package com.xforceplus.ultraman.extensions.admin.om.configuration;

import com.xforceplus.ultraman.extensions.admin.om.security.MyBasicAuthenticationEntryPoint;
import java.io.IOException;
import java.util.Arrays;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.web.filter.OncePerRequestFilter;

@ConditionalOnProperty(value = {"xplat.oqsengine.sdk.basic.enabled"}, matchIfMissing = true)
@EnableWebSecurity
/* loaded from: input_file:com/xforceplus/ultraman/extensions/admin/om/configuration/CustomWebSecurityConfigurerAdapter.class */
public class CustomWebSecurityConfigurerAdapter {

    @Autowired
    private MyBasicAuthenticationEntryPoint authenticationEntryPoint;

    @Value("${xplat.oqsengine.sdk.basic.user:admin}")
    private String user;

    @Value("${xplat.oqsengine.sdk.basic.pass:xforceplus}")
    private String password;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.inMemoryAuthentication().withUser(this.user).password(passwordEncoder().encode(this.password)).authorities(new String[]{"ROLE_USER"});
    }

    @Autowired
    @Order(1)
    public void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        authenticationManagerBuilder.authenticationProvider(new AuthenticationProvider() { // from class: com.xforceplus.ultraman.extensions.admin.om.configuration.CustomWebSecurityConfigurerAdapter.1
            public Authentication authenticate(Authentication authentication) throws AuthenticationException {
                authentication.setAuthenticated(true);
                return authentication;
            }

            public boolean supports(Class<?> cls) {
                return cls == XplatTokenAuthentication.class;
            }
        });
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        return (SecurityFilterChain) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().authorizeHttpRequests().antMatchers(new String[]{"/data-om/**"})).authenticated().and().addFilterBefore(new OncePerRequestFilter() { // from class: com.xforceplus.ultraman.extensions.admin.om.configuration.CustomWebSecurityConfigurerAdapter.2
            protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
                Cookie[] cookies = httpServletRequest.getCookies();
                if (cookies != null && Arrays.stream(cookies).anyMatch(cookie -> {
                    return cookie.getName().equalsIgnoreCase("xforce-saas-token") || cookie.getName().equalsIgnoreCase("xforce-app-token");
                })) {
                    XplatTokenAuthentication xplatTokenAuthentication = new XplatTokenAuthentication(null);
                    xplatTokenAuthentication.setAuthenticated(true);
                    SecurityContext createEmptyContext = SecurityContextHolder.createEmptyContext();
                    createEmptyContext.setAuthentication(xplatTokenAuthentication);
                    SecurityContextHolder.setContext(createEmptyContext);
                }
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        }, BasicAuthenticationFilter.class).httpBasic().and().authorizeHttpRequests().antMatchers(new String[]{"/**"})).permitAll().and().build();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }
}
