package io.github.cocoa.framework.security.config;

import cn.hutool.core.collection.CollUtil;
import com.google.common.collect.HashMultimap;
import com.google.common.collect.Multimap;
import io.github.cocoa.framework.security.core.filter.TokenAuthenticationFilter;
import io.github.cocoa.framework.web.config.WebProperties;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Resource;
import javax.annotation.security.PermitAll;
import javax.servlet.Filter;
import org.springdoc.core.Constants;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;

@AutoConfiguration
@EnableGlobalMethodSecurity(prePostEnabled = true, securedEnabled = true)
/* loaded from: input_file:BOOT-INF/lib/cocoa-spring-boot-starter-security-1.8.0-SNAPSHOT.jar:io/github/cocoa/framework/security/config/CocoaWebSecurityConfigurerAdapter.class */
public class CocoaWebSecurityConfigurerAdapter {

    @Resource
    private WebProperties webProperties;

    @Resource
    private SecurityProperties securityProperties;

    @Resource
    private AuthenticationEntryPoint authenticationEntryPoint;

    @Resource
    private AccessDeniedHandler accessDeniedHandler;

    @Resource
    private TokenAuthenticationFilter authenticationTokenFilter;

    @Resource
    private List<AuthorizeRequestsCustomizer> authorizeRequestsCustomizers;

    @Resource
    private ApplicationContext applicationContext;

    @Bean
    public AuthenticationManager authenticationManagerBean(AuthenticationConfiguration authenticationConfiguration) throws Exception {
        return authenticationConfiguration.getAuthenticationManager();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Bean
    protected SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.cors().and()).csrf().disable()).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()).headers().frameOptions().disable().and()).exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint).accessDeniedHandler(this.accessDeniedHandler);
        Multimap<HttpMethod, String> permitAllUrlsFromAnnotations = getPermitAllUrlsFromAnnotations();
        ((HttpSecurity) httpSecurity.authorizeRequests().antMatchers(HttpMethod.GET, "/*.html", "/**/*.html", "/**/*.css", "/**/*.js").permitAll().antMatchers(HttpMethod.GET, (String[]) permitAllUrlsFromAnnotations.get(HttpMethod.GET).toArray(new String[0])).permitAll().antMatchers(HttpMethod.POST, (String[]) permitAllUrlsFromAnnotations.get(HttpMethod.POST).toArray(new String[0])).permitAll().antMatchers(HttpMethod.PUT, (String[]) permitAllUrlsFromAnnotations.get(HttpMethod.PUT).toArray(new String[0])).permitAll().antMatchers(HttpMethod.DELETE, (String[]) permitAllUrlsFromAnnotations.get(HttpMethod.DELETE).toArray(new String[0])).permitAll().antMatchers((String[]) this.securityProperties.getPermitAllUrls().toArray(new String[0])).permitAll().antMatchers(buildAppApi(Constants.ALL_PATTERN)).permitAll().and()).authorizeRequests(expressionInterceptUrlRegistry -> {
            this.authorizeRequestsCustomizers.forEach(authorizeRequestsCustomizer -> {
                authorizeRequestsCustomizer.customize(expressionInterceptUrlRegistry);
            });
        }).authorizeRequests().anyRequest().authenticated();
        httpSecurity.addFilterBefore((Filter) this.authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
        return httpSecurity.build();
    }

    private String buildAppApi(String str) {
        return this.webProperties.getAppApi().getPrefix() + str;
    }

    private Multimap<HttpMethod, String> getPermitAllUrlsFromAnnotations() {
        HashMultimap create = HashMultimap.create();
        for (Map.Entry<RequestMappingInfo, HandlerMethod> entry : ((RequestMappingHandlerMapping) this.applicationContext.getBean("requestMappingHandlerMapping")).getHandlerMethods().entrySet()) {
            if (entry.getValue().hasMethodAnnotation(PermitAll.class) && entry.getKey().getPatternsCondition() != null) {
                Set<String> patterns = entry.getKey().getPatternsCondition().getPatterns();
                Set<RequestMethod> methods = entry.getKey().getMethodsCondition().getMethods();
                if (CollUtil.isEmpty((Collection<?>) methods)) {
                    create.putAll(HttpMethod.GET, patterns);
                    create.putAll(HttpMethod.POST, patterns);
                    create.putAll(HttpMethod.PUT, patterns);
                    create.putAll(HttpMethod.DELETE, patterns);
                } else {
                    methods.forEach(requestMethod -> {
                        switch (requestMethod) {
                            case GET:
                                create.putAll(HttpMethod.GET, patterns);
                                return;
                            case POST:
                                create.putAll(HttpMethod.POST, patterns);
                                return;
                            case PUT:
                                create.putAll(HttpMethod.PUT, patterns);
                                return;
                            case DELETE:
                                create.putAll(HttpMethod.DELETE, patterns);
                                return;
                            default:
                                return;
                        }
                    });
                }
            }
        }
        return create;
    }
}
