package cn.gtmap.ias.basic.client.starter.config;

import cn.gtmap.ias.basic.client.starter.property.AppSecurity;
import cn.gtmap.ias.basic.client.starter.util.Authority;
import com.alibaba.fastjson.JSON;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.GetMethod;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
import org.springframework.util.StringUtils;

@Configuration
/* loaded from: input_file:cn/gtmap/ias/basic/client/starter/config/SsoWebSecurityConfiguration.class */
public class SsoWebSecurityConfiguration extends WebSecurityConfigurerAdapter {
    private final ApplicationContext applicationContext;
    private final AppSecurity appSecurity;
    private final Logger logger = LoggerFactory.getLogger(SsoWebSecurityConfiguration.class);
    private final String DEFAULT_CHARSET_ENCODING = "UTF-8";

    public CustomFilterSecurityInterceptor createFilterSecurityInterceptor() {
        CustomAccessDecisionManager customAccessDecisionManager = new CustomAccessDecisionManager();
        CustomFilterInvocationSecurityMetadataSource customFilterInvocationSecurityMetadataSource = new CustomFilterInvocationSecurityMetadataSource(this.appSecurity);
        CustomFilterSecurityInterceptor customFilterSecurityInterceptor = new CustomFilterSecurityInterceptor();
        customFilterSecurityInterceptor.setAccessDecisionManager(customAccessDecisionManager);
        customFilterSecurityInterceptor.setSecurityMetadataSource(customFilterInvocationSecurityMetadataSource);
        return customFilterSecurityInterceptor;
    }

    public SsoWebSecurityConfiguration(ApplicationContext applicationContext, AppSecurity appSecurity) {
        this.applicationContext = applicationContext;
        this.appSecurity = appSecurity;
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.addFilterBefore(createFilterSecurityInterceptor(), FilterSecurityInterceptor.class);
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/login"})).permitAll();
        for (Map.Entry<String, String[]> entry : this.appSecurity.getAuthorities().entrySet()) {
            try {
                if ("permitAll".equalsIgnoreCase(entry.getKey())) {
                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(entry.getValue())).permitAll().and();
                }
            } catch (Exception e) {
                this.logger.error("app.security.authorities has wrong key or values [{}]", e.getLocalizedMessage());
            }
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).authenticated().and().formLogin().and().rememberMe().and().csrf().disable();
        new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest");
        httpSecurity.exceptionHandling().accessDeniedPage("/accessDenied");
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).maximumSessions(-1).expiredSessionStrategy(new GtmapSessionInformationExpiredStrategy()).sessionRegistry(sessionRegistry());
        httpSecurity.cors();
        httpSecurity.csrf().disable().headers().contentTypeOptions().disable().frameOptions().disable().cacheControl().disable();
        new SsoSecurityConfigurer(this.applicationContext).configure(httpSecurity);
    }

    private String processKey(String str) {
        return str.indexOf("hasRole") >= 0 ? str.replace("hasRole", "hasRole('").concat("')") : str;
    }

    public void configure(WebSecurity webSecurity) throws Exception {
        if (this.appSecurity.getIgnores() == null || this.appSecurity.getIgnores().length == 0) {
            super.configure(webSecurity);
        }
        try {
            webSecurity.ignoring().antMatchers(this.appSecurity.getIgnores());
        } catch (Exception e) {
            this.logger.error("app.security.ignores has wrong values [{}]", e.getLocalizedMessage());
        }
    }

    @Bean
    public SessionRegistry sessionRegistry() {
        return new GtmapSessionRegistryImpl();
    }

    private void loadAuthorityJson(HttpSecurity httpSecurity) throws Exception {
        List<Authority> list = null;
        try {
            list = getAuthFromInterface();
        } catch (IOException e) {
            this.logger.error("request authority exception", e);
        }
        if (list == null || list.size() == 0) {
            return;
        }
        processAuthorities(httpSecurity, list);
    }

    public List<Authority> getAuthFromInterface() throws IOException {
        String authUrl = this.appSecurity.getAuthUrl();
        if (StringUtils.isEmpty(authUrl)) {
            return null;
        }
        HttpClient httpClient = new HttpClient();
        GetMethod getMethod = new GetMethod(authUrl);
        getMethod.getParams().setContentCharset("UTF-8");
        httpClient.executeMethod(getMethod);
        return JSON.parseArray(getMethod.getResponseBodyAsString(), Authority.class);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v53, types: [java.util.List] */
    private void processAuthorities(HttpSecurity httpSecurity, List<Authority> list) throws Exception {
        ArrayList arrayList;
        HashMap hashMap = new HashMap();
        for (Authority authority : list) {
            String role = authority.getRole();
            for (String str : authority.getUrl().split(",")) {
                String trim = str.trim();
                if (hashMap.containsKey(trim)) {
                    arrayList = (List) hashMap.get(trim);
                } else {
                    arrayList = new ArrayList();
                    hashMap.put(trim, arrayList);
                }
                arrayList.add(role);
            }
        }
        for (String str2 : hashMap.keySet()) {
            List list2 = (List) hashMap.get(str2);
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{str2})).hasAnyRole((String[]) list2.toArray(new String[list2.size()])).and();
        }
    }
}
