package tp.ms.cas.security.config;

import javax.servlet.http.HttpSessionEvent;
import org.jasig.cas.client.session.SingleSignOutFilter;
import org.jasig.cas.client.session.SingleSignOutHttpSessionListener;
import org.jasig.cas.client.validation.Cas30ServiceTicketValidator;
import org.jasig.cas.client.validation.TicketValidator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.context.event.EventListener;
import org.springframework.security.cas.ServiceProperties;
import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
import org.springframework.security.cas.authentication.CasAuthenticationProvider;
import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.LogoutHandler;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;
import org.springframework.util.StringUtils;
import tp.ms.cas.security.permission.filter.MsEnvContextPersistenceFilter;
import tp.ms.cas.security.permission.filter.UrlLogoutSuccessHandler;

@EnableConfigurationProperties({MsCasSecurityProperties.class})
@Configuration
/* loaded from: input_file:tp/ms/cas/security/config/MsCasCoreSecurityConfig.class */
public class MsCasCoreSecurityConfig {

    @Autowired
    private MsCasSecurityProperties casSecurityProperties;

    public String getContextPath(String str) {
        String substring;
        if (str.startsWith("https://")) {
            substring = str.substring("https://".length());
        } else {
            if (!str.startsWith("http://")) {
                throw new RuntimeException("cas app service url is invalid value");
            }
            substring = str.substring("http://".length());
        }
        if (substring.indexOf("/") <= -1) {
            return "/";
        }
        String substring2 = substring.substring(substring.indexOf("/"));
        String substring3 = substring2.substring(1);
        return substring3.indexOf("/") > -1 ? "/" + substring3.substring(0, substring3.indexOf("/")) : substring2;
    }

    @Bean
    public FilterRegistrationBean<MsEnvContextPersistenceFilter> msEnvContextPersistenceFilter() {
        FilterRegistrationBean<MsEnvContextPersistenceFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        filterRegistrationBean.setFilter(new MsEnvContextPersistenceFilter());
        filterRegistrationBean.setOrder(-102);
        filterRegistrationBean.addUrlPatterns(new String[]{"/*"});
        return filterRegistrationBean;
    }

    @Bean
    public ServiceProperties serviceProperties() {
        ServiceProperties serviceProperties = new ServiceProperties();
        serviceProperties.setService(this.casSecurityProperties.getAppServiceUrl() + "/login/cas");
        serviceProperties.setSendRenew(false);
        return serviceProperties;
    }

    @Bean
    @Primary
    public AuthenticationEntryPoint authenticationEntryPoint(ServiceProperties serviceProperties) {
        CasAuthenticationEntryPoint casAuthenticationEntryPoint = new CasAuthenticationEntryPoint();
        casAuthenticationEntryPoint.setLoginUrl(this.casSecurityProperties.getCasServerUrl() + "/login");
        casAuthenticationEntryPoint.setServiceProperties(serviceProperties);
        return casAuthenticationEntryPoint;
    }

    @Bean
    public TicketValidator ticketValidator() {
        return new Cas30ServiceTicketValidator(this.casSecurityProperties.getCasServerUrl());
    }

    @Bean
    @Primary
    public CasAuthenticationProvider casAuthenticationProvider(AuthenticationUserDetailsService<CasAssertionAuthenticationToken> authenticationUserDetailsService) {
        CasAuthenticationProvider casAuthenticationProvider = new CasAuthenticationProvider();
        casAuthenticationProvider.setServiceProperties(serviceProperties());
        casAuthenticationProvider.setTicketValidator(ticketValidator());
        casAuthenticationProvider.setAuthenticationUserDetailsService(authenticationUserDetailsService);
        casAuthenticationProvider.setKey("CAS_PROVIDER_LOCALHOST_8123");
        return casAuthenticationProvider;
    }

    @Bean
    @Primary
    public MsAuthenticationUserDetailsService authenticationUserDetailsService(UserDetailsService userDetailsService) {
        return new MsAuthenticationUserDetailsService(userDetailsService);
    }

    @Bean
    @Primary
    public MsUserDetailsService userDetailsService() {
        return new MsUserDetailsService();
    }

    @Bean
    public SecurityContextLogoutHandler securityContextLogoutHandler() {
        return new SecurityContextLogoutHandler();
    }

    @Bean
    public LogoutFilter logoutFilter() {
        String str = this.casSecurityProperties.getCasServerUrl() + "/logout?service=" + this.casSecurityProperties.getAppServiceUrl();
        UrlLogoutSuccessHandler urlLogoutSuccessHandler = new UrlLogoutSuccessHandler();
        if (StringUtils.hasText(str)) {
            urlLogoutSuccessHandler.setDefaultTargetUrl(str);
        }
        return new LogoutFilter(urlLogoutSuccessHandler, new LogoutHandler[]{securityContextLogoutHandler()});
    }

    @Bean
    public SingleSignOutFilter singleSignOutFilter() {
        SingleSignOutFilter singleSignOutFilter = new SingleSignOutFilter();
        singleSignOutFilter.setCasServerUrlPrefix(this.casSecurityProperties.getCasServerUrl());
        singleSignOutFilter.setIgnoreInitConfiguration(true);
        return singleSignOutFilter;
    }

    @EventListener
    public SingleSignOutHttpSessionListener singleSignOutHttpSessionListener(HttpSessionEvent httpSessionEvent) {
        return new SingleSignOutHttpSessionListener();
    }
}
