package org.cattleframework.oauth.starter.authorization;

import org.apache.commons.lang3.StringUtils;
import org.cattleframework.form.CommonWebProperties;
import org.cattleframework.form.authorization.AuthorizationAutoConfiguration;
import org.cattleframework.form.authorization.portal.configurers.AuthorizationConfigurer;
import org.cattleframework.form.authorization.service.SessionRepository;
import org.cattleframework.form.authorization.service.UserService;
import org.cattleframework.form.authorization.web.SessionCheckFilter;
import org.cattleframework.form.environment.service.ProtectionService;
import org.cattleframework.oauth.authorization.client.RegisteredClientRepositoryEnhance;
import org.cattleframework.oauth.authorization.portal.web.authentication.AuthorizeServerLoginPageSuccessHandler;
import org.cattleframework.oauth.authorization.portal.web.authentication.AuthorizeServerLoginSuccessHandler;
import org.cattleframework.security.crypto.SmUtils;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.PropertySource;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.context.SecurityContextHolderFilter;
import org.springframework.security.web.header.writers.XXssProtectionHeaderWriter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

@EnableConfigurationProperties({AuthorizeWebProperties.class})
@AutoConfiguration(before = {AuthorizationAutoConfiguration.class})
@PropertySource({"classpath:/org/cattleframework/oauth/starter/authorization/authorize.properties"})
/* loaded from: input_file:org/cattleframework/oauth/starter/authorization/AuthorizeAutoConfiguration.class */
public class AuthorizeAutoConfiguration {
    private static final String SLASH = "/";

    @ConditionalOnMissingBean(name = {"authorizationSecurityFilterChain"})
    @Bean({"authorizationSecurityFilterChain"})
    @Order(Integer.MIN_VALUE)
    public SecurityFilterChain authorizationSecurityFilterChain(HttpSecurity httpSecurity, CommonWebProperties commonWebProperties, UserService userService, RegisteredClientRepositoryEnhance registeredClientRepositoryEnhance, AuthorizationServerSettings authorizationServerSettings, ProtectionService protectionService, SessionRepository sessionRepository) throws Exception {
        AuthorizationConfigurer authorizationConfigurer = new AuthorizationConfigurer();
        httpSecurity.securityMatcher(authorizationConfigurer.getEndpointsMatcher()).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.requestMatchers(new RequestMatcher[]{AntPathRequestMatcher.antMatcher(HttpMethod.GET, commonWebProperties.getLoginPageUri())})).permitAll().anyRequest()).authenticated();
        }).with(authorizationConfigurer, authorizationConfigurer2 -> {
            authorizationConfigurer2.authorizeEndpoint(authorizeEndpointConfigurer -> {
                authorizeEndpointConfigurer.loginPageEndpoint(authorizeLoginPageEndpointConfigurer -> {
                    authorizeLoginPageEndpointConfigurer.authenticationSuccessHandler(new AuthorizeServerLoginSuccessHandler(userService, registeredClientRepositoryEnhance, authorizationServerSettings.getAuthorizationEndpoint(), commonWebProperties));
                }).loginEndpoint(authorizeLoginEndpointConfigurer -> {
                    authorizeLoginEndpointConfigurer.authenticationSuccessHandler(new AuthorizeServerLoginPageSuccessHandler(userService, registeredClientRepositoryEnhance, SmUtils.getSm2PrivateKey(protectionService.getTransmissionKey().getPrivateKey()), authorizationServerSettings.getAuthorizationEndpoint(), commonWebProperties));
                });
            });
        }).headers(headersConfigurer -> {
            headersConfigurer.frameOptions(frameOptionsConfig -> {
                frameOptionsConfig.sameOrigin();
            }).xssProtection(xXssConfig -> {
                xXssConfig.headerValue(XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK);
            }).contentTypeOptions(Customizer.withDefaults());
        });
        return (SecurityFilterChain) httpSecurity.build();
    }

    @ConditionalOnMissingBean(name = {"securityFilterChain"})
    @Bean({"securityFilterChain"})
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity, CommonWebProperties commonWebProperties, SessionRepository sessionRepository) throws Exception {
        httpSecurity.addFilterAfter(new SessionCheckFilter(sessionRepository), SecurityContextHolderFilter.class).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.anyRequest()).authenticated();
        }).exceptionHandling(exceptionHandlingConfigurer -> {
            String loginPageUri = commonWebProperties.getLoginPageUri();
            if (StringUtils.isNotBlank(commonWebProperties.getHostUrl())) {
                loginPageUri = (commonWebProperties.getHostUrl().endsWith(SLASH) ? commonWebProperties.getHostUrl().substring(0, commonWebProperties.getHostUrl().length() - 1) : commonWebProperties.getHostUrl()) + commonWebProperties.getLoginPageUri();
            }
            exceptionHandlingConfigurer.defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint(loginPageUri), new MediaTypeRequestMatcher(new MediaType[]{MediaType.TEXT_HTML}));
        }).headers(headersConfigurer -> {
            headersConfigurer.frameOptions(frameOptionsConfig -> {
                frameOptionsConfig.sameOrigin();
            }).xssProtection(xXssConfig -> {
                xXssConfig.headerValue(XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK);
            }).contentTypeOptions(Customizer.withDefaults());
        });
        return (SecurityFilterChain) httpSecurity.build();
    }
}
