinkedList();
        this.clients = getConfigurationAdvice().getClients(this.clients);
    }

    @Bean
    public SessionKeyStore sessionKeyStore() {
        return this.ezSecurityProperties.isEnableRedisCache() ? new RedisSessionKeyStore(this.redisTemplate) : new DefaultSessionKeyStore(this.ezSecurityProperties.getSessionTimeout() * 1000);
    }

    @Bean
    public SecurityRealm securityRealm() {
        return new SecurityRealm(this.ezSecurityProperties.getCachePrefix());
    }

    @Bean
    public ClientHolder clientHolder() {
        AuthClient authClient = null;
        String defaultAuthType = this.ezSecurityProperties.getDefaultAuthType();
        if (defaultAuthType == null || defaultAuthType.isEmpty()) {
            defaultAuthType = "EC_JWT_USER";
        }
        Iterator<AuthClient> it = this.clients.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            AuthClient next = it.next();
            if (defaultAuthType.equals(next.getAuthType())) {
                authClient = next;
                break;
            }
        }
        return new ClientHolder(authClient, this.clients);
    }

    @Bean
    public SessionManager shiroSessionManage() {
        SecurityWebSessionManager securityWebSessionManager = new SecurityWebSessionManager(sessionKeyStore(), clientHolder());
        if (this.ezSecurityProperties.isEnableRedisCache()) {
            securityWebSessionManager.setSessionDAO(new SecurityShiroRedisSessionDAO(this.redisTemplate, sessionKeyStore(), this.ezSecurityProperties.getCachePrefix()));
        }
        securityWebSessionManager.setGlobalSessionTimeout(this.ezSecurityProperties.getSessionTimeout() * 1000);
        SimpleCookie simpleCookie = new SimpleCookie();
        simpleCookie.setName("shrio-sesssion-id");
        simpleCookie.setPath("/");
        securityWebSessionManager.setSessionIdCookie(simpleCookie);
        securityWebSessionManager.setSessionValidationSchedulerEnabled(this.ezSecurityProperties.getEnableSession().booleanValue());
        return securityWebSessionManager;
    }

    @Bean
    public SecurityManager shiroSecurityManager() {
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        ArrayList arrayList = new ArrayList(3);
        arrayList.add(securityRealm());
        defaultWebSecurityManager.setRealms(arrayList);
        defaultWebSecurityManager.setSessionManager(shiroSessionManage());
        if (this.ezSecurityProperties.isEnableRedisCache()) {
            defaultWebSecurityManager.setCacheManager(new ShiroRedisCacheManager(this.redisTemplate, this.ezSecurityProperties.getCacheTimeout() * 1000));
        }
        defaultWebSecurityManager.setSubjectFactory(new DefaultWebSubjectFactory() { // from class: org.rdlinux.ezsecurity.spring.boot.autoconfig.EzSecurityAutoConfiguration.2
            public Subject createSubject(SubjectContext subjectContext) {
                subjectContext.setSessionCreationEnabled(EzSecurityAutoConfiguration.this.ezSecurityProperties.getEnableSession().booleanValue());
                return super.createSubject(subjectContext);
            }
        });
        SecurityUtils.setSecurityManager(defaultWebSecurityManager);
        defaultWebSecurityManager.getSubjectDAO().getSessionStorageEvaluator().setSessionStorageEnabled(this.ezSecurityProperties.getEnableSession().booleanValue());
        return defaultWebSecurityManager;
    }

    @ConditionalOnMissingBean
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        CustomAuthorizationAttributeSourceAdvisor customAuthorizationAttributeSourceAdvisor = new CustomAuthorizationAttributeSourceAdvisor();
        customAuthorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return customAuthorizationAttributeSourceAdvisor;
    }

    @Bean
    public FilterRegistrationBean delegatingFilterProxy() throws Exception {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setLoginUrl(this.ezSecurityProperties.getLoginUrl());
        shiroFilterFactoryBean.setUnauthorizedUrl((String) null);
        shiroFilterFactoryBean.setSuccessUrl((String) null);
        shiroFilterFactoryBean.setSecurityManager(shiroSecurityManager());
        DefaultSecurityLogic defaultSecurityLogic = new DefaultSecurityLogic();
        defaultSecurityLogic.setEnableSession(this.ezSecurityProperties.getEnableSession().booleanValue());
        defaultSecurityLogic.setClientHolder(clientHolder());
        defaultSecurityLogic.setSessionKeyStore(sessionKeyStore());
        shiroFilterFactoryBean.setSecurityLogic(defaultSecurityLogic);
        HashMap hashMap = new HashMap();
        hashMap.put("origin", new CorsFilter());
        hashMap.put("cors", new CorsFilter());
        hashMap.put("heartbeat", new HeartbeatRequestFilter());
        hashMap.put("redirection", new RedirectionFilter(this.ezSecurityProperties.getRedirections()));
        hashMap.put("logout", new LogoutFilter());
        hashMap.put("login", new LoginFilter());
        hashMap.put("authc", new CustomFormAuthenticationFilter());
        Map<String, Filter> filters = getConfigurationAdvice().getFilters();
        if (filters != null && !filters.isEmpty()) {
            hashMap.putAll(filters);
        }
        shiroFilterFactoryBean.setFilters(hashMap);
        if (log.isDebugEnabled()) {
            log.debug("配置拦截器的url" + this.ezSecurityProperties.getFilterChainDefinitions());
        }
        shiroFilterFactoryBean.setFilterChainDefinitionMap(this.ezSecurityProperties.getFilterChainDefinitions());
        shiroFilterFactoryBean.setExceptionHandler(getConfigurationAdvice().getShiroFilterExceptionHandler());
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter((Filter) Objects.requireNonNull(shiroFilterFactoryBean.getObject()));
        filterRegistrationBean.addUrlPatterns(new String[]{"/*"});
        filterRegistrationBean.setName("ezSecurityFilter");
        filterRegistrationBean.setOrder(-100);
        filterRegistrationBean.setEnabled(true);
        return filterRegistrationBean;
    }
}
