package cc.chensoul.rose.security.config;

import cc.chensoul.rose.security.SecurityProperties;
import cc.chensoul.rose.security.rest.filter.RestAccessProcessingFilter;
import cc.chensoul.rose.security.rest.filter.RestLoginProcessingFilter;
import cc.chensoul.rose.security.rest.filter.RestRefreshProcessingFilter;
import cc.chensoul.rose.security.support.IpAuthenticationDetailSource;
import cc.chensoul.rose.security.util.SkipPathRequestMatcher;
import java.util.Collection;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.security.PermitAll;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.AutoConfigureOrder;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;

@AutoConfiguration
@AutoConfigureOrder(-1)
@EnableMethodSecurity(securedEnabled = true, prePostEnabled = true)
/* loaded from: input_file:cc/chensoul/rose/security/config/WebSecurityConfig.class */
public class WebSecurityConfig {
    private final ApplicationContext applicationContext;
    private final AccessDeniedHandler accessDeniedHandler;
    private final SecurityProperties securityProperties;
    private final AuthenticationSuccessHandler restAuthenticationSuccessHandler;
    private final AuthenticationFailureHandler restAuthenticationFailureHandler;
    private final AuthenticationManager authenticationManager;

    @Bean
    protected SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.cors(Customizer.withDefaults()).csrf((v0) -> {
            v0.disable();
        }).sessionManagement(sessionManagementConfigurer -> {
            sessionManagementConfigurer.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        }).headers(headersConfigurer -> {
            headersConfigurer.frameOptions((v0) -> {
                v0.disable();
            });
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.accessDeniedHandler(this.accessDeniedHandler);
        });
        Set<String> permitUrlsFromAnnotation = getPermitUrlsFromAnnotation();
        httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.antMatchers(HttpMethod.GET, new String[]{"/*.html", "/*.css", "/*.js"})).permitAll().antMatchers(SecurityProperties.DEFAULT_PATH_TO_SKIP)).permitAll().antMatchers((String[]) permitUrlsFromAnnotation.toArray(new String[0]))).permitAll().antMatchers((String[]) this.securityProperties.getPathsToSkip().toArray(new String[0]))).permitAll().antMatchers(new String[]{this.securityProperties.getBaseUrl()})).authenticated();
        });
        httpSecurity.addFilterBefore(restLoginProcessingFilter(), UsernamePasswordAuthenticationFilter.class).addFilterBefore(restAccessTokenProcessingFilter(), UsernamePasswordAuthenticationFilter.class).addFilterBefore(restRefreshProcessingFilter(), UsernamePasswordAuthenticationFilter.class);
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Bean
    protected RestLoginProcessingFilter restLoginProcessingFilter() throws Exception {
        RestLoginProcessingFilter restLoginProcessingFilter = new RestLoginProcessingFilter(this.securityProperties.getLoginUrl(), this.restAuthenticationSuccessHandler, this.restAuthenticationFailureHandler);
        restLoginProcessingFilter.setAuthenticationManager(this.authenticationManager);
        restLoginProcessingFilter.setAuthenticationDetailsSource(new IpAuthenticationDetailSource());
        return restLoginProcessingFilter;
    }

    @Bean
    protected RestAccessProcessingFilter restAccessTokenProcessingFilter() throws Exception {
        RestAccessProcessingFilter restAccessProcessingFilter = new RestAccessProcessingFilter(new SkipPathRequestMatcher(this.securityProperties.getPathsToSkip(), this.securityProperties.getBaseUrl()), this.restAuthenticationFailureHandler);
        restAccessProcessingFilter.setAuthenticationManager(this.authenticationManager);
        restAccessProcessingFilter.setAuthenticationDetailsSource(new IpAuthenticationDetailSource());
        return restAccessProcessingFilter;
    }

    protected RestRefreshProcessingFilter restRefreshProcessingFilter() throws Exception {
        RestRefreshProcessingFilter restRefreshProcessingFilter = new RestRefreshProcessingFilter(this.securityProperties.getTokenRefreshUrl(), this.restAuthenticationSuccessHandler, this.restAuthenticationFailureHandler);
        restRefreshProcessingFilter.setAuthenticationManager(this.authenticationManager);
        return restRefreshProcessingFilter;
    }

    private Set<String> getPermitUrlsFromAnnotation() {
        RequestMappingHandlerMapping requestMappingHandlerMapping = (RequestMappingHandlerMapping) this.applicationContext.getBean("requestMappingHandlerMapping");
        HashSet hashSet = new HashSet();
        for (Map.Entry entry : requestMappingHandlerMapping.getHandlerMethods().entrySet()) {
            if (((HandlerMethod) entry.getValue()).hasMethodAnnotation(PermitAll.class)) {
                HashSet hashSet2 = new HashSet();
                if (((RequestMappingInfo) entry.getKey()).getPatternsCondition() != null) {
                    hashSet2.addAll(((RequestMappingInfo) entry.getKey()).getPatternsCondition().getPatterns());
                }
                if (((RequestMappingInfo) entry.getKey()).getPathPatternsCondition() != null) {
                    hashSet2.addAll((Collection) ((RequestMappingInfo) entry.getKey()).getPathPatternsCondition().getPatterns().stream().map((v0) -> {
                        return v0.getPatternString();
                    }).collect(Collectors.toList()));
                }
                hashSet.addAll(hashSet2);
            }
        }
        return hashSet;
    }

    public WebSecurityConfig(ApplicationContext applicationContext, AccessDeniedHandler accessDeniedHandler, SecurityProperties securityProperties, AuthenticationSuccessHandler authenticationSuccessHandler, AuthenticationFailureHandler authenticationFailureHandler, AuthenticationManager authenticationManager) {
        this.applicationContext = applicationContext;
        this.accessDeniedHandler = accessDeniedHandler;
        this.securityProperties = securityProperties;
        this.restAuthenticationSuccessHandler = authenticationSuccessHandler;
        this.restAuthenticationFailureHandler = authenticationFailureHandler;
        this.authenticationManager = authenticationManager;
    }
}
