package com.huawei.cdc.service.security.config;

import com.huawei.cdc.common.conf.CommonConfiguration;
import com.huawei.cdc.service.security.UserDetailsServiceImpl;
import com.huawei.cdc.service.security.entrypoint.FIEntryPoint;
import com.huawei.cdc.service.security.filter.CasAuthenticationFilterWrapper;
import com.huawei.cdc.service.security.filter.CasRequestWrapper;
import com.huawei.cdc.service.security.filter.FIBasicAuthenticationFilter;
import com.huawei.cdc.service.security.filter.FICSRFPreventionFilter;
import com.huawei.cdc.service.security.filter.FIDelegationAuthenticationFilter;
import com.huawei.cdc.service.security.filter.FILogoutFilter;
import com.huawei.cdc.service.security.provider.FIKerberosAuthenticationProvider;
import com.huawei.cdc.service.util.CommonConstants;
import java.util.Collections;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.cas.web.CasAuthenticationFilter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

@EnableWebSecurity
@Configuration
/* loaded from: input_file:com/huawei/cdc/service/security/config/SecurityConfig.class */
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private CasConfig casConfig;

    @Autowired
    private UserDetailsServiceImpl userDetailsService;

    public void configure(WebSecurity webSecurity) throws Exception {
        webSecurity.ignoring().antMatchers(new String[]{"/**/*.js", "/**/*.css", "/**/*.png", "/**/*.ico"});
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        if (CommonConfiguration.CLUSTER_SECURITY) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).authenticated().and().logout().permitAll();
        } else {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).permitAll();
        }
        httpSecurity.exceptionHandling().authenticationEntryPoint(casAuthenticationEntryPoint()).and().addFilterAt(casAuthenticationFilter(), CasAuthenticationFilter.class).addFilterAfter(casRequestWrapper(), CasAuthenticationFilter.class).addFilterBefore(casLogoutFilter(), LogoutFilter.class).addFilterBefore(singleSignOutFilter(), CasAuthenticationFilter.class).addFilterAt(fiDelegationAuthenticationFilter(), BasicAuthenticationFilter.class);
        httpSecurity.csrf().disable();
    }

    protected void configure(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
        super.configure(authenticationManagerBuilder);
    }

    @Bean
    public CasAuthenticationEntryPoint casAuthenticationEntryPoint() {
        CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
        casAuthenticationEntryPoint.setLoginUrl(this.casConfig.getLoginUrl());
        casAuthenticationEntryPoint.setServiceProperties(serviceProperties());
        return casAuthenticationEntryPoint;
    }

    @Bean
    public ServiceProperties serviceProperties() {
        ServiceProperties serviceProperties = new ServiceProperties();
        serviceProperties.setService(this.casConfig.getAppServerUrl());
        serviceProperties.setSendRenew(false);
        return serviceProperties;
    }

    public CasAuthenticationFilter casAuthenticationFilter() {
        CasAuthenticationFilterWrapper casAuthenticationFilterWrapper = new CasAuthenticationFilterWrapper();
        casAuthenticationFilterWrapper.setAuthenticationManager(authenticationManager());
        casAuthenticationFilterWrapper.setAuthenticationSuccessHandler(simpleUrlAuthenticationSuccessHandler());
        return casAuthenticationFilterWrapper;
    }

    public CasRequestWrapper casRequestWrapper() {
        CasRequestWrapper casRequestWrapper = new CasRequestWrapper();
        casRequestWrapper.setServiceUrl(this.casConfig.getAppServerUrl());
        return casRequestWrapper;
    }

    public FIDelegationAuthenticationFilter fiDelegationAuthenticationFilter() {
        return new FIDelegationAuthenticationFilter(Collections.singletonList(new FIBasicAuthenticationFilter(authenticationManager(), new FIEntryPoint())));
    }

    public FICSRFPreventionFilter ficsrfPreventionFilter() {
        FICSRFPreventionFilter fICSRFPreventionFilter = new FICSRFPreventionFilter();
        fICSRFPreventionFilter.init(this.casConfig);
        return fICSRFPreventionFilter;
    }

    @Bean
    public AuthenticationManager authenticationManager() {
        return new ProviderManager(new AuthenticationProvider[]{casAuthenticationProvider(), kerberosAuthenticationProvider()});
    }

    @Bean
    public FILogoutFilter casLogoutFilter() {
        FILogoutFilter fILogoutFilter = new FILogoutFilter(this.casConfig.getLogoutUrl(), new SecurityContextLogoutHandler());
        fILogoutFilter.setFilterProcessesUrl("/cdl/logout");
        return fILogoutFilter;
    }

    @Bean
    public SingleSignOutFilter singleSignOutFilter() {
        SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
        singleSignOutFilter.setIgnoreInitConfiguration(true);
        return singleSignOutFilter;
    }

    @Bean
    public CasAuthenticationProvider casAuthenticationProvider() {
        CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
        casAuthenticationProvider.setAuthenticationUserDetailsService(this.userDetailsService);
        casAuthenticationProvider.setServiceProperties(serviceProperties());
        casAuthenticationProvider.setTicketValidator(cas20ServiceTicketValidator());
        casAuthenticationProvider.setKey("casAuthenticationProviderKey");
        return casAuthenticationProvider;
    }

    @Bean
    public Cas20ServiceTicketValidator cas20ServiceTicketValidator() {
        Cas20ServiceTicketValidator cas20ServiceTicketValidator = new Cas20ServiceTicketValidator(this.casConfig.getCasServerUrl());
        cas20ServiceTicketValidator.setRenew(false);
        return cas20ServiceTicketValidator;
    }

    @Bean
    public FIKerberosAuthenticationProvider kerberosAuthenticationProvider() {
        return new FIKerberosAuthenticationProvider();
    }

    @Bean
    public SimpleUrlAuthenticationSuccessHandler simpleUrlAuthenticationSuccessHandler() {
        SimpleUrlAuthenticationSuccessHandler simpleUrlAuthenticationSuccessHandler = new SimpleUrlAuthenticationSuccessHandler();
        simpleUrlAuthenticationSuccessHandler.setAlwaysUseDefaultTargetUrl(true);
        simpleUrlAuthenticationSuccessHandler.setDefaultTargetUrl(this.casConfig.getAppServerUrl().replace("/login/cas", CommonConstants.EMPTY) + "/cdl");
        return simpleUrlAuthenticationSuccessHandler;
    }
}
