package com.swallowframe.spring.boot.autoconfigure;

import com.swallowframe.core.pc.api.open.filter.OpenFilter;
import com.swallowframe.core.pc.api.shiro.AccessTokenGenerator;
import com.swallowframe.core.pc.api.shiro.MultiRoleRealmAuthenticator;
import com.swallowframe.core.pc.api.shiro.RedisShiroCacheManager;
import com.swallowframe.core.pc.api.shiro.RedisShiroSessionDao;
import com.swallowframe.core.pc.api.shiro.filter.AnonyFilter;
import com.swallowframe.core.pc.api.shiro.filter.OAuthFilter;
import com.swallowframe.core.pc.api.shiro.filter.RPCFilter;
import com.swallowframe.core.pc.api.shiro.realm.AppSecurityRealm;
import com.swallowframe.core.pc.api.shiro.realm.DeviceSecurityRealm;
import com.swallowframe.core.pc.api.shiro.realm.EnterpriseSecurityRealm;
import com.swallowframe.core.pc.api.shiro.realm.OpsSecurityRealm;
import com.swallowframe.core.pc.api.shiro.realm.PrincipalSecurityRealm;
import com.swallowframe.core.pc.api.shiro.realm.ShopSecurityRealm;
import com.swallowframe.core.pc.data.AbstractObject;
import com.swallowframe.spring.boot.autoconfigure.properties.ShiroProperties;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.StringTokenizer;
import javax.servlet.Filter;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.mgt.SessionsSecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.Cookie;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Import;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

@EnableConfigurationProperties({ShiroProperties.class})
@AutoConfigureAfter({OpenAutoConfiguration.class, JwtAutoConfiguration.class})
@Import({OpenAutoConfiguration.class, JwtAutoConfiguration.class})
/* loaded from: input_file:com/swallowframe/spring/boot/autoconfigure/AbstractShiroAutoConfiguration.class */
public abstract class AbstractShiroAutoConfiguration extends AbstractObject {
    private static final Logger log = LoggerFactory.getLogger(AbstractShiroAutoConfiguration.class);

    @Autowired(required = false)
    private OpenAutoConfiguration openAutoConfiguration;

    @Autowired(required = false)
    private JwtAutoConfiguration jwtAutoConfiguration;

    @Autowired
    private ApplicationContext context;

    @Bean
    public ShiroFilterFactoryBean shirFilter(@Value("${shiro.rpc.ip.expr:127.0.0.1|localhost}") String str, ShiroProperties shiroProperties, SecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        shiroFilterFactoryBean.setLoginUrl("/403");
        shiroFilterFactoryBean.setUnauthorizedUrl("/403");
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("oauth", oAuthFilter());
        linkedHashMap.put("rpc", new RPCFilter(str));
        linkedHashMap.put("cors", corsFilter());
        linkedHashMap.put("anon", new AnonyFilter());
        boolean z = Objects.nonNull(shiroProperties.getJwt()) && shiroProperties.getJwt().isEnabled() && Objects.nonNull(this.jwtAutoConfiguration);
        if (z) {
            linkedHashMap.putAll(getJwtFiltersMap(shiroProperties));
        }
        boolean z2 = Objects.nonNull(shiroProperties.getOpen()) && shiroProperties.getOpen().isEnabled() && Objects.nonNull(this.openAutoConfiguration);
        if (z2) {
            linkedHashMap.putAll(getOpenFiltersMap(shiroProperties));
        }
        shiroFilterFactoryBean.setFilters(linkedHashMap);
        LinkedHashMap linkedHashMap2 = new LinkedHashMap();
        if (Objects.nonNull(shiroProperties.getJwt())) {
            handleFilterChainDefinitions(linkedHashMap2, shiroProperties.getJwt().getFilterChainDefinitions());
        }
        if (Objects.nonNull(shiroProperties.getOpen())) {
            handleFilterChainDefinitions(linkedHashMap2, shiroProperties.getOpen().getFilterChainDefinitions());
        }
        if (Objects.nonNull(shiroProperties.getOauth())) {
            handleFilterChainDefinitions(linkedHashMap2, shiroProperties.getOauth().getFilterChainDefinitions());
        }
        linkedHashMap2.put("/swagger-ui.html", "cors,anon");
        linkedHashMap2.put("/webjars/**", "cors,anon");
        linkedHashMap2.put("/swagger-resources/**", "cors,anon");
        linkedHashMap2.put("/v2/**", "cors,anon");
        linkedHashMap2.put("/i", "cors,anon");
        linkedHashMap2.put("/admin/**", "cors,anon");
        linkedHashMap2.put("/403", "cors,anon");
        linkedHashMap2.put("/debug/**", "cors,anon");
        linkedHashMap2.put("/rpc/**", "anon,rpc");
        if (z) {
            linkedHashMap2.putAll(getJwtFilterChainDefinitionMap());
        }
        if (z2) {
            linkedHashMap2.putAll(getOpenFilterChainDefinitionMap());
        }
        if (Objects.nonNull(shiroProperties) && Objects.nonNull(shiroProperties.getOauth()) && Objects.nonNull(shiroProperties.getOauth().getAccessType())) {
            Map<String, Boolean> accessType = shiroProperties.getOauth().getAccessType();
            for (String str2 : accessType.keySet()) {
                if (accessType.get(str2).booleanValue()) {
                    linkedHashMap2.put(String.format("/%s/**", str2), String.format("cors,oauth,roles[%s]", str2.toUpperCase()));
                }
            }
        }
        linkedHashMap2.put("/**", "cors,oauth,roles[PRINCIPAL]");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(linkedHashMap2);
        return shiroFilterFactoryBean;
    }

    protected Map<String, Filter> getJwtFiltersMap(ShiroProperties shiroProperties) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("jwt", getJwtFilter(shiroProperties));
        return linkedHashMap;
    }

    protected Map<String, String> getJwtFilterChainDefinitionMap() {
        HashMap hashMap = new HashMap();
        hashMap.put("/jwt/**", "cors,anon,jwt");
        return hashMap;
    }

    protected Filter getJwtFilter(ShiroProperties shiroProperties) {
        return this.jwtAutoConfiguration.jwtFilter(shiroProperties);
    }

    protected Map<String, Filter> getOpenFiltersMap(ShiroProperties shiroProperties) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (shiroProperties.getOpen().isEnabled()) {
            OpenFilter openFilter = getOpenFilter(shiroProperties);
            if (Objects.isNull(openFilter)) {
                throw new Error("启动了Open，必须实现getOpenFilter方法。");
            }
            linkedHashMap.put("open", openFilter);
        }
        return linkedHashMap;
    }

    protected Map<String, String> getOpenFilterChainDefinitionMap() {
        HashMap hashMap = new HashMap();
        hashMap.put("/open/**", "cors,anon,open");
        return hashMap;
    }

    protected OpenFilter getOpenFilter(ShiroProperties shiroProperties) {
        return null;
    }

    private void handleFilterChainDefinitions(Map<String, String> map, String[] strArr) {
        if (Objects.nonNull(strArr)) {
            for (String str : strArr) {
                StringTokenizer stringTokenizer = new StringTokenizer(str, ":=", false);
                if (stringTokenizer.countTokens() == 2) {
                    map.put(stringTokenizer.nextToken(), "cors," + stringTokenizer.nextToken());
                }
            }
        }
    }

    public CorsFilter corsFilter() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.addAllowedOrigin("*");
        corsConfiguration.addAllowedHeader("*");
        corsConfiguration.addAllowedMethod("*");
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
        return new CorsFilter(urlBasedCorsConfigurationSource);
    }

    public OAuthFilter oAuthFilter() {
        return new OAuthFilter();
    }

    @Bean
    public SessionsSecurityManager securityManager(ShiroProperties shiroProperties) {
        DefaultWebSecurityManager defaultWebSecurityManager = new DefaultWebSecurityManager();
        defaultWebSecurityManager.setSessionManager(sessionManager(shiroProperties));
        defaultWebSecurityManager.setAuthenticator(modularRealmAuthenticator());
        ArrayList arrayList = new ArrayList();
        arrayList.add(principalSecurityRealm());
        if (Objects.nonNull(shiroProperties) && Objects.nonNull(shiroProperties.getOauth()) && Objects.nonNull(shiroProperties.getOauth().getAccessType())) {
            arrayList.addAll(getSecurityRealms(shiroProperties.getOauth().getAccessType()));
        }
        defaultWebSecurityManager.setRealms(arrayList);
        return defaultWebSecurityManager;
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:8:0x0049. Please report as an issue. */
    protected List<Realm> getSecurityRealms(Map<String, Boolean> map) {
        ArrayList arrayList = new ArrayList();
        for (String str : map.keySet()) {
            if (map.get(str).booleanValue()) {
                boolean z = -1;
                switch (str.hashCode()) {
                    case -1335157162:
                        if (str.equals("device")) {
                            z = true;
                            break;
                        }
                        break;
                    case -802737311:
                        if (str.equals("enterprise")) {
                            z = 4;
                            break;
                        }
                        break;
                    case 96801:
                        if (str.equals("app")) {
                            z = 2;
                            break;
                        }
                        break;
                    case 110258:
                        if (str.equals("ops")) {
                            z = false;
                            break;
                        }
                        break;
                    case 3529462:
                        if (str.equals("shop")) {
                            z = 3;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                        arrayList.add(opsSecurityRealm());
                        break;
                    case true:
                        arrayList.add(deviceSecurityRealm());
                        break;
                    case true:
                        arrayList.add(appSecurityRealm());
                        break;
                    case true:
                        arrayList.add(shopSecurityRealm());
                        break;
                    case true:
                        arrayList.add(enterpriseSecurityRealm());
                        break;
                }
            }
        }
        return arrayList;
    }

    @Bean
    public PrincipalSecurityRealm principalSecurityRealm() {
        return new PrincipalSecurityRealm();
    }

    @ConditionalOnProperty({"shiro.oauth.access-type.ops"})
    @Bean
    public OpsSecurityRealm opsSecurityRealm() {
        return new OpsSecurityRealm();
    }

    @ConditionalOnProperty({"shiro.oauth.access-type.device"})
    @Bean
    public DeviceSecurityRealm deviceSecurityRealm() {
        return new DeviceSecurityRealm();
    }

    @ConditionalOnProperty({"shiro.oauth.access-type.app"})
    @Bean
    public AppSecurityRealm appSecurityRealm() {
        return new AppSecurityRealm();
    }

    @ConditionalOnProperty({"shiro.oauth.access-type.shop"})
    @Bean
    public ShopSecurityRealm shopSecurityRealm() {
        return new ShopSecurityRealm();
    }

    @ConditionalOnProperty({"shiro.oauth.access-type.enterprise"})
    @Bean
    public EnterpriseSecurityRealm enterpriseSecurityRealm() {
        return new EnterpriseSecurityRealm();
    }

    @Bean
    public SessionManager sessionManager(ShiroProperties shiroProperties) {
        long j = 1800000;
        long j2 = 86400000;
        if (Objects.nonNull(shiroProperties) && Objects.nonNull(shiroProperties.getOauth()) && shiroProperties.getOauth().getGlobalSessionTimeout() + shiroProperties.getOauth().getSessionValidationInterval() > 0) {
            j = 1800000;
            j2 = 86400000;
        }
        DefaultWebSessionManager defaultWebSessionManager = new DefaultWebSessionManager();
        defaultWebSessionManager.setDeleteInvalidSessions(j2 > 0);
        defaultWebSessionManager.setSessionValidationInterval(j2);
        defaultWebSessionManager.setCacheManager(cacheManager());
        defaultWebSessionManager.setSessionDAO(sessionDAO(null));
        defaultWebSessionManager.setSessionIdCookieEnabled(false);
        defaultWebSessionManager.setSessionIdCookie(simpleCookie());
        defaultWebSessionManager.setGlobalSessionTimeout(j);
        return defaultWebSessionManager;
    }

    @Bean
    public Cookie simpleCookie() {
        SimpleCookie simpleCookie = new SimpleCookie();
        simpleCookie.setName("AccessToken");
        simpleCookie.setHttpOnly(true);
        return simpleCookie;
    }

    @Bean
    public SessionDAO sessionDAO(@Value("${spring.application.product}") String str) {
        RedisShiroSessionDao redisShiroSessionDao = new RedisShiroSessionDao(str);
        redisShiroSessionDao.setSessionIdGenerator(new AccessTokenGenerator());
        return redisShiroSessionDao;
    }

    @Bean
    public CacheManager cacheManager() {
        return new RedisShiroCacheManager();
    }

    @Bean
    public ModularRealmAuthenticator modularRealmAuthenticator() {
        return new MultiRoleRealmAuthenticator();
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(SecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }
}
