package com.diboot.starter;

import com.diboot.core.cache.BaseCacheManager;
import com.diboot.core.cache.DynamicMemoryCacheManager;
import com.diboot.core.data.access.DataScopeManager;
import com.diboot.core.util.V;
import com.diboot.iam.config.Cons;
import com.diboot.iam.config.IamProperties;
import com.diboot.iam.data.UserOrgDataAccessScopeManager;
import com.diboot.iam.init.IamRedisAutoConfig;
import com.diboot.iam.shiro.IamAuthorizingRealm;
import com.diboot.iam.shiro.StatelessAccessControlFilter;
import com.diboot.iam.shiro.StatelessSubjectFactory;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Set;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.UnavailableSecurityManagerException;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.MemoryConstrainedCacheManager;
import org.apache.shiro.event.EventBus;
import org.apache.shiro.event.support.DefaultEventBus;
import org.apache.shiro.mgt.DefaultSessionStorageEvaluator;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.mgt.SessionStorageEvaluator;
import org.apache.shiro.mgt.SessionsSecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.mgt.DefaultSessionManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.DefaultWebSubjectFactory;
import org.mybatis.spring.annotation.MapperScan;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;
import org.springframework.context.annotation.Lazy;
import org.springframework.context.annotation.Role;
import org.springframework.core.annotation.Order;
import org.springframework.core.task.TaskDecorator;
import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;

@EnableConfigurationProperties({IamProperties.class})
@AutoConfigureAfter({IamRedisAutoConfig.class})
@MapperScan(basePackages = {"com.diboot.iam.mapper"})
@ComponentScan(basePackages = {"com.diboot.iam"})
@Configuration
@Order(912)
@Role(2)
/* loaded from: input_file:com/diboot/starter/IamAutoConfig.class */
public class IamAutoConfig {
    private static final Logger log = LoggerFactory.getLogger(IamAutoConfig.class);

    @Autowired
    private IamProperties iamProperties;

    /* loaded from: input_file:com/diboot/starter/IamAutoConfig$ShiroContextDecorator.class */
    private class ShiroContextDecorator implements TaskDecorator {
        private ShiroContextDecorator() {
        }

        public Runnable decorate(Runnable runnable) {
            try {
                return SecurityUtils.getSubject().associateWith(runnable);
            } catch (UnavailableSecurityManagerException e) {
                return runnable;
            }
        }
    }

    @Configuration
    /* loaded from: input_file:com/diboot/starter/IamAutoConfig$ThreadPoolTaskExecutorConfig.class */
    private class ThreadPoolTaskExecutorConfig {
        public ThreadPoolTaskExecutorConfig(@Qualifier("applicationTaskExecutor") ObjectProvider<ThreadPoolTaskExecutor> objectProvider) {
            objectProvider.ifAvailable(threadPoolTaskExecutor -> {
                threadPoolTaskExecutor.setTaskDecorator(new ShiroContextDecorator());
            });
        }
    }

    public IamAutoConfig() {
        log.info("初始化 IAM 组件 自动配置");
    }

    @ConditionalOnMissingBean
    @Bean(name = {"shiroCacheManager"})
    @Role(2)
    public CacheManager shiroCacheManager() {
        return new MemoryConstrainedCacheManager();
    }

    @DependsOn({"shiroCacheManager"})
    @ConditionalOnMissingBean
    @Bean
    @Role(2)
    public Realm realm() {
        IamAuthorizingRealm iamAuthorizingRealm = new IamAuthorizingRealm();
        CacheManager shiroCacheManager = shiroCacheManager();
        if (shiroCacheManager != null) {
            iamAuthorizingRealm.setCachingEnabled(true);
            iamAuthorizingRealm.setAuthenticationCachingEnabled(true);
            iamAuthorizingRealm.setCacheManager(shiroCacheManager);
        }
        return iamAuthorizingRealm;
    }

    @ConditionalOnMissingBean
    @Bean(name = {"shiroSecurityManager"})
    @Role(2)
    public DefaultWebSecurityManager shiroSecurityManager() {
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setSubjectFactory(subjectFactory());
        defaultWebSecurityManager.setSessionManager(sessionManager());
        defaultWebSecurityManager.setRealm(realm());
        defaultWebSecurityManager.setCacheManager(shiroCacheManager());
        defaultWebSecurityManager.getSubjectDAO().setSessionStorageEvaluator(sessionStorageEvaluator());
        return defaultWebSecurityManager;
    }

    @ConditionalOnMissingBean
    @Bean
    @Role(2)
    protected SessionStorageEvaluator sessionStorageEvaluator() {
        DefaultSessionStorageEvaluator defaultSessionStorageEvaluator = new DefaultSessionStorageEvaluator();
        defaultSessionStorageEvaluator.setSessionStorageEnabled(false);
        return defaultSessionStorageEvaluator;
    }

    @ConditionalOnMissingBean
    @Bean
    @Role(2)
    public DefaultWebSubjectFactory subjectFactory() {
        return new StatelessSubjectFactory();
    }

    @ConditionalOnMissingBean
    @Bean
    @Role(2)
    public DefaultSessionManager sessionManager() {
        DefaultSessionManager defaultSessionManager = new DefaultSessionManager();
        defaultSessionManager.setSessionValidationSchedulerEnabled(false);
        return defaultSessionManager;
    }

    public AccessControlFilter shiroFilter() {
        return new StatelessAccessControlFilter();
    }

    @ConditionalOnMissingBean
    @Bean
    @Role(2)
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Lazy SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }

    @ConditionalOnMissingBean
    @Bean
    @Role(2)
    protected ShiroFilterFactoryBean shiroFilterFactoryBean(SessionsSecurityManager sessionsSecurityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("accessControlFilter", shiroFilter());
        shiroFilterFactoryBean.setFilters(linkedHashMap);
        shiroFilterFactoryBean.setSecurityManager(sessionsSecurityManager);
        shiroFilterFactoryBean.setUnauthorizedUrl("/error");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(shiroFilterChainDefinition().getFilterChainMap());
        return shiroFilterFactoryBean;
    }

    @ConditionalOnMissingBean
    @Bean
    @Role(2)
    protected ShiroFilterChainDefinition shiroFilterChainDefinition() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("/static/**", "anon");
        linkedHashMap.put("/error/**", "anon");
        linkedHashMap.put("/auth/captcha", "anon");
        linkedHashMap.put("/auth/login", "anon");
        linkedHashMap.put("/auth/token", "anon");
        linkedHashMap.put("/auth/2step-code", "anon");
        linkedHashMap.put("/file/*/image", "anon");
        Set<String> anonUrls = this.iamProperties.getAnonUrls();
        if (V.notEmpty(anonUrls)) {
            Iterator<String> it = anonUrls.iterator();
            while (it.hasNext()) {
                linkedHashMap.put(it.next(), "anon");
            }
        }
        linkedHashMap.put("/login", "authc");
        if (V.notEmpty(anonUrls) && anonUrls.contains("/**") && !this.iamProperties.isEnablePermissionCheck()) {
            log.info("权限检查已停用，该配置仅用于开发环境 !");
            linkedHashMap.put("/**", "anon");
        } else {
            linkedHashMap.put("/**", "accessControlFilter");
        }
        DefaultShiroFilterChainDefinition defaultShiroFilterChainDefinition = new DefaultShiroFilterChainDefinition();
        defaultShiroFilterChainDefinition.addPathDefinitions(linkedHashMap);
        return defaultShiroFilterChainDefinition;
    }

    @ConditionalOnMissingBean
    @Bean
    @Role(2)
    public EventBus eventBus() {
        return new DefaultEventBus();
    }

    @ConditionalOnMissingBean
    @Bean(name = {"iamCacheManager"})
    public BaseCacheManager iamCacheManager() {
        log.info("初始化IAM本地缓存: DynamicMemoryCacheManager");
        return new DynamicMemoryCacheManager(new HashMap<String, Integer>() { // from class: com.diboot.starter.IamAutoConfig.1
            {
                put(Cons.CACHE_TOKEN_USERINFO, Integer.valueOf(IamAutoConfig.this.iamProperties.getTokenExpiresMinutes()));
                put(Cons.CACHE_CAPTCHA, 5);
            }
        });
    }

    @ConditionalOnMissingBean
    @Bean
    public DataScopeManager dataAccessInterface() {
        return new UserOrgDataAccessScopeManager();
    }
}
