package com.jzt.wotu.sso;

import jakarta.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.client.RestTemplate;

@EnableConfigurationProperties({SsoProperties.class})
@Configuration
@EnableWebSecurity
@ComponentScan
/* loaded from: input_file:com/jzt/wotu/sso/KeycloakSecurityConfig.class */
public class KeycloakSecurityConfig {

    @Autowired
    private KeycloakLogoutHandler keycloakLogoutHandler;

    @Autowired
    private SsoProperties properties;

    @Autowired(required = false)
    private MultiAuth multiAuth;

    @Autowired
    private SSOAuthService ssoAuthService;

    /* loaded from: input_file:com/jzt/wotu/sso/KeycloakSecurityConfig$IgnoreKeycloakProcessingFilterRequestMatcher.class */
    private class IgnoreKeycloakProcessingFilterRequestMatcher implements RequestMatcher {
        IgnoreKeycloakProcessingFilterRequestMatcher() {
        }

        public boolean matches(HttpServletRequest httpServletRequest) {
            return !FilterPathHelper.checkWhiteList(KeycloakSecurityConfig.this.properties.getIgnore(), httpServletRequest.getRequestURI()) ? httpServletRequest.getHeader("Authorization") != null : (KeycloakSecurityConfig.this.multiAuth == null || !KeycloakSecurityConfig.this.multiAuth.isMultiAuth() || httpServletRequest.getUserPrincipal() != null || KeycloakSecurityConfig.this.ssoAuthService.getCurrentUser() == null) ? false : false;
        }
    }

    @Bean
    public RestTemplate restTemplate() {
        return new RestTemplate();
    }

    @Bean
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new NullAuthenticatedSessionStrategy();
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.addFilterAfter(new JWTAuthorizationFilter(), UsernamePasswordAuthenticationFilter.class).authorizeRequests().requestMatchers(this.properties.getIgnore())).permitAll().anyRequest()).authenticated().and().logout().logoutUrl("/logout").logoutSuccessUrl("/login").and().csrf().disable();
        httpSecurity.headers().frameOptions().disable();
        return (SecurityFilterChain) httpSecurity.build();
    }
}
