package com.kakawait.spring.boot.security.cas.autoconfigure;

import com.kakawait.spring.boot.security.cas.autoconfigure.CasSecurityProperties;
import com.kakawait.spring.boot.security.cas.autoconfigure.SpringBoot1CasHttpSecurityConfigurerAdapter;
import com.kakawait.spring.security.cas.LaxServiceProperties;
import com.kakawait.spring.security.cas.client.ticket.AttributePrincipalProxyTicketProvider;
import com.kakawait.spring.security.cas.client.ticket.ProxyTicketProvider;
import com.kakawait.spring.security.cas.client.validation.AssertionProvider;
import com.kakawait.spring.security.cas.client.validation.SecurityContextHolderAssertionProvider;
import com.kakawait.spring.security.cas.web.RequestAwareCasAuthenticationEntryPoint;
import com.kakawait.spring.security.cas.web.authentication.CasLogoutSuccessHandler;
import com.kakawait.spring.security.cas.web.authentication.ProxyCallbackAndServiceAuthenticationDetailsSource;
import com.kakawait.spring.security.cas.web.authentication.RequestAwareCasLogoutSuccessHandler;
import java.net.URI;
import java.util.HashSet;
import java.util.List;
import java.util.stream.Collectors;
import lombok.NonNull;
import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
import org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl;
import org.jasig.cas.client.validation.ProxyList;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.core.annotation.Order;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.userdetails.AbstractCasAssertionUserDetailsService;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.web.authentication.ServiceAuthenticationDetailsSource;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.util.UriComponentsBuilder;

@EnableConfigurationProperties({CasSecurityProperties.class})
@Configuration
@ConditionalOnClass({EnableWebSecurity.class})
@Conditional({CasSecurityCondition.class})
@ConditionalOnWebApplication
@Import({CasLoginSecurityConfiguration.class, CasAssertionUserDetailsServiceConfiguration.class, CasTicketValidatorConfiguration.class, DefaultCasSecurityConfigurerAdapter.class, DynamicCasSecurityConfiguration.class, StaticCasSecurityConfiguration.class})
/* loaded from: input_file:com/kakawait/spring/boot/security/cas/autoconfigure/CasSecurityAutoConfiguration.class */
public class CasSecurityAutoConfiguration {

    /* loaded from: input_file:com/kakawait/spring/boot/security/cas/autoconfigure/CasSecurityAutoConfiguration$AbstractCasSecurityConfiguration.class */
    static abstract class AbstractCasSecurityConfiguration {
        private final CasSecurityProperties casSecurityProperties;
        private final ServiceProperties serviceProperties;
        private final String serverLoginUrl;

        AbstractCasSecurityConfiguration(CasSecurityProperties casSecurityProperties, ServiceProperties serviceProperties) {
            this.serverLoginUrl = UriComponentsBuilder.fromUri(casSecurityProperties.getServer().getBaseUrl()).path(casSecurityProperties.getServer().getPaths().getLogin()).toUriString();
            this.casSecurityProperties = casSecurityProperties;
            this.serviceProperties = serviceProperties;
        }

        public CasSecurityProperties getCasSecurityProperties() {
            return this.casSecurityProperties;
        }

        public ServiceProperties getServiceProperties() {
            return this.serviceProperties;
        }

        public String getServerLoginUrl() {
            return this.serverLoginUrl;
        }
    }

    @Order(CasSecurityProperties.CAS_AUTH_ORDER)
    /* loaded from: input_file:com/kakawait/spring/boot/security/cas/autoconfigure/CasSecurityAutoConfiguration$CasLoginSecurityConfiguration.class */
    static class CasLoginSecurityConfiguration extends WebSecurityConfigurerAdapter {
        private final CasSecurityProperties casSecurityProperties;

        public CasLoginSecurityConfiguration(CasSecurityProperties casSecurityProperties) {
            this.casSecurityProperties = casSecurityProperties;
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            String[] securePaths = getSecurePaths();
            if (securePaths.length > 0) {
                httpSecurity.requestMatchers().antMatchers(securePaths);
                CasHttpSecurityConfigurer.cas().configure(httpSecurity);
            }
        }

        private String[] getSecurePaths() {
            HashSet hashSet = new HashSet();
            String[] paths = this.casSecurityProperties.getPaths();
            int length = paths.length;
            for (int i = 0; i < length; i++) {
                String str = paths[i];
                String trim = str == null ? "" : str.trim();
                if (trim.equals("/**")) {
                    return new String[]{trim};
                }
                if (StringUtils.hasText(trim)) {
                    hashSet.add(trim);
                }
            }
            hashSet.add(this.casSecurityProperties.getService().getPaths().getLogin());
            hashSet.add(this.casSecurityProperties.getService().getPaths().getLogout());
            hashSet.add(this.casSecurityProperties.getService().getPaths().getProxyCallback());
            hashSet.remove(null);
            return (String[]) hashSet.toArray(new String[0]);
        }
    }

    @Order(Integer.MIN_VALUE)
    /* loaded from: input_file:com/kakawait/spring/boot/security/cas/autoconfigure/CasSecurityAutoConfiguration$DefaultCasSecurityConfigurerAdapter.class */
    static class DefaultCasSecurityConfigurerAdapter extends CasSecurityConfigurerAdapter {
        private final CasSecurityProperties casSecurityProperties;
        private final AbstractCasAssertionUserDetailsService userDetailsService;
        private final ServiceAuthenticationDetailsSource authenticationDetailsSource;
        private final ProxyGrantingTicketStorage proxyGrantingTicketStorage;
        private final LogoutSuccessHandler logoutSuccessHandler;

        public DefaultCasSecurityConfigurerAdapter(CasSecurityProperties casSecurityProperties, AbstractCasAssertionUserDetailsService abstractCasAssertionUserDetailsService, ServiceAuthenticationDetailsSource serviceAuthenticationDetailsSource, ProxyGrantingTicketStorage proxyGrantingTicketStorage, LogoutSuccessHandler logoutSuccessHandler) {
            this.casSecurityProperties = casSecurityProperties;
            this.userDetailsService = abstractCasAssertionUserDetailsService;
            this.authenticationDetailsSource = serviceAuthenticationDetailsSource;
            this.proxyGrantingTicketStorage = proxyGrantingTicketStorage;
            this.logoutSuccessHandler = logoutSuccessHandler;
        }

        @Override // com.kakawait.spring.boot.security.cas.autoconfigure.CasSecurityConfigurerAdapter, com.kakawait.spring.boot.security.cas.autoconfigure.CasSecurityConfigurer
        public void configure(CasAuthenticationProviderSecurityBuilder casAuthenticationProviderSecurityBuilder) {
            casAuthenticationProviderSecurityBuilder.serviceResolutionMode(this.casSecurityProperties.getService().getResolutionMode()).authenticationUserDetailsService(this.userDetailsService).key(this.casSecurityProperties.getKey());
        }

        @Override // com.kakawait.spring.boot.security.cas.autoconfigure.CasSecurityConfigurerAdapter, com.kakawait.spring.boot.security.cas.autoconfigure.CasSecurityConfigurer
        public void configure(CasAuthenticationFilterConfigurer casAuthenticationFilterConfigurer) {
            casAuthenticationFilterConfigurer.proxyReceptorUrl(this.casSecurityProperties.getService().getPaths().getProxyCallback()).serviceAuthenticationDetailsSource(this.authenticationDetailsSource).proxyGrantingTicketStorage(this.proxyGrantingTicketStorage);
        }

        @Override // com.kakawait.spring.boot.security.cas.autoconfigure.CasSecurityConfigurerAdapter, com.kakawait.spring.boot.security.cas.autoconfigure.CasSecurityConfigurer
        public void configure(HttpSecurity httpSecurity) throws Exception {
            httpSecurity.logout().permitAll().logoutSuccessHandler(this.logoutSuccessHandler);
            CasSecurityProperties.SecurityAuthorizeMode mode = this.casSecurityProperties.getAuthorization().getMode();
            if (mode == CasSecurityProperties.SecurityAuthorizeMode.ROLE) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).hasAnyRole(this.casSecurityProperties.getAuthorization().getRoles());
            } else if (mode == CasSecurityProperties.SecurityAuthorizeMode.AUTHENTICATED) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).authenticated();
            } else if (mode == CasSecurityProperties.SecurityAuthorizeMode.NONE) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).permitAll();
            }
        }

        @Override // com.kakawait.spring.boot.security.cas.autoconfigure.CasSecurityConfigurerAdapter, com.kakawait.spring.boot.security.cas.autoconfigure.CasSecurityConfigurer
        public void configure(CasTicketValidatorBuilder casTicketValidatorBuilder) {
            URI callbackBaseUrl = this.casSecurityProperties.getService().getCallbackBaseUrl() != null ? this.casSecurityProperties.getService().getCallbackBaseUrl() : this.casSecurityProperties.getService().getBaseUrl();
            casTicketValidatorBuilder.protocolVersion(this.casSecurityProperties.getServer().getProtocolVersion());
            String proxyCallback = this.casSecurityProperties.getService().getPaths().getProxyCallback();
            if (callbackBaseUrl != null && proxyCallback != null) {
                casTicketValidatorBuilder.proxyCallbackUrl(CasSecurityAutoConfiguration.buildUrl(callbackBaseUrl, proxyCallback));
            }
            if (this.casSecurityProperties.getProxyValidation().isEnabled()) {
                casTicketValidatorBuilder.proxyChains(new ProxyList((List) this.casSecurityProperties.getProxyValidation().getChains().stream().map(list -> {
                    return (String[]) list.toArray(new String[0]);
                }).collect(Collectors.toList())));
            } else {
                casTicketValidatorBuilder.proxyChainsValidation(false);
            }
            casTicketValidatorBuilder.proxyGrantingTicketStorage(this.proxyGrantingTicketStorage);
        }
    }

    @ConditionalOnProperty(value = {"security.cas.service.resolution-mode"}, havingValue = "dynamic")
    /* loaded from: input_file:com/kakawait/spring/boot/security/cas/autoconfigure/CasSecurityAutoConfiguration$DynamicCasSecurityConfiguration.class */
    static class DynamicCasSecurityConfiguration extends AbstractCasSecurityConfiguration {
        DynamicCasSecurityConfiguration(CasSecurityProperties casSecurityProperties, ServiceProperties serviceProperties) {
            super(casSecurityProperties, serviceProperties);
        }

        @ConditionalOnMissingBean({CasAuthenticationEntryPoint.class})
        @Bean
        CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
            RequestAwareCasAuthenticationEntryPoint requestAwareCasAuthenticationEntryPoint = new RequestAwareCasAuthenticationEntryPoint(URI.create(getCasSecurityProperties().getService().getPaths().getLogin()));
            requestAwareCasAuthenticationEntryPoint.setServiceProperties(getServiceProperties());
            requestAwareCasAuthenticationEntryPoint.setLoginUrl(getServerLoginUrl());
            return requestAwareCasAuthenticationEntryPoint;
        }

        @ConditionalOnMissingBean({ServiceAuthenticationDetailsSource.class})
        @Bean
        ServiceAuthenticationDetailsSource serviceAuthenticationDetailsSource(CasSecurityProperties casSecurityProperties) {
            String proxyCallback = casSecurityProperties.getService().getPaths().getProxyCallback();
            URI uri = null;
            if (proxyCallback != null) {
                URI callbackBaseUrl = casSecurityProperties.getService().getCallbackBaseUrl();
                uri = callbackBaseUrl != null ? UriComponentsBuilder.fromUri(callbackBaseUrl).path(proxyCallback).build().toUri() : URI.create(proxyCallback);
            }
            return new ProxyCallbackAndServiceAuthenticationDetailsSource(getServiceProperties(), uri);
        }

        @ConditionalOnMissingBean({LogoutSuccessHandler.class})
        @Bean
        LogoutSuccessHandler casLogoutSuccessHandler(CasSecurityProperties casSecurityProperties, ServiceProperties serviceProperties) {
            return new RequestAwareCasLogoutSuccessHandler(UriComponentsBuilder.fromUri(casSecurityProperties.getServer().getBaseUrl()).path(casSecurityProperties.getServer().getPaths().getLogout()).build().toUri(), serviceProperties);
        }
    }

    @ConditionalOnProperty(value = {"security.cas.service.resolution-mode"}, havingValue = "static", matchIfMissing = true)
    /* loaded from: input_file:com/kakawait/spring/boot/security/cas/autoconfigure/CasSecurityAutoConfiguration$StaticCasSecurityConfiguration.class */
    static class StaticCasSecurityConfiguration extends AbstractCasSecurityConfiguration {
        public StaticCasSecurityConfiguration(CasSecurityProperties casSecurityProperties, ServiceProperties serviceProperties) {
            super(casSecurityProperties, serviceProperties);
        }

        @ConditionalOnMissingBean({CasAuthenticationEntryPoint.class})
        @Bean
        CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
            CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
            casAuthenticationEntryPoint.setServiceProperties(getServiceProperties());
            casAuthenticationEntryPoint.setLoginUrl(getServerLoginUrl());
            return casAuthenticationEntryPoint;
        }

        @ConditionalOnMissingBean({ServiceAuthenticationDetailsSource.class})
        @Bean
        ServiceAuthenticationDetailsSource serviceAuthenticationDetailsSource() {
            return new ServiceAuthenticationDetailsSource(getServiceProperties());
        }

        @ConditionalOnMissingBean({LogoutSuccessHandler.class})
        @Bean
        LogoutSuccessHandler casLogoutSuccessHandler(CasSecurityProperties casSecurityProperties, ServiceProperties serviceProperties) {
            return new CasLogoutSuccessHandler(UriComponentsBuilder.fromUri(casSecurityProperties.getServer().getBaseUrl()).path(casSecurityProperties.getServer().getPaths().getLogout()).build().toUri(), serviceProperties);
        }
    }

    @ConditionalOnMissingBean({ServiceProperties.class})
    @ConditionalOnProperty(value = {"security.cas.service.resolution-mode"}, havingValue = "static", matchIfMissing = true)
    @Bean
    ServiceProperties serviceProperties(CasSecurityProperties casSecurityProperties) throws Exception {
        ServiceProperties serviceProperties = new ServiceProperties();
        URI baseUrl = casSecurityProperties.getService().getBaseUrl();
        Assert.notNull(baseUrl, "Cas service base url must not be null (ref property security.cas.service.base-url)");
        serviceProperties.setService(buildUrl(baseUrl, casSecurityProperties.getService().getPaths().getLogin()));
        serviceProperties.setAuthenticateAllArtifacts(true);
        serviceProperties.afterPropertiesSet();
        return serviceProperties;
    }

    @ConditionalOnMissingBean({ServiceProperties.class})
    @ConditionalOnProperty(value = {"security.cas.service.resolution-mode"}, havingValue = "dynamic")
    @Bean
    ServiceProperties laxServiceProperties() throws Exception {
        LaxServiceProperties laxServiceProperties = new LaxServiceProperties();
        laxServiceProperties.setAuthenticateAllArtifacts(true);
        laxServiceProperties.afterPropertiesSet();
        return laxServiceProperties;
    }

    @ConditionalOnMissingBean({ProxyGrantingTicketStorage.class})
    @Bean
    ProxyGrantingTicketStorage proxyGrantingTicketStorage() {
        return new ProxyGrantingTicketStorageImpl();
    }

    @ConditionalOnMissingBean({AssertionProvider.class})
    @Bean
    AssertionProvider securityContextHolderAssertionProvider() {
        return new SecurityContextHolderAssertionProvider();
    }

    @ConditionalOnMissingBean({ProxyTicketProvider.class})
    @Bean
    ProxyTicketProvider attributePrincipalProxyTicketProvider(AssertionProvider assertionProvider) {
        return new AttributePrincipalProxyTicketProvider(assertionProvider);
    }

    @ConditionalOnClass(name = {"org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration"})
    @Bean
    CasSecurityConfigurer springBoot1CasSecurityConfigurerAdapter(SecurityProperties securityProperties) {
        return new SpringBoot1CasHttpSecurityConfigurerAdapter(new SpringBoot1CasHttpSecurityConfigurerAdapter.SpringBoot1SecurityProperties(securityProperties));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String buildUrl(@NonNull URI uri, @NonNull String str) {
        if (uri == null) {
            throw new IllegalArgumentException("baseUrl is null");
        }
        if (str == null) {
            throw new IllegalArgumentException("path is null");
        }
        return UriComponentsBuilder.fromUri(uri).path(str).toUriString();
    }
}
