package com.centit.framework.authorizeserver;

import com.centit.framework.security.PretreatmentAuthenticationProcessingFilter;
import com.centit.framework.security.TokenAuthenticationFailureHandler;
import com.centit.framework.security.TokenAuthenticationSuccessHandler;
import com.centit.framework.security.model.CentitUserDetailsService;
import com.centit.support.algorithm.StringBaseOpt;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.CookieClearingLogoutHandler;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.csrf.CsrfLogoutHandler;
import org.springframework.security.web.csrf.CsrfTokenRepository;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:BOOT-INF/classes/com/centit/framework/authorizeserver/WebSecurityConfig.class */
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    AuthenticationManager authenticationManager;

    @Autowired
    protected CsrfTokenRepository csrfTokenRepository;

    @Autowired
    protected CentitUserDetailsService centitUserDetailsService;

    @Value("${login.failure.targetUrl}")
    String defaultFailureTargetUrl;

    @Value("${login.failure.writeLog:false}")
    boolean loginFailureWritelog;

    @Value("${login.success.targetUrl}")
    String defaultSuccessTargetUrl;

    @Value("${login.success.writeLog:true}")
    boolean loginSuccessWritelog;

    @Value("${http.csrf.enable:false}")
    boolean httpCsrfEnable;

    @Value("${login.captcha.checkTime:0}")
    int loginCaptchaCheckTime;

    @Value("${login.captcha.checkType:0}")
    int loginCaptchaCheckType;

    @Value("${login.retry.checkType:'H'}")
    String loginRetryCheckType;

    @Value("${login.retry.maxTryTimes:0}")
    int loginRetryMaxTryTimes;

    @Value("${login.retry.lockMinites:10}")
    int loginRetryLockMinites;

    @Value("${login.retry.checkTimeTnterval:3}")
    int loginRetryCheckTimeTnterval;

    @Value("${http.filter.chain.continueBeforeSuccessfulAuthentication:false}")
    boolean httpFilterChainContinueBeforeSuccessfulAuthentication;

    protected TokenAuthenticationFailureHandler createFailureHandler() {
        TokenAuthenticationFailureHandler tokenAuthenticationFailureHandler = new TokenAuthenticationFailureHandler();
        tokenAuthenticationFailureHandler.setDefaultFailureUrl(StringBaseOpt.emptyValue(this.defaultFailureTargetUrl, "/system/mainframe/login/error"));
        tokenAuthenticationFailureHandler.setWriteLog(this.loginFailureWritelog);
        return tokenAuthenticationFailureHandler;
    }

    protected TokenAuthenticationSuccessHandler createSuccessHandler(CentitUserDetailsService centitUserDetailsService) {
        TokenAuthenticationSuccessHandler tokenAuthenticationSuccessHandler = new TokenAuthenticationSuccessHandler();
        tokenAuthenticationSuccessHandler.setDefaultTargetUrl(StringBaseOpt.emptyValue(this.defaultSuccessTargetUrl, "/"));
        tokenAuthenticationSuccessHandler.setWriteLog(this.loginSuccessWritelog);
        tokenAuthenticationSuccessHandler.setUserDetailsService(centitUserDetailsService);
        return tokenAuthenticationSuccessHandler;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        if (this.httpCsrfEnable) {
            httpSecurity.csrf().csrfTokenRepository(this.csrfTokenRepository);
        } else {
            httpSecurity.csrf().disable();
        }
        ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.authorizeRequests().antMatchers("/system/mainframe/login", "/system/exception", "/oauth/check_token").permitAll().and()).exceptionHandling().accessDeniedPage("/system/exception/error/403").and()).sessionManagement().invalidSessionUrl("/system/exception/error/401").and()).httpBasic().authenticationEntryPoint(authenticationEntryPoint());
        httpSecurity.headers().frameOptions().sameOrigin();
        httpSecurity.addFilterAt(createPretreatmentAuthenticationProcessingFilter(this.authenticationManager, createSuccessHandler(this.centitUserDetailsService), createFailureHandler()), UsernamePasswordAuthenticationFilter.class).addFilterAt(logoutFilter(), LogoutFilter.class);
    }

    private LoginUrlAuthenticationEntryPoint authenticationEntryPoint() {
        return new LoginUrlAuthenticationEntryPoint("/system/mainframe/login");
    }

    private UsernamePasswordAuthenticationFilter createPretreatmentAuthenticationProcessingFilter(AuthenticationManager authenticationManager, TokenAuthenticationSuccessHandler tokenAuthenticationSuccessHandler, AuthenticationFailureHandler authenticationFailureHandler) {
        PretreatmentAuthenticationProcessingFilter pretreatmentAuthenticationProcessingFilter = new PretreatmentAuthenticationProcessingFilter();
        pretreatmentAuthenticationProcessingFilter.setAuthenticationManager(authenticationManager);
        pretreatmentAuthenticationProcessingFilter.setCheckCaptchaTime(this.loginCaptchaCheckTime);
        pretreatmentAuthenticationProcessingFilter.setCheckCaptchaType(this.loginCaptchaCheckType);
        pretreatmentAuthenticationProcessingFilter.setRetryCheckType(this.loginRetryCheckType);
        pretreatmentAuthenticationProcessingFilter.setRetryMaxTryTimes(this.loginRetryMaxTryTimes);
        pretreatmentAuthenticationProcessingFilter.setRetryLockMinites(this.loginRetryLockMinites);
        pretreatmentAuthenticationProcessingFilter.setRetryCheckTimeTnterval(this.loginRetryCheckTimeTnterval);
        pretreatmentAuthenticationProcessingFilter.setContinueChainBeforeSuccessfulAuthentication(this.httpFilterChainContinueBeforeSuccessfulAuthentication);
        pretreatmentAuthenticationProcessingFilter.setAuthenticationFailureHandler(authenticationFailureHandler);
        pretreatmentAuthenticationProcessingFilter.setAuthenticationSuccessHandler(tokenAuthenticationSuccessHandler);
        return pretreatmentAuthenticationProcessingFilter;
    }

    private LogoutFilter logoutFilter() {
        return new LogoutFilter("/system/mainframe/login", new CsrfLogoutHandler(this.csrfTokenRepository), new CookieClearingLogoutHandler("JSESSIONID", "remember-me"), new SecurityContextLogoutHandler());
    }
}
