package xyz.seansun.rambutan.autoconfig.wxmp.security;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.nio.charset.StandardCharsets;
import java.util.List;
import javax.servlet.Filter;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import me.chanjar.weixin.mp.api.WxMpService;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils;
import org.springframework.web.filter.CharacterEncodingFilter;
import xyz.seansun.rambutan.entrypoint.RambutanAuthenticationEntryPoint;
import xyz.seansun.rambutan.filter.RumbutanCodeAuthenticationFilter;
import xyz.seansun.rambutan.filter.RumbutanOpenIdAuthenticationFilter;
import xyz.seansun.rambutan.handler.RumbutanAccessDeniedHandler;
import xyz.seansun.rambutan.handler.RumbutanAuthenticationFailureHandler;
import xyz.seansun.rambutan.handler.RumbutanOauthCodeSuccessHandler;
import xyz.seansun.rambutan.handler.RumbutanOpenIdSuccessHandler;
import xyz.seansun.rambutan.properties.WxMpProp;
import xyz.seansun.rambutan.provider.RumbutanAuthenticationProvider;
import xyz.seansun.rambutan.provider.RumbutanOpenIdAuthenticationProvider;

/* compiled from: WxMpSecurityConfig.kt */
@Configuration
@ConditionalOnBean({ObjectMapper.class})
@Metadata(mv = {1, 1, 15}, bv = {1, 0, 3}, k = 1, d1 = {"��V\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\b\u0017\u0018��2\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\b\u0010\u0018\u001a\u00020\u0019H\u0017J\b\u0010\u001a\u001a\u00020\u001bH\u0017J\b\u0010\u001c\u001a\u00020\u001dH\u0017J\u0010\u0010\u001e\u001a\u00020\u001f2\u0006\u0010 \u001a\u00020!H\u0016J\b\u0010\"\u001a\u00020#H\u0017J\b\u0010$\u001a\u00020%H\u0017R\u0016\u0010\u0003\u001a\n \u0005*\u0004\u0018\u00010\u00040\u0004X\u0092\u0004¢\u0006\u0002\n��R\u001e\u0010\u0006\u001a\u00020\u00078\u0016@\u0016X\u0097.¢\u0006\u000e\n��\u001a\u0004\b\b\u0010\t\"\u0004\b\n\u0010\u000bR\u001e\u0010\f\u001a\u00020\r8\u0016@\u0016X\u0097.¢\u0006\u000e\n��\u001a\u0004\b\u000e\u0010\u000f\"\u0004\b\u0010\u0010\u0011R\u001e\u0010\u0012\u001a\u00020\u00138\u0016@\u0016X\u0097.¢\u0006\u000e\n��\u001a\u0004\b\u0014\u0010\u0015\"\u0004\b\u0016\u0010\u0017¨\u0006&"}, d2 = {"Lxyz/seansun/rambutan/autoconfig/wxmp/security/WxMpSecurityConfig;", "Lorg/springframework/security/config/annotation/web/configuration/WebSecurityConfigurerAdapter;", "()V", "log", "Lorg/slf4j/Logger;", "kotlin.jvm.PlatformType", "objectMapper", "Lcom/fasterxml/jackson/databind/ObjectMapper;", "getObjectMapper", "()Lcom/fasterxml/jackson/databind/ObjectMapper;", "setObjectMapper", "(Lcom/fasterxml/jackson/databind/ObjectMapper;)V", "wxMpProp", "Lxyz/seansun/rambutan/properties/WxMpProp;", "getWxMpProp", "()Lxyz/seansun/rambutan/properties/WxMpProp;", "setWxMpProp", "(Lxyz/seansun/rambutan/properties/WxMpProp;)V", "wxMpService", "Lme/chanjar/weixin/mp/api/WxMpService;", "getWxMpService", "()Lme/chanjar/weixin/mp/api/WxMpService;", "setWxMpService", "(Lme/chanjar/weixin/mp/api/WxMpService;)V", "accessDeniedHandler", "Lorg/springframework/security/web/access/AccessDeniedHandler;", "authenticationEntryPoint", "Lorg/springframework/security/web/AuthenticationEntryPoint;", "authenticationFailureHandler", "Lorg/springframework/security/web/authentication/AuthenticationFailureHandler;", "configure", "", "http", "Lorg/springframework/security/config/annotation/web/builders/HttpSecurity;", "rumbutanOauthCodeSuccessHandler", "Lxyz/seansun/rambutan/handler/RumbutanOauthCodeSuccessHandler;", "rumbutanOpenIdSuccessHandler", "Lxyz/seansun/rambutan/handler/RumbutanOpenIdSuccessHandler;", "rambutan-autoconfig"})
/* loaded from: input_file:xyz/seansun/rambutan/autoconfig/wxmp/security/WxMpSecurityConfig.class */
public class WxMpSecurityConfig extends WebSecurityConfigurerAdapter {
    private final Logger log = LoggerFactory.getLogger(getClass());

    @Autowired
    @NotNull
    public WxMpProp wxMpProp;

    @Autowired
    @NotNull
    public WxMpService wxMpService;

    @Autowired
    @NotNull
    public ObjectMapper objectMapper;

    @NotNull
    public WxMpProp getWxMpProp() {
        WxMpProp wxMpProp = this.wxMpProp;
        if (wxMpProp == null) {
            Intrinsics.throwUninitializedPropertyAccessException("wxMpProp");
        }
        return wxMpProp;
    }

    public void setWxMpProp(@NotNull WxMpProp wxMpProp) {
        Intrinsics.checkParameterIsNotNull(wxMpProp, "<set-?>");
        this.wxMpProp = wxMpProp;
    }

    @NotNull
    public WxMpService getWxMpService() {
        WxMpService wxMpService = this.wxMpService;
        if (wxMpService == null) {
            Intrinsics.throwUninitializedPropertyAccessException("wxMpService");
        }
        return wxMpService;
    }

    public void setWxMpService(@NotNull WxMpService wxMpService) {
        Intrinsics.checkParameterIsNotNull(wxMpService, "<set-?>");
        this.wxMpService = wxMpService;
    }

    @NotNull
    public ObjectMapper getObjectMapper() {
        ObjectMapper objectMapper = this.objectMapper;
        if (objectMapper == null) {
            Intrinsics.throwUninitializedPropertyAccessException("objectMapper");
        }
        return objectMapper;
    }

    public void setObjectMapper(@NotNull ObjectMapper objectMapper) {
        Intrinsics.checkParameterIsNotNull(objectMapper, "<set-?>");
        this.objectMapper = objectMapper;
    }

    @ConditionalOnMissingBean({AuthenticationFailureHandler.class})
    @Bean
    @NotNull
    public AuthenticationFailureHandler authenticationFailureHandler() {
        this.log.debug("initialing authenticationFailureHandler");
        return new RumbutanAuthenticationFailureHandler();
    }

    @ConditionalOnMissingBean({AccessDeniedHandler.class})
    @Bean
    @NotNull
    public AccessDeniedHandler accessDeniedHandler() {
        this.log.debug("initialing accessDeniedHandler");
        return new RumbutanAccessDeniedHandler();
    }

    @ConditionalOnMissingBean({AuthenticationEntryPoint.class})
    @Bean
    @NotNull
    public AuthenticationEntryPoint authenticationEntryPoint() {
        this.log.debug("initialing authenticationEntryPoint");
        return new RambutanAuthenticationEntryPoint();
    }

    @NotNull
    @ConditionalOnMissingBean({RumbutanOpenIdSuccessHandler.class})
    @ConditionalOnProperty(prefix = "wechat.mp.authentication", name = {"enable-open-id-login"})
    @Bean
    public RumbutanOpenIdSuccessHandler rumbutanOpenIdSuccessHandler() {
        this.log.debug("initialing OpenIdSuccessHandler");
        return new RumbutanOpenIdSuccessHandler(getObjectMapper());
    }

    @ConditionalOnMissingBean({RumbutanOauthCodeSuccessHandler.class})
    @Bean
    @NotNull
    public RumbutanOauthCodeSuccessHandler rumbutanOauthCodeSuccessHandler() {
        this.log.debug("initialing RumbutanOauthCodeSuccessHandler");
        return new RumbutanOauthCodeSuccessHandler();
    }

    public void configure(@NotNull HttpSecurity httpSecurity) throws Exception {
        RumbutanCodeAuthenticationFilter rumbutanCodeAuthenticationFilter;
        Intrinsics.checkParameterIsNotNull(httpSecurity, "http");
        this.log.info("configuring spring security");
        httpSecurity.logout().disable().httpBasic().disable().formLogin().disable().exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).accessDeniedHandler(accessDeniedHandler());
        if (getWxMpProp().getAuthentication().getEnable()) {
            Filter characterEncodingFilter = new CharacterEncodingFilter();
            characterEncodingFilter.setEncoding(StandardCharsets.UTF_8.name());
            characterEncodingFilter.setForceEncoding(true);
            httpSecurity.addFilterBefore(characterEncodingFilter, CsrfFilter.class);
            List loginPaths = getWxMpProp().getAuthentication().getLoginPaths();
            if (!(loginPaths == null || loginPaths.isEmpty())) {
                List<WxMpProp.AuthorizedRequest> loginPaths2 = getWxMpProp().getAuthentication().getLoginPaths();
                if (loginPaths2 == null) {
                    Intrinsics.throwNpe();
                }
                for (WxMpProp.AuthorizedRequest authorizedRequest : loginPaths2) {
                    if (ObjectUtils.isEmpty(authorizedRequest.getMethod())) {
                        rumbutanCodeAuthenticationFilter = new RumbutanCodeAuthenticationFilter(authorizedRequest.getUrl());
                    } else {
                        String url = authorizedRequest.getUrl();
                        HttpMethod method = authorizedRequest.getMethod();
                        if (method == null) {
                            Intrinsics.throwNpe();
                        }
                        rumbutanCodeAuthenticationFilter = new RumbutanCodeAuthenticationFilter(url, method.name());
                    }
                    RumbutanCodeAuthenticationFilter rumbutanCodeAuthenticationFilter2 = rumbutanCodeAuthenticationFilter;
                    rumbutanCodeAuthenticationFilter2.setAuthenticationManager(authenticationManagerBean());
                    rumbutanCodeAuthenticationFilter2.setAuthenticationFailureHandler(authenticationFailureHandler());
                    rumbutanCodeAuthenticationFilter2.setAuthenticationSuccessHandler(rumbutanOauthCodeSuccessHandler());
                    httpSecurity.authenticationProvider(new RumbutanAuthenticationProvider(getWxMpService())).addFilterBefore((Filter) rumbutanCodeAuthenticationFilter2, UsernamePasswordAuthenticationFilter.class);
                    this.log.info("adding wechat work login filter to mvc context and listed paths could do login action :\n" + authorizedRequest);
                }
            }
            if (getWxMpProp().getAuthentication().getEnableOpenIdLogin()) {
                Assert.notNull(getWxMpProp().getAuthentication().getOpenIdLoginPath(), "伪造路径为空的情况下不能启用伪造用户相关接口");
                Filter rumbutanOpenIdAuthenticationFilter = new RumbutanOpenIdAuthenticationFilter(getWxMpProp().getAuthentication().getOpenIdLoginPath());
                rumbutanOpenIdAuthenticationFilter.setAuthenticationManager(authenticationManagerBean());
                rumbutanOpenIdAuthenticationFilter.setAuthenticationFailureHandler(authenticationFailureHandler());
                rumbutanOpenIdAuthenticationFilter.setAuthenticationSuccessHandler(rumbutanOpenIdSuccessHandler());
                httpSecurity.authenticationProvider(new RumbutanOpenIdAuthenticationProvider(getWxMpService())).addFilterBefore(rumbutanOpenIdAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);
                this.log.info("faker login filter to mvc context enable, following path allow user faker user :" + getWxMpProp().getAuthentication().getOpenIdLoginPath());
            }
            List authenticationExcludePaths = getWxMpProp().getAuthentication().getAuthenticationExcludePaths();
            if (!(authenticationExcludePaths == null || authenticationExcludePaths.isEmpty())) {
                List<WxMpProp.AuthorizedRequest> authenticationExcludePaths2 = getWxMpProp().getAuthentication().getAuthenticationExcludePaths();
                if (authenticationExcludePaths2 == null) {
                    Intrinsics.throwNpe();
                }
                for (WxMpProp.AuthorizedRequest authorizedRequest2 : authenticationExcludePaths2) {
                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(authorizedRequest2.getMethod(), new String[]{authorizedRequest2.getUrl()})).permitAll();
                }
                this.log.info("listed paths exclued from authentication \n" + getWxMpProp().getAuthentication().getAuthenticationExcludePaths());
            }
            if (!ObjectUtils.isEmpty(getWxMpProp().getAuthentication().getAuthenticationRequiredPaths())) {
                List<WxMpProp.AuthorizedRequest> authenticationRequiredPaths = getWxMpProp().getAuthentication().getAuthenticationRequiredPaths();
                if (authenticationRequiredPaths == null) {
                    Intrinsics.throwNpe();
                }
                for (WxMpProp.AuthorizedRequest authorizedRequest3 : authenticationRequiredPaths) {
                    ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(authorizedRequest3.getMethod(), new String[]{authorizedRequest3.getUrl()})).authenticated();
                }
                this.log.info("adding wechat work authentication filter to mvc context and listed paths need authentication \n" + getWxMpProp().getAuthentication().getAuthenticationRequiredPaths());
            }
        } else {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/**"})).permitAll();
        }
        if (getWxMpProp().getAuthentication().getEnable() && getWxMpProp().getAuthentication().getCsrfEnable()) {
            this.log.info("enable csrf cookie token");
            httpSecurity.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
        } else {
            httpSecurity.csrf().disable();
        }
    }
}
