package com.centit.framework.config;

import com.centit.framework.security.AjaxAuthenticationFailureHandler;
import com.centit.framework.security.AjaxAuthenticationSuccessHandler;
import com.centit.support.algorithm.BooleanBaseOpt;
import com.centit.support.algorithm.StringBaseOpt;
import java.util.ArrayList;
import javax.servlet.Filter;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.springframework.context.annotation.Conditional;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;

@EnableWebSecurity
@Conditional({SecurityCasCondition.class})
/* loaded from: input_file:WEB-INF/lib/framework-core-4.0.4-SNAPSHOT.jar:com/centit/framework/config/SpringSecurityCasConfig.class */
public class SpringSecurityCasConfig extends SpringSecurityBaseConfig {
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers("/system/login", "/service/exception/**", "/system/login/**");
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ServiceProperties createCasServiceProperties = createCasServiceProperties();
        CasAuthenticationEntryPoint createCasEntryPoint = createCasEntryPoint(createCasServiceProperties);
        if (BooleanBaseOpt.castObjectToBoolean(this.env.getProperty("http.csrf.enable"), false).booleanValue()) {
            httpSecurity.csrf().csrfTokenRepository(this.csrfTokenRepository);
        } else {
            httpSecurity.csrf().disable();
        }
        ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.logout().logoutSuccessUrl(StringBaseOpt.emptyValue(this.env.getProperty("login.success.targetUrl"), "/")).and()).exceptionHandling().accessDeniedPage("/system/exception/error/403").and()).sessionManagement().invalidSessionUrl("/system/exception/error/401").and()).httpBasic().authenticationEntryPoint(createCasEntryPoint);
        AjaxAuthenticationSuccessHandler createAjaxSuccessHandler = createAjaxSuccessHandler(this.centitUserDetailsService);
        AjaxAuthenticationFailureHandler createAjaxFailureHandler = createAjaxFailureHandler();
        AuthenticationManager creatAuthenticationManager = creatAuthenticationManager(createCasAuthenticationProvider(createCasServiceProperties));
        CasAuthenticationFilter createCasFilter = createCasFilter(creatAuthenticationManager, createAjaxSuccessHandler, createAjaxFailureHandler);
        httpSecurity.addFilterAt(createCasFilter, UsernamePasswordAuthenticationFilter.class).addFilterBefore((Filter) createCentitPowerFilter(creatAuthenticationManager, createCentitAccessDecisionManager(), createCentitSecurityMetadataSource()), FilterSecurityInterceptor.class).addFilterBefore((Filter) requestSingleLogoutFilter(), LogoutFilter.class).addFilterBefore((Filter) singleLogoutFilter(), CasAuthenticationFilter.class);
    }

    private CasAuthenticationEntryPoint createCasEntryPoint(ServiceProperties serviceProperties) {
        CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
        casAuthenticationEntryPoint.setLoginUrl(this.env.getProperty("cas.home") + DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL);
        casAuthenticationEntryPoint.setServiceProperties(serviceProperties);
        return casAuthenticationEntryPoint;
    }

    private ServiceProperties createCasServiceProperties() {
        ServiceProperties serviceProperties = new ServiceProperties();
        serviceProperties.setService(this.env.getProperty("local.home") + "/login/cas");
        serviceProperties.setSendRenew(false);
        return serviceProperties;
    }

    private CasAuthenticationProvider createCasAuthenticationProvider(ServiceProperties serviceProperties) {
        CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
        casAuthenticationProvider.setUserDetailsService(this.centitUserDetailsService);
        casAuthenticationProvider.setServiceProperties(serviceProperties);
        casAuthenticationProvider.setTicketValidator(new Cas20ServiceTicketValidator(this.env.getProperty("cas.home")));
        casAuthenticationProvider.setKey(this.env.getProperty("app.key"));
        return casAuthenticationProvider;
    }

    private CasAuthenticationFilter createCasFilter(AuthenticationManager authenticationManager, AjaxAuthenticationSuccessHandler ajaxAuthenticationSuccessHandler, AjaxAuthenticationFailureHandler ajaxAuthenticationFailureHandler) {
        CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
        casAuthenticationFilter.setAuthenticationManager(authenticationManager);
        casAuthenticationFilter.setAuthenticationFailureHandler(ajaxAuthenticationFailureHandler);
        casAuthenticationFilter.setAuthenticationSuccessHandler(ajaxAuthenticationSuccessHandler);
        return casAuthenticationFilter;
    }

    private SingleSignOutFilter singleLogoutFilter() {
        SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
        singleSignOutFilter.setCasServerUrlPrefix(this.env.getProperty("cas.home"));
        return singleSignOutFilter;
    }

    private LogoutFilter requestSingleLogoutFilter() {
        return new LogoutFilter(this.env.getProperty("cas.home") + "/logout", new SecurityContextLogoutHandler());
    }

    private AuthenticationManager creatAuthenticationManager(CasAuthenticationProvider casAuthenticationProvider) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(casAuthenticationProvider);
        return new ProviderManager(arrayList);
    }
}
