package egovframework.rte.fdl.security.config;

import java.lang.reflect.Field;
import java.lang.reflect.Method;
import java.util.Iterator;
import javax.annotation.PostConstruct;
import javax.servlet.Filter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.authentication.encoding.Md5PasswordEncoder;
import org.springframework.security.authentication.encoding.PlaintextPasswordEncoder;
import org.springframework.security.authentication.encoding.ShaPasswordEncoder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
import org.springframework.security.web.access.ExceptionTranslationFilter;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutFilter;
import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:egovframework/rte/fdl/security/config/SecurityConfigInitializer.class */
public class SecurityConfigInitializer implements ApplicationContextAware {
    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityConfigInitializer.class);
    private ApplicationContext context;
    private SecurityConfig config;

    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.context = applicationContext;
        this.config = (SecurityConfig) this.context.getBean(SecurityConfig.class);
    }

    @PostConstruct
    public void init() {
        LOGGER.debug("init() started...");
        if (StringUtils.hasText(this.config.getAccessDeniedUrl())) {
            LOGGER.debug("Replaced access denied url : {}", this.config.getAccessDeniedUrl());
            registerAccessDeniedUrl(this.config.getAccessDeniedUrl());
        }
        if (StringUtils.hasText(this.config.getLoginUrl())) {
            LOGGER.debug("Replaced login url : {}", this.config.getLoginUrl());
            registerLoginUrl();
        }
        if (StringUtils.hasText(this.config.getLoginFailureUrl())) {
            LOGGER.debug("Replaced login failure url : {}", this.config.getLoginFailureUrl());
            registerLoginFailureUrl(this.config.getLoginFailureUrl());
        }
        if (StringUtils.hasText(this.config.getLogoutSuccessUrl())) {
            LOGGER.debug("Replaced logout success url : {}", this.config.getLogoutSuccessUrl());
            registerLogoutSuccessUrl(this.config.getLogoutSuccessUrl());
        }
        registerJdbcInfo(this.config.getJdbcUsersByUsernameQuery(), this.config.getJdbcAuthoritiesByUsernameQuery(), this.config.getJdbcMapClass());
        if (StringUtils.hasText(this.config.getHash())) {
            LOGGER.debug("Password Encoder Algorithm : {}", this.config.getHash());
            registerHash(this.config.getHash(), this.config.isHashBase64());
        }
        if (this.config.getConcurrentMaxSessons() > 0 || StringUtils.hasText(this.config.getConcurrentExpiredUrl())) {
            LOGGER.debug("Concurrent max sessions : {}", Integer.valueOf(this.config.getConcurrentMaxSessons()));
            LOGGER.debug("Concurrent concurrent expired url  : {}", this.config.getConcurrentExpiredUrl());
            registerConcurrentControl(this.config.getConcurrentMaxSessons(), this.config.getConcurrentExpiredUrl());
        }
        if (StringUtils.hasText(this.config.getDefaultTargetUrl())) {
            LOGGER.debug("Default target url : {}", this.config.getDefaultTargetUrl());
            registerDefaultTargetUrl(this.config.getDefaultTargetUrl());
        }
        LOGGER.debug("init() ended...");
    }

    private <T extends Filter> T getSecurityFilter(Class<T> cls) {
        Iterator it = this.context.getBeansOfType(DefaultSecurityFilterChain.class).values().iterator();
        while (it.hasNext()) {
            for (Filter filter : ((DefaultSecurityFilterChain) it.next()).getFilters()) {
                if (cls.isInstance(filter)) {
                    return cls.cast(filter);
                }
            }
        }
        throw new NoSuchBeanDefinitionException(cls);
    }

    private void registerLogoutSuccessUrl(String str) {
        LogoutFilter securityFilter = getSecurityFilter(LogoutFilter.class);
        checkUrl(str);
        try {
            Field declaredField = securityFilter.getClass().getDeclaredField("logoutSuccessHandler");
            declaredField.setAccessible(true);
            ((SimpleUrlLogoutSuccessHandler) declaredField.get(securityFilter)).setDefaultTargetUrl(str);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private void registerLoginFailureUrl(String str) {
        UsernamePasswordAuthenticationFilter securityFilter = getSecurityFilter(UsernamePasswordAuthenticationFilter.class);
        checkUrl(str);
        try {
            Method declaredMethod = AbstractAuthenticationProcessingFilter.class.getDeclaredMethod("getFailureHandler", (Class[]) null);
            declaredMethod.setAccessible(true);
            ((SimpleUrlAuthenticationFailureHandler) declaredMethod.invoke(securityFilter, (Object[]) null)).setDefaultFailureUrl(str);
        } catch (Exception e) {
            LOGGER.error("## registerLoginFailureUrl : {}", e);
            throw new RuntimeException(e);
        }
    }

    private void registerLoginUrl() {
    }

    protected void registerAccessDeniedUrl(String str) {
        ExceptionTranslationFilter securityFilter = getSecurityFilter(ExceptionTranslationFilter.class);
        checkUrl(str);
        AccessDeniedHandlerImpl accessDeniedHandlerImpl = new AccessDeniedHandlerImpl();
        accessDeniedHandlerImpl.setErrorPage(str);
        securityFilter.setAccessDeniedHandler(accessDeniedHandlerImpl);
    }

    protected void registerJdbcInfo(String str, String str2, String str3) {
    }

    protected void registerHash(String str, boolean z) {
        DaoAuthenticationProvider daoAuthenticationProvider = (DaoAuthenticationProvider) this.context.getBean(DaoAuthenticationProvider.class);
        if (str.equalsIgnoreCase("plaintext")) {
            daoAuthenticationProvider.setPasswordEncoder(new PlaintextPasswordEncoder());
            return;
        }
        if (str.equalsIgnoreCase("md5")) {
            Md5PasswordEncoder md5PasswordEncoder = new Md5PasswordEncoder();
            md5PasswordEncoder.setEncodeHashAsBase64(z);
            daoAuthenticationProvider.setPasswordEncoder(md5PasswordEncoder);
        } else if (str.equalsIgnoreCase("sha")) {
            ShaPasswordEncoder shaPasswordEncoder = new ShaPasswordEncoder();
            shaPasswordEncoder.setEncodeHashAsBase64(z);
            daoAuthenticationProvider.setPasswordEncoder(shaPasswordEncoder);
        } else if (str.equalsIgnoreCase("sha-256")) {
            ShaPasswordEncoder shaPasswordEncoder2 = new ShaPasswordEncoder(256);
            shaPasswordEncoder2.setEncodeHashAsBase64(z);
            daoAuthenticationProvider.setPasswordEncoder(shaPasswordEncoder2);
        } else {
            if (!str.equalsIgnoreCase("bcrypt")) {
                throw new IllegalArgumentException("'hash' attribute have to be plaintext, md5, sha, sha-256, or bcrypt");
            }
            daoAuthenticationProvider.setPasswordEncoder(new BCryptPasswordEncoder());
        }
    }

    private void registerConcurrentControl(int i, String str) {
    }

    private void registerDefaultTargetUrl(String str) {
        AbstractAuthenticationProcessingFilter securityFilter = getSecurityFilter(AbstractAuthenticationProcessingFilter.class);
        checkUrl(str);
        try {
            Method declaredMethod = AbstractAuthenticationProcessingFilter.class.getDeclaredMethod("getSuccessHandler", (Class[]) null);
            declaredMethod.setAccessible(true);
            SavedRequestAwareAuthenticationSuccessHandler savedRequestAwareAuthenticationSuccessHandler = (SavedRequestAwareAuthenticationSuccessHandler) declaredMethod.invoke(securityFilter, (Object[]) null);
            savedRequestAwareAuthenticationSuccessHandler.setAlwaysUseDefaultTargetUrl(true);
            savedRequestAwareAuthenticationSuccessHandler.setDefaultTargetUrl(str);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private void checkUrl(String str) {
        if (UrlUtils.isValidRedirectUrl(str)) {
            return;
        }
        LOGGER.warn("Url ({} is not a valid redirect URL (must start with '/' or http(s))", str);
    }
}
