package com.kakawait.spring.boot.security.cas;

import java.lang.reflect.Field;
import java.util.List;
import javax.annotation.PostConstruct;
import lombok.NonNull;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.validation.TicketValidator;
import org.springframework.boot.autoconfigure.security.SecurityAuthorizeMode;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration;
import org.springframework.context.ApplicationContext;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.SecurityBuilder;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.ChannelSecurityConfigurer;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.csrf.CsrfFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.ReflectionUtils;

/* loaded from: input_file:com/kakawait/spring/boot/security/cas/CasHttpSecurityConfigurer.class */
public class CasHttpSecurityConfigurer extends AbstractHttpConfigurer<CasHttpSecurityConfigurer, HttpSecurity> {
    private final AuthenticationManager authenticationManager;
    private CasHttpSecurityConfigurerAdapter securityConfigurerAdapter;
    private boolean isInitialized;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/kakawait/spring/boot/security/cas/CasHttpSecurityConfigurer$CasHttpSecurityConfigurerAdapter.class */
    public static class CasHttpSecurityConfigurerAdapter extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
        private final CasAuthenticationFilterConfigurer filterConfigurer = new CasAuthenticationFilterConfigurer();
        private final CasSingleSignOutFilterConfigurer singleSignOutFilterConfigurer = new CasSingleSignOutFilterConfigurer();
        private final CasAuthenticationProviderSecurityBuilder providerBuilder = new CasAuthenticationProviderSecurityBuilder();
        private final List<CasSecurityConfigurer> configurers;
        private final SecurityProperties securityProperties;
        private final CasSecurityProperties casSecurityProperties;
        private final CasAuthenticationEntryPoint authenticationEntryPoint;
        private final ServiceProperties serviceProperties;
        private final TicketValidator ticketValidator;
        private final AuthenticationManagerBuilder authenticationManagerBuilder;
        private AuthenticationManager authenticationManager;
        private boolean authenticationManagerInitialized;

        public CasHttpSecurityConfigurerAdapter(List<CasSecurityConfigurer> list, SecurityProperties securityProperties, CasSecurityProperties casSecurityProperties, CasAuthenticationEntryPoint casAuthenticationEntryPoint, ServiceProperties serviceProperties, TicketValidator ticketValidator, ObjectPostProcessor<Object> objectPostProcessor) {
            this.configurers = list;
            this.securityProperties = securityProperties;
            this.casSecurityProperties = casSecurityProperties;
            this.authenticationEntryPoint = casAuthenticationEntryPoint;
            this.serviceProperties = serviceProperties;
            this.ticketValidator = ticketValidator;
            this.authenticationManagerBuilder = new AuthenticationManagerBuilder(objectPostProcessor);
        }

        @PostConstruct
        private void init() {
            this.configurers.forEach(casSecurityConfigurer -> {
                casSecurityConfigurer.configure(this.filterConfigurer);
                casSecurityConfigurer.configure(this.singleSignOutFilterConfigurer);
                casSecurityConfigurer.configure(this.providerBuilder);
            });
        }

        public void init(HttpSecurity httpSecurity) throws Exception {
            CasAuthenticationFilter casAuthenticationFilter = new CasAuthenticationFilter();
            casAuthenticationFilter.setAuthenticationManager(authenticationManager());
            casAuthenticationFilter.setRequiresAuthenticationRequestMatcher(getAuthenticationRequestMatcher());
            casAuthenticationFilter.setServiceProperties(this.serviceProperties);
            this.filterConfigurer.configure(casAuthenticationFilter);
            SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
            this.singleSignOutFilterConfigurer.configure(singleSignOutFilter);
            if (this.securityProperties.isRequireSsl()) {
                ((ChannelSecurityConfigurer.RequiresChannelUrl) httpSecurity.requiresChannel().anyRequest()).requiresSecure();
            }
            if (!this.securityProperties.isEnableCsrf()) {
                httpSecurity.csrf().disable();
            }
            SpringBootWebSecurityConfiguration.configureHeaders(httpSecurity.headers(), this.securityProperties.getHeaders());
            httpSecurity.exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint).and().addFilterBefore(singleSignOutFilter, CsrfFilter.class).addFilter(casAuthenticationFilter);
            if (this.securityProperties.getBasic().isEnabled()) {
                httpSecurity.addFilterBefore(new BasicAuthenticationFilter((AuthenticationManager) ((ApplicationContext) httpSecurity.getSharedObject(ApplicationContext.class)).getBean(AuthenticationManager.class)), CasAuthenticationFilter.class);
            }
            SecurityAuthorizeMode authorizeMode = this.casSecurityProperties.getAuthorizeMode();
            if (authorizeMode == SecurityAuthorizeMode.ROLE) {
                List role = this.securityProperties.getUser().getRole();
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).hasAnyRole((String[]) role.toArray(new String[role.size()]));
            } else if (authorizeMode == SecurityAuthorizeMode.AUTHENTICATED) {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).authenticated();
            }
        }

        void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
            CasAuthenticationProvider m0build = this.providerBuilder.m0build();
            m0build.setServiceProperties(this.serviceProperties);
            Field findField = ReflectionUtils.findField(CasAuthenticationProvider.class, "ticketValidator");
            ReflectionUtils.makeAccessible(findField);
            if (ReflectionUtils.getField(findField, m0build) == null) {
                m0build.setTicketValidator(this.ticketValidator);
            }
            m0build.afterPropertiesSet();
            authenticationManagerBuilder.authenticationProvider(m0build);
        }

        AuthenticationManager authenticationManager() throws Exception {
            if (!this.authenticationManagerInitialized) {
                configure(this.authenticationManagerBuilder);
                this.authenticationManager = (AuthenticationManager) this.authenticationManagerBuilder.build();
                this.authenticationManagerInitialized = true;
            }
            return this.authenticationManager;
        }

        void setAuthenticationManager(@NonNull AuthenticationManager authenticationManager) {
            if (authenticationManager == null) {
                throw new IllegalArgumentException("authenticationManager is null");
            }
            this.authenticationManagerInitialized = true;
            this.authenticationManager = authenticationManager;
        }

        private RequestMatcher getAuthenticationRequestMatcher() {
            return new AntPathRequestMatcher(this.casSecurityProperties.getService().getPaths().getLogin());
        }
    }

    private CasHttpSecurityConfigurer() {
        this(null);
    }

    private CasHttpSecurityConfigurer(AuthenticationManager authenticationManager) {
        this.isInitialized = false;
        this.authenticationManager = authenticationManager;
    }

    public static AbstractHttpConfigurer<CasHttpSecurityConfigurer, HttpSecurity> cas() {
        return new CasHttpSecurityConfigurer();
    }

    public static AbstractHttpConfigurer<CasHttpSecurityConfigurer, HttpSecurity> cas(AuthenticationManager authenticationManager) {
        return new CasHttpSecurityConfigurer(authenticationManager);
    }

    @Deprecated
    public void init(HttpSecurity httpSecurity) throws Exception {
        if (this.isInitialized) {
            return;
        }
        getCasHttpSecurityConfigurerAdapter((ApplicationContext) httpSecurity.getSharedObject(ApplicationContext.class)).init(httpSecurity);
        this.isInitialized = true;
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        init(httpSecurity);
        getCasHttpSecurityConfigurerAdapter((ApplicationContext) httpSecurity.getSharedObject(ApplicationContext.class)).configure((SecurityBuilder) httpSecurity);
    }

    private CasHttpSecurityConfigurerAdapter getCasHttpSecurityConfigurerAdapter(ApplicationContext applicationContext) {
        if (this.securityConfigurerAdapter == null) {
            this.securityConfigurerAdapter = (CasHttpSecurityConfigurerAdapter) applicationContext.getAutowireCapableBeanFactory().createBean(CasHttpSecurityConfigurerAdapter.class);
        }
        if (this.authenticationManager != null) {
            this.securityConfigurerAdapter.setAuthenticationManager(this.authenticationManager);
        }
        return this.securityConfigurerAdapter;
    }
}
