package cn.gtmap.gtc.starter.gscas.config;

import cn.gtmap.gtc.common.properties.security.AppSecurity;
import cn.gtmap.gtc.starter.gscas.endpoint.OtherAppAuthorizationEndpoint;
import cn.gtmap.gtc.starter.gscas.expression.GtAccessDecisionManager;
import cn.gtmap.gtc.starter.gscas.expression.GtWebSecurityExpressionHandler;
import cn.gtmap.gtc.starter.gscas.property.audit.AuditLogProperties;
import java.util.ArrayList;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2SsoProperties;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.web.access.expression.WebExpressionVoter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.cors.CorsUtils;

@AutoConfigureBefore({OAuth2SsoCustomConfiguration.class})
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
@Order(2147483640)
/* loaded from: input_file:cn/gtmap/gtc/starter/gscas/config/SsoWebSecurityConfiguration.class */
public class SsoWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
    final Logger logger = LoggerFactory.getLogger(SsoWebSecurityConfiguration.class);
    final ApplicationContext applicationContext;
    final OAuth2SsoProperties sso;
    final AppSecurity appSecurity;
    final OAuth2ProtectedResourceDetails details;
    final AuditLogProperties log;

    public SsoWebSecurityConfiguration(ApplicationContext applicationContext, OAuth2SsoProperties oAuth2SsoProperties, AppSecurity appSecurity, OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, AuditLogProperties auditLogProperties) {
        this.applicationContext = applicationContext;
        this.sso = oAuth2SsoProperties;
        this.appSecurity = appSecurity;
        this.details = oAuth2ProtectedResourceDetails;
        this.log = auditLogProperties;
    }

    public GtWebSecurityExpressionHandler webSecurityExpressionHandler() {
        return new GtWebSecurityExpressionHandler(super.getApplicationContext(), this.appSecurity.getModuleAuthPath(), this.details.getClientId());
    }

    public WebExpressionVoter webExpressionVoter() {
        WebExpressionVoter webExpressionVoter = new WebExpressionVoter();
        webExpressionVoter.setExpressionHandler(webSecurityExpressionHandler());
        return webExpressionVoter;
    }

    public AccessDecisionManager accessDecisionManager() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(webExpressionVoter());
        return new GtAccessDecisionManager(arrayList);
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        boolean z = false;
        boolean z2 = true;
        for (Map.Entry entry : this.appSecurity.getAuthorities().entrySet()) {
            try {
                if (entry.getKey() == "permitAll") {
                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers((String[]) entry.getValue())).permitAll().and();
                } else if ("authenticated".equals(entry.getKey())) {
                    String[] strArr = (String[]) entry.getValue();
                    int length = strArr.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        if ("true".equals(strArr[i])) {
                            z = true;
                            break;
                        }
                        i++;
                    }
                    if (!z && entry.getValue() != null && ((String[]) entry.getValue()).length > 0) {
                        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers((String[]) entry.getValue())).authenticated().and();
                    }
                } else if ("preFlight".equals(entry.getKey())) {
                    String[] strArr2 = (String[]) entry.getValue();
                    int length2 = strArr2.length;
                    int i2 = 0;
                    while (true) {
                        if (i2 >= length2) {
                            break;
                        }
                        if ("false".equals(strArr2[i2])) {
                            z2 = false;
                            break;
                        }
                        i2++;
                    }
                } else {
                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers((String[]) entry.getValue())).access((String) entry.getKey()).and();
                }
            } catch (Exception e) {
                this.logger.error("app.security.authorities has wrong key or values [{}]", e.getLocalizedMessage());
            }
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/authorize"})).authenticated().and();
        if (!z2) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().requestMatchers(new RequestMatcher[]{CorsUtils::isPreFlightRequest})).permitAll().and();
        }
        if (z) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).authenticated();
        }
        httpSecurity.authorizeRequests().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() { // from class: cn.gtmap.gtc.starter.gscas.config.SsoWebSecurityConfiguration.1
            public <O extends FilterSecurityInterceptor> O postProcess(O o) {
                o.setAccessDecisionManager(SsoWebSecurityConfiguration.this.accessDecisionManager());
                o.setPublishAuthorizationSuccess(SsoWebSecurityConfiguration.this.log.isAuthorizationSuccess());
                return o;
            }
        });
        httpSecurity.csrf().disable().headers().contentTypeOptions().disable().frameOptions().disable().cacheControl().disable();
        httpSecurity.sessionManagement().maximumSessions(-1).expiredSessionStrategy(new GtmapSessionInformationExpiredStrategy()).sessionRegistry(sessionRegistry());
        new SsoSecurityConfigurer(this.applicationContext).configure(httpSecurity);
    }

    @Bean
    public OtherAppAuthorizationEndpoint otherAppAuthorizationEndpoint() {
        return new OtherAppAuthorizationEndpoint();
    }

    @Bean
    public SessionRegistry sessionRegistry() {
        return new GtmapSessionRegistryImpl();
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        try {
            webSecurity.ignoring().antMatchers(this.appSecurity.getIgnores());
        } catch (Exception e) {
            this.logger.error("app.security.ignores has wrong values [{}]", e.getLocalizedMessage());
        }
    }
}
