package cn.gtmap.gtc.starter.gscas.config;

import cn.gtmap.gtc.common.properties.security.AppSecurity;
import cn.gtmap.gtc.starter.gscas.config.handler.GtmapAccessDeniedHandler;
import cn.gtmap.gtc.starter.gscas.endpoint.OtherAppAuthorizationEndpoint;
import cn.gtmap.gtc.starter.gscas.expression.GtAccessDecisionManager;
import cn.gtmap.gtc.starter.gscas.expression.GtWebSecurityExpressionHandler;
import cn.gtmap.gtc.starter.gscas.property.audit.AuditLogProperties;
import java.util.ArrayList;
import java.util.Map;
import org.apache.commons.configuration.tree.DefaultExpressionEngine;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2SsoProperties;
import org.springframework.cloud.client.discovery.DiscoveryClient;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.config.Elements;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.web.access.expression.WebExpressionVoter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.web.cors.CorsUtils;

@AutoConfigureBefore({OAuth2SsoCustomConfiguration.class})
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Order(2147483640)
/* loaded from: input_file:BOOT-INF/lib/gtmap-security-cloud-app-starter-2.0.0.jar:cn/gtmap/gtc/starter/gscas/config/SsoWebSecurityConfiguration.class */
public class SsoWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
    final Logger logger = LoggerFactory.getLogger((Class<?>) SsoWebSecurityConfiguration.class);
    final ApplicationContext applicationContext;
    final OAuth2SsoProperties sso;
    final AppSecurity appSecurity;
    final OAuth2ProtectedResourceDetails details;
    final AuditLogProperties log;
    DiscoveryClient discoveryClient;

    public SsoWebSecurityConfiguration(ApplicationContext applicationContext, OAuth2SsoProperties oAuth2SsoProperties, AppSecurity appSecurity, OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, AuditLogProperties auditLogProperties, DiscoveryClient discoveryClient) {
        this.applicationContext = applicationContext;
        this.sso = oAuth2SsoProperties;
        this.appSecurity = appSecurity;
        this.details = oAuth2ProtectedResourceDetails;
        this.log = auditLogProperties;
        this.discoveryClient = discoveryClient;
    }

    public GtWebSecurityExpressionHandler webSecurityExpressionHandler() {
        return new GtWebSecurityExpressionHandler(super.getApplicationContext(), this.appSecurity.getModuleAuthPath(), this.details.getClientId(), this.discoveryClient);
    }

    public WebExpressionVoter webExpressionVoter() {
        WebExpressionVoter webExpressionVoter = new WebExpressionVoter();
        webExpressionVoter.setExpressionHandler(webSecurityExpressionHandler());
        return webExpressionVoter;
    }

    public AccessDecisionManager accessDecisionManager() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(webExpressionVoter());
        return new GtAccessDecisionManager(arrayList);
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        Boolean bool = null;
        boolean z = true;
        boolean z2 = false;
        boolean z3 = false;
        boolean z4 = false;
        boolean z5 = false;
        boolean z6 = false;
        String str = null;
        for (Map.Entry<String, String[]> entry : this.appSecurity.getAuthorities().entrySet()) {
            try {
                if (StringUtils.equalsIgnoreCase(entry.getKey(), "permitAll")) {
                    httpSecurity.authorizeRequests().antMatchers(entry.getValue()).permitAll().and();
                } else if ("authenticated".equals(entry.getKey())) {
                    String[] value = entry.getValue();
                    int length = value.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        String str2 = value[i];
                        if ("true".equals(str2)) {
                            bool = true;
                            break;
                        } else {
                            if ("false".equals(str2)) {
                                bool = false;
                                break;
                            }
                            i++;
                        }
                    }
                    if (null == bool && !bool.booleanValue() && entry.getValue() != null && entry.getValue().length > 0) {
                        httpSecurity.authorizeRequests().antMatchers(entry.getValue()).authenticated().and();
                    }
                } else if (StringUtils.equalsIgnoreCase(entry.getKey(), "preFlight")) {
                    String[] value2 = entry.getValue();
                    int length2 = value2.length;
                    int i2 = 0;
                    while (true) {
                        if (i2 >= length2) {
                            break;
                        }
                        if ("false".equals(value2[i2])) {
                            z = false;
                            break;
                        }
                        i2++;
                    }
                } else if (Elements.CSRF.equals(entry.getKey())) {
                    String[] value3 = entry.getValue();
                    int length3 = value3.length;
                    int i3 = 0;
                    while (true) {
                        if (i3 >= length3) {
                            break;
                        }
                        if ("true".equals(value3[i3])) {
                            z2 = true;
                            break;
                        }
                        i3++;
                    }
                } else if (StringUtils.equalsIgnoreCase(entry.getKey(), "xssProtection")) {
                    String[] value4 = entry.getValue();
                    int length4 = value4.length;
                    int i4 = 0;
                    while (true) {
                        if (i4 >= length4) {
                            break;
                        }
                        if ("true".equals(value4[i4])) {
                            z3 = true;
                            break;
                        }
                        i4++;
                    }
                } else if (StringUtils.equalsIgnoreCase(entry.getKey(), "xssProtectionBlock")) {
                    String[] value5 = entry.getValue();
                    int length5 = value5.length;
                    int i5 = 0;
                    while (true) {
                        if (i5 >= length5) {
                            break;
                        }
                        if ("true".equals(value5[i5])) {
                            z4 = true;
                            break;
                        }
                        i5++;
                    }
                } else if (StringUtils.equalsIgnoreCase(entry.getKey(), "frameOption")) {
                    String[] value6 = entry.getValue();
                    int length6 = value6.length;
                    int i6 = 0;
                    while (true) {
                        if (i6 >= length6) {
                            break;
                        }
                        if ("true".equals(value6[i6])) {
                            z5 = true;
                            break;
                        }
                        i6++;
                    }
                } else if (StringUtils.equalsIgnoreCase(entry.getKey(), "contentTypeOption")) {
                    String[] value7 = entry.getValue();
                    int length7 = value7.length;
                    int i7 = 0;
                    while (true) {
                        if (i7 >= length7) {
                            break;
                        }
                        if ("true".equals(value7[i7])) {
                            z6 = true;
                            break;
                        }
                        i7++;
                    }
                } else if (StringUtils.equalsIgnoreCase(entry.getKey(), "accessDeniedPage")) {
                    String[] value8 = entry.getValue();
                    int length8 = value8.length;
                    int i8 = 0;
                    while (true) {
                        if (i8 >= length8) {
                            break;
                        }
                        String str3 = value8[i8];
                        if (StringUtils.isNotBlank(str3)) {
                            str = str3;
                            break;
                        }
                        i8++;
                    }
                } else {
                    httpSecurity.authorizeRequests().antMatchers(entry.getValue()).access(entry.getKey().replace(DefaultExpressionEngine.DEFAULT_INDEX_START, "('").replace(DefaultExpressionEngine.DEFAULT_INDEX_END, "')").replace(",", "','")).and();
                }
            } catch (Exception e) {
                this.logger.error("app.security.authorities has wrong key or values [{}]", e.getLocalizedMessage());
            }
        }
        httpSecurity.authorizeRequests().antMatchers("/authorize").authenticated().and();
        if (!z) {
            httpSecurity.authorizeRequests().requestMatchers(CorsUtils::isPreFlightRequest).permitAll().and();
        }
        if (bool != null && bool.booleanValue()) {
            httpSecurity.authorizeRequests().anyRequest().authenticated();
        }
        httpSecurity.authorizeRequests().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() { // from class: cn.gtmap.gtc.starter.gscas.config.SsoWebSecurityConfiguration.1
            @Override // org.springframework.security.config.annotation.ObjectPostProcessor
            public <O extends FilterSecurityInterceptor> O postProcess(O o) {
                o.setAccessDecisionManager(SsoWebSecurityConfiguration.this.accessDecisionManager());
                o.setPublishAuthorizationSuccess(SsoWebSecurityConfiguration.this.log.isAuthorizationSuccess());
                return o;
            }
        });
        if (!z2) {
            httpSecurity.csrf().disable();
        }
        if (z3) {
            httpSecurity.headers().xssProtection().xssProtectionEnabled(true).block(z4);
        } else {
            httpSecurity.headers().xssProtection().disable();
        }
        if (!z6) {
            httpSecurity.headers().contentTypeOptions().disable();
        }
        if (!z5) {
            httpSecurity.headers().frameOptions().disable();
        }
        if (StringUtils.isNotBlank(str)) {
            GtmapAccessDeniedHandler gtmapAccessDeniedHandler = gtmapAccessDeniedHandler();
            gtmapAccessDeniedHandler.setErrorPage(str);
            httpSecurity.exceptionHandling().accessDeniedHandler(gtmapAccessDeniedHandler);
        }
        httpSecurity.headers().cacheControl().disable();
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).maximumSessions(-1).expiredSessionStrategy(new GtmapSessionInformationExpiredStrategy()).sessionRegistry(sessionRegistry());
        new SsoSecurityConfigurer(this.applicationContext).configure(httpSecurity);
    }

    @Bean
    public GtmapAccessDeniedHandler gtmapAccessDeniedHandler() {
        return new GtmapAccessDeniedHandler();
    }

    @Bean
    public OtherAppAuthorizationEndpoint otherAppAuthorizationEndpoint() {
        return new OtherAppAuthorizationEndpoint();
    }

    @Bean
    public SessionRegistry sessionRegistry() {
        return new GtmapSessionRegistryImpl();
    }

    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(WebSecurity webSecurity) throws Exception {
        try {
            webSecurity.ignoring().antMatchers(this.appSecurity.getIgnores());
        } catch (Exception e) {
            this.logger.error("app.security.ignores has wrong values [{}]", e.getLocalizedMessage());
        }
    }
}
