package com.jxdinfo.hussar.config.web;

import com.alibaba.druid.util.StringUtils;
import com.jxdinfo.hussar.config.properties.GlobalProperties;
import com.jxdinfo.hussar.config.properties.HussarProperties;
import com.jxdinfo.hussar.config.properties.ShiroProperties;
import com.jxdinfo.hussar.core.intercept.HussarUserFilter;
import com.jxdinfo.hussar.core.intercept.KickoutSessionFilter;
import com.jxdinfo.hussar.core.shiro.HussarSessionListener;
import com.jxdinfo.hussar.core.shiro.ShiroDbRealm;
import com.jxdinfo.hussar.core.shiro.ShiroPac4jRealm;
import com.jxdinfo.hussar.isc.conf.ShiroIscConfiguration;
import com.jxdinfo.hussar.rest.config.properties.JwtProperties;
import com.jxdinfo.hussar.rest.config.properties.RestProperties;
import io.buji.pac4j.filter.CallbackFilter;
import io.buji.pac4j.filter.LogoutFilter;
import io.buji.pac4j.filter.SecurityFilter;
import io.buji.pac4j.subject.Pac4jSubjectFactory;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import javax.servlet.DispatcherType;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.ehcache.EhCacheManager;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.SessionListener;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.session.mgt.eis.MemorySessionDAO;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.apache.shiro.web.session.mgt.ServletContainerSessionManager;
import org.crazycake.shiro.RedisCacheManager;
import org.crazycake.shiro.RedisManager;
import org.crazycake.shiro.RedisSessionDAO;
import org.pac4j.core.config.Config;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.beans.factory.config.MethodInvokingFactoryBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.data.redis.RedisProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.cache.ehcache.EhCacheManagerFactoryBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.filter.DelegatingFilterProxy;

@Configuration
/* loaded from: input_file:com/jxdinfo/hussar/config/web/ShiroConfig.class */
public class ShiroConfig {

    @Value("${spring.profiles.active}")
    private String active;

    @Autowired
    private ShiroProperties shiroProperties;

    @Autowired
    private JwtProperties jwtProperties;

    @Autowired
    private RestProperties restProperties;

    @Autowired
    private CredentialsMatcher credentialsMatcher;

    @Autowired
    private ShiroIscConfiguration iscConf;

    @Autowired
    private RedisProperties redisProperties;

    @Autowired
    private HussarProperties hussarProperties;

    @Autowired
    private GlobalProperties globalProperties;

    @Bean
    public DefaultWebSecurityManager securityManager(CookieRememberMeManager cookieRememberMeManager, CacheManager cacheManager, SessionManager sessionManager, Realm realm, Pac4jSubjectFactory pac4jSubjectFactory) {
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setRealm(realm);
        if (this.iscConf.isActive()) {
            defaultWebSecurityManager.setSubjectFactory(pac4jSubjectFactory);
        } else {
            defaultWebSecurityManager.setRememberMeManager(cookieRememberMeManager);
        }
        defaultWebSecurityManager.setSessionManager(sessionManager);
        defaultWebSecurityManager.setCacheManager(cacheManager);
        return defaultWebSecurityManager;
    }

    @ConditionalOnProperty(prefix = HussarProperties.PREFIX, name = {"spring-session-open"}, havingValue = "true")
    @Bean
    public ServletContainerSessionManager servletContainerSessionManager() {
        return new ServletContainerSessionManager();
    }

    @ConditionalOnProperty(prefix = HussarProperties.PREFIX, name = {"spring-session-open"}, havingValue = "false")
    @Bean
    public DefaultWebSessionManager defaultWebSessionManager(CacheManager cacheManager, Collection<SessionListener> collection, SessionDAO sessionDAO) {
        DefaultWebSessionManager defaultWebSessionManager = new DefaultWebSessionManager();
        defaultWebSessionManager.setSessionValidationInterval(this.hussarProperties.getSessionValidationInterval().intValue() * 1000);
        defaultWebSessionManager.setGlobalSessionTimeout(this.hussarProperties.getSessionInvalidateTime().intValue() * 1000);
        defaultWebSessionManager.setDeleteInvalidSessions(true);
        defaultWebSessionManager.setSessionValidationSchedulerEnabled(true);
        defaultWebSessionManager.setSessionIdUrlRewritingEnabled(false);
        defaultWebSessionManager.setSessionListeners(collection);
        defaultWebSessionManager.setCacheManager(cacheManager);
        defaultWebSessionManager.setSessionDAO(sessionDAO);
        defaultWebSessionManager.setSessionIdCookieEnabled(true);
        SimpleCookie simpleCookie = new SimpleCookie(this.globalProperties.getTitle() + "_hussarShiroCookie");
        simpleCookie.setHttpOnly(true);
        defaultWebSessionManager.setSessionIdCookie(simpleCookie);
        return defaultWebSessionManager;
    }

    @Bean
    public SessionDAO sessionDAO() {
        MemorySessionDAO redisSessionDAO;
        if (this.hussarProperties.isStandAlone()) {
            redisSessionDAO = new MemorySessionDAO();
        } else {
            redisSessionDAO = new RedisSessionDAO();
            ((RedisSessionDAO) redisSessionDAO).setRedisManager(redisManager());
        }
        return redisSessionDAO;
    }

    @Bean
    public CacheManager cacheShiroManager(EhCacheManagerFactoryBean ehCacheManagerFactoryBean) {
        if (this.hussarProperties.isStandAlone()) {
            EhCacheManager ehCacheManager = new EhCacheManager();
            ehCacheManager.setCacheManager(ehCacheManagerFactoryBean.getObject());
            return ehCacheManager;
        }
        RedisCacheManager redisCacheManager = new RedisCacheManager();
        redisCacheManager.setRedisManager(redisManager());
        return redisCacheManager;
    }

    public RedisManager redisManager() {
        RedisManager redisManager = new RedisManager();
        redisManager.setHost(this.redisProperties.getHost());
        redisManager.setPort(this.redisProperties.getPort());
        redisManager.setTimeout(this.redisProperties.getTimeout());
        redisManager.setExpire(this.hussarProperties.getSessionValidationInterval().intValue());
        return redisManager;
    }

    @Bean
    public Collection<SessionListener> getSessionListener() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new HussarSessionListener());
        return arrayList;
    }

    @Bean
    public CookieRememberMeManager rememberMeManager(SimpleCookie simpleCookie) {
        CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
        cookieRememberMeManager.setCipherKey(Base64.decode("SHVzc2FyVjgAAAAAAAAAA="));
        cookieRememberMeManager.setCookie(simpleCookie);
        return cookieRememberMeManager;
    }

    @Bean
    public CredentialsMatcher credentialsMatcher() {
        return this.credentialsMatcher;
    }

    @Bean
    public SimpleCookie rememberMeCookie() {
        SimpleCookie simpleCookie = new SimpleCookie(this.globalProperties.getTitle() + "_rememberMe");
        simpleCookie.setHttpOnly(true);
        simpleCookie.setMaxAge(604800);
        return simpleCookie;
    }

    @Bean({"shiroFilter"})
    public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager defaultWebSecurityManager, DefaultWebSessionManager defaultWebSessionManager, Config config) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(defaultWebSecurityManager);
        String loginUrl = this.shiroProperties.getLoginUrl();
        if (StringUtils.isEmpty(loginUrl)) {
            loginUrl = "/login";
        }
        shiroFilterFactoryBean.setLoginUrl(loginUrl);
        String successUrl = this.shiroProperties.getSuccessUrl();
        if (StringUtils.isEmpty(successUrl)) {
            successUrl = "/";
        }
        shiroFilterFactoryBean.setSuccessUrl(successUrl);
        String unauthorizedUrl = this.shiroProperties.getUnauthorizedUrl();
        if (StringUtils.isEmpty(unauthorizedUrl)) {
            unauthorizedUrl = "/global/403";
        }
        shiroFilterFactoryBean.setUnauthorizedUrl(unauthorizedUrl);
        HashMap hashMap = new HashMap();
        if (this.iscConf.isActive()) {
            SecurityFilter securityFilter = new SecurityFilter();
            securityFilter.setConfig(config);
            securityFilter.setClients(this.iscConf.getClientName());
            hashMap.put("securityFilter", securityFilter);
            CallbackFilter callbackFilter = new CallbackFilter();
            callbackFilter.setConfig(config);
            callbackFilter.setDefaultUrl(this.iscConf.getLocalUrl());
            hashMap.put("callbackFilter", callbackFilter);
            LogoutFilter logoutFilter = new LogoutFilter();
            logoutFilter.setConfig(config);
            logoutFilter.setCentralLogout(true);
            logoutFilter.setLocalLogout(true);
            logoutFilter.setDefaultUrl(this.iscConf.getLocalUrl() + "/callback?client_name=" + this.iscConf.getClientName());
            hashMap.put("logoutFilter", logoutFilter);
        } else {
            hashMap.put("user", new HussarUserFilter());
            hashMap.put("kickout", kickoutSessionFilter(defaultWebSessionManager));
        }
        shiroFilterFactoryBean.setFilters(hashMap);
        loadShiroFilterChain(shiroFilterFactoryBean, Boolean.valueOf(this.iscConf.isActive()));
        return shiroFilterFactoryBean;
    }

    @Bean
    public MethodInvokingFactoryBean methodInvokingFactoryBean(DefaultWebSecurityManager defaultWebSecurityManager) {
        MethodInvokingFactoryBean methodInvokingFactoryBean = new MethodInvokingFactoryBean();
        methodInvokingFactoryBean.setStaticMethod("org.apache.shiro.SecurityUtils.setSecurityManager");
        methodInvokingFactoryBean.setArguments(new Object[]{defaultWebSecurityManager});
        return methodInvokingFactoryBean;
    }

    @Bean
    public static LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    public DefaultAdvisorAutoProxyCreator advisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator = new DefaultAdvisorAutoProxyCreator();
        defaultAdvisorAutoProxyCreator.setProxyTargetClass(true);
        return defaultAdvisorAutoProxyCreator;
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager defaultWebSecurityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(defaultWebSecurityManager);
        return authorizationAttributeSourceAdvisor;
    }

    public KickoutSessionFilter kickoutSessionFilter(DefaultWebSessionManager defaultWebSessionManager) {
        KickoutSessionFilter kickoutSessionFilter = new KickoutSessionFilter();
        kickoutSessionFilter.setSessionManager(defaultWebSessionManager);
        kickoutSessionFilter.setKickoutUrl("/login");
        return kickoutSessionFilter;
    }

    @Bean
    public FilterRegistrationBean filterRegistrationBean() {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter(new DelegatingFilterProxy("shiroFilter"));
        filterRegistrationBean.addInitParameter("targetFilterLifecycle", "true");
        filterRegistrationBean.setEnabled(true);
        filterRegistrationBean.addUrlPatterns(new String[]{"/*"});
        filterRegistrationBean.setDispatcherTypes(DispatcherType.REQUEST, new DispatcherType[]{DispatcherType.FORWARD});
        return filterRegistrationBean;
    }

    @Bean
    public Pac4jSubjectFactory subjectFactory() {
        return new Pac4jSubjectFactory();
    }

    @Bean
    public Realm realm(@Qualifier("credentialsMatcher") CredentialsMatcher credentialsMatcher) {
        if (!this.iscConf.isActive()) {
            ShiroDbRealm shiroDbRealm = new ShiroDbRealm();
            shiroDbRealm.setCredentialsMatcher(credentialsMatcher);
            return shiroDbRealm;
        }
        ShiroPac4jRealm shiroPac4jRealm = new ShiroPac4jRealm();
        shiroPac4jRealm.setClientName(this.iscConf.getClientName());
        shiroPac4jRealm.setCachingEnabled(false);
        shiroPac4jRealm.setAuthenticationCachingEnabled(false);
        shiroPac4jRealm.setAuthorizationCachingEnabled(false);
        return shiroPac4jRealm;
    }

    private void loadShiroFilterChain(ShiroFilterFactoryBean shiroFilterFactoryBean, Boolean bool) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if ("dev".equals(this.active)) {
            if (bool.booleanValue()) {
                linkedHashMap.put("/static/**", "anon");
                linkedHashMap.put("/callback", "callbackFilter");
                linkedHashMap.put("/logout", "logoutFilter");
                linkedHashMap.put("/", "securityFilter");
            }
            linkedHashMap.put("/**", "anon");
        } else {
            linkedHashMap.put(this.jwtProperties.getAuthPath(), "anon");
            linkedHashMap.put(this.restProperties.getUrlPattern(), "anon");
            List<String> securityWhitelist = this.shiroProperties.getSecurityWhitelist();
            if (securityWhitelist != null) {
                for (String str : securityWhitelist) {
                    if (!linkedHashMap.containsKey(str)) {
                        linkedHashMap.put(str, "anon");
                    }
                }
            }
            if (bool.booleanValue()) {
                linkedHashMap.put("/static/**", "anon");
                linkedHashMap.put("/callback", "callbackFilter");
                linkedHashMap.put("/logout", "logoutFilter");
                linkedHashMap.put("/", "securityFilter");
                linkedHashMap.put("/**", "securityFilter");
            } else {
                linkedHashMap.put("/static/**", "anon");
                linkedHashMap.put("/login", "anon");
                linkedHashMap.put("/getBackPwd/**", "anon");
                linkedHashMap.put("/global/sessionError", "anon");
                linkedHashMap.put("/kaptcha", "anon");
                linkedHashMap.put("/security", "anon");
                linkedHashMap.put("/**", "user");
                linkedHashMap.put("/**", "kickout");
            }
        }
        shiroFilterFactoryBean.setFilterChainDefinitionMap(linkedHashMap);
    }
}
