package cc.chensoul.rose.security.config;

import cc.chensoul.rose.security.SecurityProperties;
import cc.chensoul.rose.security.rest.handler.RestAccessDeniedHandler;
import cc.chensoul.rose.security.rest.handler.RestAuthenticationFailureHandler;
import cc.chensoul.rose.security.rest.handler.RestAuthenticationSuccessHandler;
import cc.chensoul.rose.security.rest.mfa.MfaAuthController;
import cc.chensoul.rose.security.rest.mfa.MfaProperties;
import cc.chensoul.rose.security.rest.provider.RestAccessAuthenticationProvider;
import cc.chensoul.rose.security.rest.provider.RestLoginAuthenticationProvider;
import cc.chensoul.rose.security.rest.provider.RestRefreshAuthenticationProvider;
import cc.chensoul.rose.security.support.JwtTokenFactory;
import cc.chensoul.rose.security.support.RestTokenFactory;
import cc.chensoul.rose.security.support.TokenFactory;
import cc.chensoul.rose.security.support.TransmittableSecurityContextHolderStrategy;
import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.core.annotation.Order;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

@EnableConfigurationProperties({SecurityProperties.class, MfaProperties.class})
@AutoConfiguration
@EnableWebSecurity
@Import({TokenFactoryConfig.class})
@Order(2147483642)
/* loaded from: input_file:cc/chensoul/rose/security/config/SecurityConfig.class */
public class SecurityConfig {
    private final MfaProperties mfaProperties;
    private final UserDetailsService userDetailsService;
    private final ObjectPostProcessor<Object> objectPostProcessor;

    @ConditionalOnProperty(prefix = "security.jwt.mfa", value = {"enabled"}, havingValue = "true")
    @ComponentScan(basePackageClasses = {MfaAuthController.class})
    /* loaded from: input_file:cc/chensoul/rose/security/config/SecurityConfig$MfaConfig.class */
    public class MfaConfig {
        public MfaConfig() {
        }
    }

    @Configuration
    /* loaded from: input_file:cc/chensoul/rose/security/config/SecurityConfig$TokenFactoryConfig.class */
    public static class TokenFactoryConfig {
        private final RedisTemplate<String, Object> redisTemplate;
        private final SecurityProperties securityProperties;

        @Bean
        public TokenFactory tokenFactory() {
            return this.securityProperties.getJwt().isEnabled() ? new JwtTokenFactory(this.redisTemplate, this.securityProperties) : new RestTokenFactory(this.redisTemplate, this.securityProperties);
        }

        public TokenFactoryConfig(RedisTemplate<String, Object> redisTemplate, SecurityProperties securityProperties) {
            this.redisTemplate = redisTemplate;
            this.securityProperties = securityProperties;
        }
    }

    @Bean
    public AuthenticationManager authenticationManager(TokenFactory tokenFactory) throws Exception {
        AuthenticationManagerBuilder authenticationManagerBuilder = new AuthenticationManagerBuilder(this.objectPostProcessor);
        authenticationManagerBuilder.authenticationEventPublisher((DefaultAuthenticationEventPublisher) this.objectPostProcessor.postProcess(new DefaultAuthenticationEventPublisher()));
        authenticationManagerBuilder.authenticationProvider(new RestLoginAuthenticationProvider(this.userDetailsService, passwordEncoder(), this.mfaProperties));
        authenticationManagerBuilder.authenticationProvider(new RestAccessAuthenticationProvider(tokenFactory));
        authenticationManagerBuilder.authenticationProvider(new RestRefreshAuthenticationProvider(this.userDetailsService, tokenFactory));
        return (AuthenticationManager) authenticationManagerBuilder.build();
    }

    @ConditionalOnMissingBean
    @Bean
    public PasswordEncoder passwordEncoder() {
        return PasswordEncoderFactories.createDelegatingPasswordEncoder();
    }

    @Bean({"restAuthenticationSuccessHandler"})
    public AuthenticationSuccessHandler restAuthenticationSuccessHandler(TokenFactory tokenFactory) {
        return new RestAuthenticationSuccessHandler(tokenFactory);
    }

    @Bean({"restAuthenticationFailureHandler"})
    public AuthenticationFailureHandler restAuthenticationFailureHandler() {
        return new RestAuthenticationFailureHandler();
    }

    @Bean
    public AccessDeniedHandler accessDeniedHandler() {
        return new RestAccessDeniedHandler();
    }

    @Bean
    public MethodInvokingFactoryBean securityContextHolderMethodInvokingFactoryBean() {
        MethodInvokingFactoryBean methodInvokingFactoryBean = new MethodInvokingFactoryBean();
        methodInvokingFactoryBean.setTargetClass(SecurityContextHolder.class);
        methodInvokingFactoryBean.setTargetMethod("setStrategyName");
        methodInvokingFactoryBean.setArguments(new Object[]{TransmittableSecurityContextHolderStrategy.class.getName()});
        return methodInvokingFactoryBean;
    }

    public SecurityConfig(MfaProperties mfaProperties, UserDetailsService userDetailsService, ObjectPostProcessor<Object> objectPostProcessor) {
        this.mfaProperties = mfaProperties;
        this.userDetailsService = userDetailsService;
        this.objectPostProcessor = objectPostProcessor;
    }
}
