package cronapp.framework.authentication.sso;

import cronapi.Var;
import cronapp.framework.api.ApiManager;
import cronapp.framework.api.EventsManager;
import cronapp.framework.authentication.AuthenticationUtil;
import cronapp.framework.authentication.security.CronappAnonymousAuthenticationFilter;
import cronapp.framework.authentication.security.Permission;
import cronapp.framework.authentication.token.AuthenticationTokenFilter;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.json.JSONObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.security.oauth2.OAuth2AutoConfiguration;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2SsoProperties;
import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor;
import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerTokenServicesConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.vote.UnanimousBased;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableOAuth2Client;
import org.springframework.security.oauth2.config.annotation.web.configuration.OAuth2ClientConfiguration;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;

@AutoConfigureBefore({OAuth2AutoConfiguration.class})
@EnableConfigurationProperties({OAuth2SsoProperties.class})
@Configuration
@EnableOAuth2Client
@Import({OAuth2ClientConfiguration.class, ResourceServerTokenServicesConfiguration.class})
/* loaded from: input_file:cronapp/framework/authentication/sso/AuthorizationConfigurer.class */
public class AuthorizationConfigurer extends WebSecurityConfigurerAdapter {

    @Autowired(required = false)
    private Permission permission;

    @Autowired
    private ApplicationContext applicationContext;

    @Autowired
    private List<AccessDecisionVoter<? extends Object>> decisionVoters;

    @Value("${security.oauth2.client.customPrincipalKey:#{null}}")
    private String customPrincipalKey;

    @Value("${security.oauth2.client.logoutUri:#{null}}")
    private String logoutUri;

    @Bean
    public AuthenticationTokenFilter authenticationTokenFilterBean() throws Exception {
        AuthenticationTokenFilter authenticationTokenFilter = new AuthenticationTokenFilter();
        authenticationTokenFilter.setAuthenticationManager(super.authenticationManagerBean());
        return authenticationTokenFilter;
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable();
        if (this.permission == null) {
            httpSecurity.anonymous().authenticationFilter(new CronappAnonymousAuthenticationFilter("anonymousAuthenticationFilterKey", "anonymousUser", ApiManager.getPublicAuthorities()));
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).denyAll().accessDecisionManager(new UnanimousBased(this.decisionVoters));
        } else {
            this.permission.loadSecurityPermission(httpSecurity);
            AuthenticationUtil.loadStaticSecurity(httpSecurity);
        }
        httpSecurity.exceptionHandling().authenticationEntryPoint(new Http403ForbiddenEntryPoint()).and().logout().logoutSuccessHandler(logoutHandler()).deleteCookies(new String[]{"_u"}).and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        httpSecurity.headers().cacheControl().disable().frameOptions().disable().httpStrictTransportSecurity().disable();
        new SsoSecurityConfigurer(this.applicationContext).configure(httpSecurity);
        httpSecurity.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
    }

    @Bean
    public OAuth2RestTemplate oauth2RestTemplate(OAuth2ClientContext oAuth2ClientContext, OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) {
        return new OAuth2RestTemplate(oAuth2ProtectedResourceDetails, oAuth2ClientContext);
    }

    @Bean
    public PrincipalExtractor customPrincipalExtractor() {
        System.setProperty("security.oauth2.client.customPrincipalKey", (String) StringUtils.defaultIfBlank(this.customPrincipalKey, ""));
        return new CustomPrincipalExtractor();
    }

    private LogoutSuccessHandler logoutHandler() {
        return (httpServletRequest, httpServletResponse, authentication) -> {
            if (EventsManager.hasEvent("onLogout") && authentication != null && authentication.getName() != null) {
                EventsManager.executeEventOnTransaction("onLogout", Var.valueOf("username", authentication.getName()));
            }
            String uriString = ServletUriComponentsBuilder.fromRequestUri(httpServletRequest).replacePath((String) null).build().toUriString();
            if (StringUtils.isNotBlank(this.logoutUri)) {
                this.logoutUri = this.logoutUri.replace("${appURL}", uriString).replace("${appURLEncoded}", URLEncoder.encode(uriString, StandardCharsets.UTF_8));
            } else {
                this.logoutUri = httpServletRequest.getContextPath() + "/index.html";
            }
            if (httpServletRequest.getHeader("Accept") == null || !httpServletRequest.getHeader("Accept").contains("json")) {
                httpServletResponse.setStatus(200);
                httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/index.html");
            } else {
                httpServletResponse.setContentType("application/json");
                httpServletResponse.getWriter().print(new JSONObject().put("logoutUri", this.logoutUri).put("appBaseUrl", uriString).toString());
            }
        };
    }
}
