package org.onetwo.ext.security.utils;

import com.google.common.collect.ImmutableSet;
import java.util.Set;
import org.onetwo.common.reflect.ReflectUtils;
import org.onetwo.common.utils.StringUtils;
import org.onetwo.ext.permission.api.annotation.FullyAuthenticated;
import org.onetwo.ext.security.matcher.MatcherUtils;
import org.onetwo.ext.security.matcher.MutipleRequestMatcher;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.FormLoginConfigurer;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:org/onetwo/ext/security/utils/SecurityUtils.class */
public final class SecurityUtils {
    private static final Set<String> KEYWORDS = ImmutableSet.of("permitAll", "authenticated", FullyAuthenticated.AUTH_CODE, "denyAll", "is", "has", new String[0]);
    public static final RequestMatcher READ_METHOD_MATCHER = new CommonReadMethodMatcher();

    /* loaded from: input_file:org/onetwo/ext/security/utils/SecurityUtils$SecurityErrors.class */
    public enum SecurityErrors {
        AUTH_FAILED("认证失败"),
        ACCESS_DENIED("未授权，访问拒绝"),
        CM_NOT_LOGIN("用户未认证！");

        private final String label;

        SecurityErrors(String str) {
            this.label = str;
        }

        public String getLabel() {
            return this.label;
        }
    }

    public static RequestMatcher checkCsrfIfRequestNotMatch(String... strArr) {
        return MatcherUtils.notMatcher(antPathsAndReadMethodMatcher(strArr));
    }

    public static RequestMatcher antPathsAndReadMethodMatcher(String... strArr) {
        MutipleRequestMatcher matchAntPaths = MatcherUtils.matchAntPaths(strArr);
        matchAntPaths.addMatchers(READ_METHOD_MATCHER);
        return matchAntPaths;
    }

    public static FormLoginConfigurer<HttpSecurity> hackFormLoginAuthFilter(FormLoginConfigurer<HttpSecurity> formLoginConfigurer, AbstractAuthenticationProcessingFilter abstractAuthenticationProcessingFilter) {
        ReflectUtils.getIntro(FormLoginConfigurer.class).setFieldValue(formLoginConfigurer, "authFilter", abstractAuthenticationProcessingFilter);
        return formLoginConfigurer;
    }

    public static String createSecurityExpression(String str) {
        if (isKeyword(str)) {
            return str;
        }
        StringBuilder sb = new StringBuilder("hasAuthority('");
        sb.append(str).append("')");
        return sb.toString();
    }

    protected static boolean isKeyword(String str) {
        String uncapitalize = StringUtils.uncapitalize(str);
        return KEYWORDS.stream().filter(str2 -> {
            return uncapitalize.startsWith(str2);
        }).findAny().isPresent();
    }

    public static GenericLoginUserDetails<?> getCurrentLoginUser() {
        return getCurrentLoginUser(SecurityContextHolder.getContext());
    }

    public static <T> T getCurrentLoginUser(Class<T> cls) {
        return cls.cast(getCurrentLoginUser());
    }

    public static GenericLoginUserDetails<?> getCurrentLoginUser(SecurityContext securityContext) {
        return getCurrentLoginUser(securityContext.getAuthentication());
    }

    public static GenericLoginUserDetails<?> getCurrentLoginUser(Authentication authentication) {
        if (authentication == null || AnonymousAuthenticationToken.class.isInstance(authentication)) {
            return null;
        }
        return (GenericLoginUserDetails) authentication.getPrincipal();
    }

    public static Runnable runInThread(Runnable runnable) {
        SecurityContext context = SecurityContextHolder.getContext();
        return () -> {
            SecurityContextHolder.setContext(context);
            try {
                runnable.run();
            } finally {
                SecurityContextHolder.clearContext();
            }
        };
    }
}
