package com.jzt.wotu.sso;

import javax.servlet.http.HttpServletRequest;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter;
import org.keycloak.adapters.springsecurity.filter.AdapterStateCookieRequestMatcher;
import org.keycloak.adapters.springsecurity.filter.KeycloakAuthenticationProcessingFilter;
import org.keycloak.adapters.springsecurity.filter.QueryParamPresenceRequestMatcher;
import org.keycloak.adapters.springsecurity.management.HttpSessionManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

@EnableConfigurationProperties({SsoProperties.class})
@Configuration
@KeycloakConfiguration
@ComponentScan
/* loaded from: input_file:com/jzt/wotu/sso/KeycloakSecurityConfig.class */
public class KeycloakSecurityConfig extends KeycloakWebSecurityConfigurerAdapter {

    @Autowired
    private SecurityAuthenticationProvider authenticationProvider;

    @Autowired
    private SsoProperties properties;

    @Autowired
    private SSOAuthService ssoAuthService;

    /* loaded from: input_file:com/jzt/wotu/sso/KeycloakSecurityConfig$IgnoreKeycloakProcessingFilterRequestMatcher.class */
    private class IgnoreKeycloakProcessingFilterRequestMatcher implements RequestMatcher {
        IgnoreKeycloakProcessingFilterRequestMatcher() {
        }

        public boolean matches(HttpServletRequest httpServletRequest) {
            return KeycloakSecurityConfig.this.ssoAuthService.getCurrentUser() == null && !FilterPathHelper.checkWhiteList(KeycloakSecurityConfig.this.properties.getIgnore(), httpServletRequest.getRequestURI()) && httpServletRequest.getHeader("Authorization") == null;
        }
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) {
        authenticationManagerBuilder.authenticationProvider(this.authenticationProvider);
    }

    @Bean
    public KeycloakSpringBootConfigResolver keycloakConfigResolver() {
        return new KeycloakSpringBootConfigResolver();
    }

    @Bean
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new NullAuthenticatedSessionStrategy();
    }

    @Bean
    protected KeycloakAuthenticationProcessingFilter keycloakAuthenticationProcessingFilter() throws Exception {
        KeycloakAuthenticationProcessingFilter keycloakAuthenticationProcessingFilter = new KeycloakAuthenticationProcessingFilter(authenticationManagerBean(), new OrRequestMatcher(new RequestMatcher[]{new AntPathRequestMatcher("/sso/login"), new QueryParamPresenceRequestMatcher("access_token"), new AdapterStateCookieRequestMatcher(), new IgnoreKeycloakProcessingFilterRequestMatcher()}));
        keycloakAuthenticationProcessingFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy());
        keycloakAuthenticationProcessingFilter.setAuthenticationSuccessHandler(new AuthSuccessHandler());
        return keycloakAuthenticationProcessingFilter;
    }

    @ConditionalOnMissingBean({HttpSessionManager.class})
    @Bean
    protected HttpSessionManager httpSessionManager() {
        return new HttpSessionManager();
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        super.configure(httpSecurity);
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.addFilterBefore(new AuthFilter(this.properties), FilterSecurityInterceptor.class).authorizeRequests().antMatchers(this.properties.getIgnore())).permitAll().anyRequest()).authenticated().and().logout().logoutUrl("/logout").logoutSuccessUrl("/login").and().csrf().disable();
        httpSecurity.headers().frameOptions().disable();
    }
}
