package com.iplatform.security.config;

import com.iplatform.base.UserCacheProvider;
import com.iplatform.base.UserLoginCache;
import com.iplatform.base.cache.MenuCacheProvider;
import com.iplatform.base.captcha.JigsawCaptchaProvider;
import com.iplatform.base.captcha.NoneCaptchaProvider;
import com.iplatform.base.captcha.ThirdPartyCaptchaProvider;
import com.iplatform.base.service.UserServiceImpl;
import com.iplatform.base.util.UserUtils;
import com.iplatform.core.PlatformConfiguration;
import com.iplatform.security.DefaultAuthenticationFailureHandler;
import com.iplatform.security.DefaultAuthenticationProvider;
import com.iplatform.security.DefaultLogoutSuccessHandler;
import com.iplatform.security.DefaultResourceLoaderProvider;
import com.iplatform.security.DefaultUserDetailsService;
import com.iplatform.security.FailedAuthenticationEntryPoint;
import com.iplatform.security.JwtAuthenticationTokenFilter;
import com.iplatform.security.callback.EncryptPasswordLoginCallback;
import com.iplatform.security.callback.MobilePassCaptchaLoginCallback;
import com.iplatform.security.callback.NoneCaptchaLoginCallback;
import com.iplatform.security.callback.SmsCodeLoginCallback;
import com.iplatform.security.callback.ThirdPartyLoginCallback;
import com.iplatform.security.callback.WechatLoginCallback;
import com.iplatform.security.event.RoleSecurityUpdateListener;
import com.iplatform.security.util.SecurityConfigUtils;
import com.walker.cache.CacheProvider;
import com.walker.infrastructure.utils.StringUtils;
import com.walker.security.SystemLogMan;
import com.walker.web.CaptchaProvider;
import com.walker.web.CaptchaResult;
import com.walker.web.TokenGenerator;
import com.walker.web.UserOnlineProvider;
import com.walker.web.security.DefaultAccessDecisionManager;
import com.walker.web.security.DefaultAccessDeniedHandler;
import com.walker.web.security.DefaultSecurityMetadataSource;
import com.walker.web.security.ResourceLoadProvider;
import com.walker.web.token.JwtTokenGenerator;
import jakarta.servlet.Filter;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

@Configuration
/* loaded from: input_file:BOOT-INF/lib/iplatform-base-security-3.2.0.jar:com/iplatform/security/config/WebSecurityConfig.class */
public class WebSecurityConfig extends PlatformConfiguration {
    private MenuCacheProvider menuCacheProvider;
    private UserServiceImpl userService;
    private UserOnlineProvider userOnlineProvider;
    private UserCacheProvider userCacheProvider;
    private UserLoginCache userLoginCache;

    @Autowired
    public WebSecurityConfig(MenuCacheProvider menuCacheProvider, UserServiceImpl userServiceImpl, UserOnlineProvider userOnlineProvider, UserCacheProvider userCacheProvider, UserLoginCache userLoginCache) {
        this.menuCacheProvider = menuCacheProvider;
        this.userService = userServiceImpl;
        this.userOnlineProvider = userOnlineProvider;
        this.userCacheProvider = userCacheProvider;
        SystemLogMan.getInstance().checkMan();
        this.userLoginCache = userLoginCache;
    }

    @Bean
    public SecurityProperties securityProperties() {
        return new SecurityProperties();
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        DefaultUserDetailsService userDetailsService = userDetailsService(securityProperties(), this.userCacheProvider);
        httpSecurity.userDetailsService((UserDetailsService) userDetailsService);
        httpSecurity.csrf(csrfConfigurer -> {
            csrfConfigurer.disable();
        });
        httpSecurity.headers(headersConfigurer -> {
            headersConfigurer.frameOptions(frameOptionsConfig -> {
                frameOptionsConfig.disable();
            });
        });
        httpSecurity.formLogin(formLoginConfigurer -> {
            formLoginConfigurer.disable();
        });
        httpSecurity.httpBasic(httpBasicConfigurer -> {
            httpBasicConfigurer.disable();
        });
        httpSecurity.exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(failedAuthenticationEntryPoint()).accessDeniedHandler(accessDeniedHandler());
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        });
        httpSecurity.logout(logoutConfigurer -> {
            logoutConfigurer.logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler()).permitAll();
        });
        List<String> anonymousList = securityProperties().getAnonymousList();
        if (!StringUtils.isEmptyList(anonymousList)) {
            httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
                authorizationManagerRequestMatcherRegistry.requestMatchers((String[]) anonymousList.toArray(new String[0])).permitAll();
            });
        }
        httpSecurity.authenticationProvider((AuthenticationProvider) authenticationProvider(userDetailsService, securityProperties()));
        httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry2 -> {
            authorizationManagerRequestMatcherRegistry2.anyRequest().authenticated();
        });
        httpSecurity.addFilterBefore((Filter) securityInterceptor(), FilterSecurityInterceptor.class);
        httpSecurity.addFilterBefore((Filter) jwtAuthenticationTokenFilter(userDetailsService), UsernamePasswordAuthenticationFilter.class);
        if (securityProperties().isCorsEnabled()) {
            httpSecurity.addFilterBefore((Filter) corsFilter(), JwtAuthenticationTokenFilter.class);
            httpSecurity.addFilterBefore((Filter) corsFilter(), LogoutFilter.class);
        } else {
            System.out.println("不添加跨域过滤器: ");
        }
        return httpSecurity.build();
    }

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

    @Bean
    public DefaultUserDetailsService userDetailsService(SecurityProperties securityProperties, UserCacheProvider userCacheProvider) {
        DefaultUserDetailsService defaultUserDetailsService = new DefaultUserDetailsService();
        defaultUserDetailsService.setUserService(this.userService);
        defaultUserDetailsService.setSecurityProperties(securityProperties);
        defaultUserDetailsService.setMenuCacheProvider(this.menuCacheProvider);
        System.out.println("create UserDetailsService = " + defaultUserDetailsService);
        userCacheProvider.putUser(UserUtils.createSupervisor(securityProperties.getSupervisorPassword()).getUserInfo());
        return defaultUserDetailsService;
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public AuthenticationEntryPoint failedAuthenticationEntryPoint() {
        return new FailedAuthenticationEntryPoint();
    }

    @Bean
    public AccessDeniedHandler accessDeniedHandler() {
        return new DefaultAccessDeniedHandler();
    }

    @Bean
    public AuthenticationFailureHandler authenticationFailureHandler() {
        return new DefaultAuthenticationFailureHandler();
    }

    @Bean
    public LogoutSuccessHandler logoutSuccessHandler() {
        DefaultLogoutSuccessHandler defaultLogoutSuccessHandler = new DefaultLogoutSuccessHandler();
        defaultLogoutSuccessHandler.setUserOnlineProvider(this.userOnlineProvider);
        defaultLogoutSuccessHandler.setTokenGenerator(tokenGenerator());
        defaultLogoutSuccessHandler.setUserLoginCache(this.userLoginCache);
        return defaultLogoutSuccessHandler;
    }

    @Bean
    public AccessDecisionManager accessDecisionManager() {
        return new DefaultAccessDecisionManager();
    }

    @Bean
    public DefaultSecurityMetadataSource securityMetadataSource(ResourceLoadProvider resourceLoadProvider) {
        DefaultSecurityMetadataSource defaultSecurityMetadataSource = new DefaultSecurityMetadataSource();
        defaultSecurityMetadataSource.setResourceLoaderProvider(resourceLoadProvider);
        return defaultSecurityMetadataSource;
    }

    @Bean
    public FilterSecurityInterceptor securityInterceptor() {
        FilterSecurityInterceptor filterSecurityInterceptor = new FilterSecurityInterceptor();
        filterSecurityInterceptor.setSecurityMetadataSource(securityMetadataSource(resourceLoadProvider()));
        filterSecurityInterceptor.setAccessDecisionManager(accessDecisionManager());
        this.logger.info("创建：FilterSecurityInterceptor");
        return filterSecurityInterceptor;
    }

    @Bean
    public JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter(DefaultUserDetailsService defaultUserDetailsService) {
        JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter = new JwtAuthenticationTokenFilter();
        jwtAuthenticationTokenFilter.setTokenGenerator(tokenGenerator());
        jwtAuthenticationTokenFilter.setUserOnlineProvider(this.userOnlineProvider);
        jwtAuthenticationTokenFilter.setDefaultUserDetailsService(defaultUserDetailsService);
        jwtAuthenticationTokenFilter.setSecurityProperties(securityProperties());
        return jwtAuthenticationTokenFilter;
    }

    @Bean
    public TokenGenerator tokenGenerator() {
        return new JwtTokenGenerator();
    }

    @Bean
    public WechatLoginCallback wechatLoginCallback(PasswordEncoder passwordEncoder, TokenGenerator tokenGenerator) {
        WechatLoginCallback wechatLoginCallback = new WechatLoginCallback();
        wechatLoginCallback.setTokenGenerator(tokenGenerator);
        wechatLoginCallback.setPasswordEncoder(passwordEncoder);
        wechatLoginCallback.setCaptchaProvider(new NoneCaptchaProvider());
        return wechatLoginCallback;
    }

    @Bean
    public ThirdPartyLoginCallback thirdPartyLoginCallback(PasswordEncoder passwordEncoder, TokenGenerator tokenGenerator) {
        ThirdPartyLoginCallback thirdPartyLoginCallback = new ThirdPartyLoginCallback();
        thirdPartyLoginCallback.setTokenGenerator(tokenGenerator);
        thirdPartyLoginCallback.setPasswordEncoder(passwordEncoder);
        thirdPartyLoginCallback.setCaptchaProvider(new ThirdPartyCaptchaProvider());
        return thirdPartyLoginCallback;
    }

    @Bean
    public MobilePassCaptchaLoginCallback mobilePassCaptchaLoginCallback(PasswordEncoder passwordEncoder, TokenGenerator tokenGenerator, SecurityProperties securityProperties, CaptchaProvider<CaptchaResult> captchaProvider, CaptchaProvider<CaptchaResult> captchaProvider2, JigsawCaptchaProvider jigsawCaptchaProvider) {
        MobilePassCaptchaLoginCallback mobilePassCaptchaLoginCallback = new MobilePassCaptchaLoginCallback();
        mobilePassCaptchaLoginCallback.setTokenGenerator(tokenGenerator);
        mobilePassCaptchaLoginCallback.setPasswordEncoder(passwordEncoder);
        mobilePassCaptchaLoginCallback.setCaptchaProvider(SecurityConfigUtils.findCaptchaProvider(securityProperties.getLoginCaptchaUserPass(), captchaProvider, captchaProvider2, jigsawCaptchaProvider));
        return mobilePassCaptchaLoginCallback;
    }

    @Bean
    public NoneCaptchaLoginCallback noneCaptchaPasswordLoginCallback(PasswordEncoder passwordEncoder, TokenGenerator tokenGenerator) {
        NoneCaptchaLoginCallback noneCaptchaLoginCallback = new NoneCaptchaLoginCallback();
        noneCaptchaLoginCallback.setTokenGenerator(tokenGenerator);
        noneCaptchaLoginCallback.setPasswordEncoder(passwordEncoder);
        noneCaptchaLoginCallback.setCaptchaProvider(new NoneCaptchaProvider());
        return noneCaptchaLoginCallback;
    }

    @Bean
    public EncryptPasswordLoginCallback captchaPasswordLoginCallback(TokenGenerator tokenGenerator, PasswordEncoder passwordEncoder, SecurityProperties securityProperties, CaptchaProvider<CaptchaResult> captchaProvider, CaptchaProvider<CaptchaResult> captchaProvider2, JigsawCaptchaProvider jigsawCaptchaProvider) {
        EncryptPasswordLoginCallback encryptPasswordLoginCallback = new EncryptPasswordLoginCallback();
        encryptPasswordLoginCallback.setTokenGenerator(tokenGenerator);
        encryptPasswordLoginCallback.setUserOnlineProvider(this.userOnlineProvider);
        encryptPasswordLoginCallback.setUserService(this.userService);
        encryptPasswordLoginCallback.setPasswordEncoder(passwordEncoder);
        encryptPasswordLoginCallback.setCaptchaProvider(SecurityConfigUtils.findCaptchaProvider(securityProperties.getLoginCaptchaUserPass(), captchaProvider, captchaProvider2, jigsawCaptchaProvider));
        return encryptPasswordLoginCallback;
    }

    @Bean
    public SmsCodeLoginCallback smsCodeLoginCallback(TokenGenerator tokenGenerator, CacheProvider<String> cacheProvider, SecurityProperties securityProperties, CaptchaProvider<CaptchaResult> captchaProvider, CaptchaProvider<CaptchaResult> captchaProvider2, JigsawCaptchaProvider jigsawCaptchaProvider) {
        SmsCodeLoginCallback smsCodeLoginCallback = new SmsCodeLoginCallback();
        smsCodeLoginCallback.setTokenGenerator(tokenGenerator);
        smsCodeLoginCallback.setUserOnlineProvider(this.userOnlineProvider);
        smsCodeLoginCallback.setUserService(this.userService);
        smsCodeLoginCallback.setCaptchaCacheProvider(cacheProvider);
        smsCodeLoginCallback.setCaptchaProvider(SecurityConfigUtils.findCaptchaProvider(securityProperties.getLoginCaptchaSmsCode(), captchaProvider, captchaProvider2, jigsawCaptchaProvider));
        return smsCodeLoginCallback;
    }

    @Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        if (!securityProperties().isCorsEnabled()) {
            return new CorsFilter(urlBasedCorsConfigurationSource);
        }
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", buildConfig());
        System.out.println("配置跨域过滤器，this.securityProperties().isCorsEnabled() = true");
        return new CorsFilter(urlBasedCorsConfigurationSource);
    }

    private CorsConfiguration buildConfig() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.addAllowedOrigin("*");
        corsConfiguration.addAllowedHeader("*");
        corsConfiguration.addAllowedMethod("*");
        corsConfiguration.addExposedHeader("*");
        return corsConfiguration;
    }

    @Bean
    public DefaultAuthenticationProvider authenticationProvider(UserDetailsService userDetailsService, SecurityProperties securityProperties) {
        DefaultAuthenticationProvider defaultAuthenticationProvider = new DefaultAuthenticationProvider();
        defaultAuthenticationProvider.setUserDetailsService(userDetailsService);
        System.out.println("isAllowPcUserAccessApp = " + securityProperties.isAllowPcUserAccessApp());
        defaultAuthenticationProvider.setAllowPcUserAccessApp(securityProperties.isAllowPcUserAccessApp());
        defaultAuthenticationProvider.setHideUserNotFoundExceptions(false);
        return defaultAuthenticationProvider;
    }

    @Bean
    public ResourceLoadProvider resourceLoadProvider() {
        DefaultResourceLoaderProvider defaultResourceLoaderProvider = new DefaultResourceLoaderProvider();
        defaultResourceLoaderProvider.setMenuCacheProvider(this.menuCacheProvider);
        defaultResourceLoaderProvider.setPermitAccessUrls(securityProperties().getPermitList());
        defaultResourceLoaderProvider.setAnonymousUrlList(securityProperties().getAnonymousList());
        defaultResourceLoaderProvider.loadResource();
        return defaultResourceLoaderProvider;
    }

    @Bean
    public RoleSecurityUpdateListener roleSecurityUpdateListener(ResourceLoadProvider resourceLoadProvider) {
        RoleSecurityUpdateListener roleSecurityUpdateListener = new RoleSecurityUpdateListener();
        roleSecurityUpdateListener.setResourceLoaderProvider(resourceLoadProvider);
        return roleSecurityUpdateListener;
    }
}
