package com.centit.framework.config;

import java.util.ArrayList;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.util.Assert;

@EnableConfigurationProperties({SecurityProperties.class})
@Configuration
@EnableWebSecurity
@ConditionalOnProperty(prefix = "security.login.cas", name = {"enabled"})
/* loaded from: input_file:com/centit/framework/config/WebSecurityCasConfig.class */
public class WebSecurityCasConfig extends WebSecurityBaseConfig {
    private ServiceProperties createCasServiceProperties() {
        ServiceProperties serviceProperties = new ServiceProperties();
        serviceProperties.setService(this.securityProperties.getLogin().getCas().getLocalHome() + "/login/cas");
        serviceProperties.setSendRenew(false);
        return serviceProperties;
    }

    protected AuthenticationProvider getAuthenticationProvider() {
        CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
        casAuthenticationProvider.setUserDetailsService(this.centitUserDetailsService);
        casAuthenticationProvider.setServiceProperties(createCasServiceProperties());
        casAuthenticationProvider.setTicketValidator(new Cas20ServiceTicketValidator(this.securityProperties.getLogin().getCas().getCasHome()));
        casAuthenticationProvider.setKey(this.securityProperties.getLogin().getCas().getAppKey());
        return casAuthenticationProvider;
    }

    protected AuthenticationEntryPoint getAuthenticationEntryPoint() {
        ServiceProperties createCasServiceProperties = createCasServiceProperties();
        CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
        casAuthenticationEntryPoint.setLoginUrl(this.securityProperties.getLogin().getCas().getCasHome());
        casAuthenticationEntryPoint.setServiceProperties(createCasServiceProperties);
        return casAuthenticationEntryPoint;
    }

    protected AuthenticationManager createAuthenticationManager() {
        AuthenticationProvider authenticationProvider = getAuthenticationProvider();
        Assert.notNull(authenticationProvider, "authenticationProvider不能为空");
        ArrayList arrayList = new ArrayList();
        arrayList.add(authenticationProvider);
        return new ProviderManager(arrayList);
    }

    private SingleSignOutFilter singleSignOutFilter() {
        SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
        singleSignOutFilter.setCasServerUrlPrefix(this.securityProperties.getLogin().getCas().getCasHome());
        return singleSignOutFilter;
    }

    protected AbstractAuthenticationProcessingFilter getAuthenticationFilter() {
        CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
        casAuthenticationFilter.setAuthenticationManager(createAuthenticationManager());
        casAuthenticationFilter.setAuthenticationFailureHandler(createFailureHandler());
        casAuthenticationFilter.setAuthenticationSuccessHandler(createSuccessHandler(this.centitUserDetailsService));
        return casAuthenticationFilter;
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        if (this.securityProperties.getHttp().isCsrfEnable()) {
            httpSecurity.csrf().csrfTokenRepository(this.csrfTokenRepository);
        } else {
            httpSecurity.csrf().disable();
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/system/mainframe/login", "/system/exception", "/oauth/check_token"})).permitAll().and().exceptionHandling().accessDeniedPage("/system/exception/error/403").and().sessionManagement().invalidSessionUrl("/system/exception/error/401").and().httpBasic().authenticationEntryPoint(getAuthenticationEntryPoint());
        httpSecurity.headers().frameOptions().sameOrigin();
        httpSecurity.addFilterAt(getAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class).addFilterBefore(createCentitPowerFilter(createCentitAccessDecisionManager(), createCentitSecurityMetadataSource()), FilterSecurityInterceptor.class).addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class);
    }
}
