package com.github.fosin.cdp.oauth2.config;

import com.github.fosin.cdp.oauth2.dto.AuthorityDto;
import com.github.fosin.cdp.util.StringUtil;
import java.util.List;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.web.cors.CorsConfiguration;

@Configuration
/* loaded from: input_file:com/github/fosin/cdp/oauth2/config/ResourceServerConfigurer.class */
public class ResourceServerConfigurer extends ResourceServerConfigurerAdapter {

    @Autowired
    private Oauth2Properties oauth2Properties;

    @Autowired
    private AuthorityConfig authorityConfig;

    public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) throws Exception {
        super.configure(resourceServerSecurityConfigurer);
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        List allowedOrigins;
        if (this.oauth2Properties.getDisableCsrf() != null) {
            if (this.oauth2Properties.getDisableCsrf().booleanValue()) {
                httpSecurity.csrf().disable();
            } else {
                httpSecurity.csrf();
            }
        }
        if (this.oauth2Properties.getDisableHttpBasic() != null) {
            if (this.oauth2Properties.getDisableHttpBasic().booleanValue()) {
                httpSecurity.httpBasic().disable();
            } else {
                httpSecurity.httpBasic();
            }
        }
        CorsConfiguration cors = this.oauth2Properties.getCors();
        if (cors != null && (allowedOrigins = cors.getAllowedOrigins()) != null) {
            if (allowedOrigins.size() == 0) {
                httpSecurity.cors().disable();
            } else {
                httpSecurity.cors();
            }
        }
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests = httpSecurity.authorizeRequests();
        for (Map<String, String> map : this.oauth2Properties.getBlackWhiteList()) {
            String str = map.get("path");
            HttpMethod resolve = HttpMethod.resolve(map.get("method"));
            String str2 = map.get("permission");
            ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl authorizedUrl = getAuthorizedUrl(authorizeRequests, str, resolve);
            if (authorizedUrl != null) {
                if ("deny".equals(str2)) {
                    authorizedUrl.denyAll();
                } else {
                    authorizedUrl.permitAll();
                }
            }
        }
        if (this.authorityConfig != null) {
            this.authorityConfig.getAuthorityDtos().forEach(authorityDto -> {
                HttpMethod[] method = authorityDto.getMethod();
                if (method == null || method.length == 0) {
                    setAuthority(authorityDto, getAuthorizedUrl(authorizeRequests, authorityDto.getPath(), null));
                    return;
                }
                for (HttpMethod httpMethod : method) {
                    setAuthority(authorityDto, getAuthorizedUrl(authorizeRequests, authorityDto.getPath(), httpMethod));
                }
            });
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) authorizeRequests.anyRequest()).authenticated();
        httpSecurity.headers().frameOptions().disable();
        httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.IF_REQUIRED).and().exceptionHandling().authenticationEntryPoint((httpServletRequest, httpServletResponse, authenticationException) -> {
            httpServletResponse.sendError(401);
        });
    }

    private void setAuthority(AuthorityDto authorityDto, ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl authorizedUrl) {
        if (authorizedUrl != null) {
            if (authorityDto.getAuthority() != null) {
                authorizedUrl.hasAuthority(authorityDto.getAuthority());
            }
            if (authorityDto.getRole() != null) {
                authorizedUrl.hasRole(authorityDto.getRole());
            }
        }
    }

    protected ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl getAuthorizedUrl(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry, String str, HttpMethod httpMethod) {
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.AuthorizedUrl authorizedUrl = null;
        if (httpMethod != null) {
            authorizedUrl = StringUtil.hasText(str) ? (ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) expressionInterceptUrlRegistry.antMatchers(httpMethod, new String[]{str}) : (ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) expressionInterceptUrlRegistry.antMatchers(httpMethod);
        } else if (StringUtil.hasText(str)) {
            authorizedUrl = (ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) expressionInterceptUrlRegistry.antMatchers(new String[]{str});
        }
        return authorizedUrl;
    }
}
