package io.github.sevenparadigms.abac.security.support;

import io.github.sevenparadigms.abac.Constants;
import io.github.sevenparadigms.abac.security.auth.data.UserPrincipal;
import io.github.sevenparadigms.abac.security.auth.encrypt.JwtTokenProvider;
import io.github.sevenparadigms.abac.security.opaque.data.TokenIntrospectionRequest;
import io.github.sevenparadigms.abac.security.opaque.data.TokenIntrospectionSuccessResponse;
import io.github.sevenparadigms.abac.security.opaque.service.TokenAuthorizationService;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.Regex;
import kotlin.text.StringsKt;
import org.jetbrains.annotations.NotNull;
import org.sevenparadigms.kotlin.common.LogExtensionsKt;
import org.springframework.data.r2dbc.config.Beans;
import org.springframework.data.r2dbc.support.JsonUtils;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.util.ObjectUtils;
import org.springframework.web.reactive.function.BodyInserters;
import org.springframework.web.reactive.function.server.ServerRequest;
import org.springframework.web.reactive.function.server.ServerResponse;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
import reactor.core.publisher.SynchronousSink;

/* compiled from: ConfigHelper.kt */
@Metadata(mv = {1, 6, 0}, k = 1, xi = 48, d1 = {"��P\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0016\u0018��2\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\u0014\u0010\u0003\u001a\b\u0012\u0004\u0012\u00020\u00050\u00042\u0006\u0010\u0006\u001a\u00020\u0007J\u000e\u0010\b\u001a\u00020\t2\u0006\u0010\n\u001a\u00020\u000bJ\u0016\u0010\f\u001a\b\u0012\u0004\u0012\u00020\r0\u00042\u0006\u0010\u000e\u001a\u00020\u000fH\u0002J\u0016\u0010\u0010\u001a\u00020\u00112\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\u0012\u001a\u00020\u0013J\u000e\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u0015J\u0006\u0010\u0017\u001a\u00020\u0018J\u0014\u0010\u0019\u001a\b\u0012\u0004\u0012\u00020\u00050\u00042\u0006\u0010\u0006\u001a\u00020\u0007¨\u0006\u001a"}, d2 = {"Lio/github/sevenparadigms/abac/security/support/ConfigHelper;", "", "()V", "authorize", "Lreactor/core/publisher/Mono;", "Lorg/springframework/web/reactive/function/server/ServerResponse;", "serverRequest", "Lorg/springframework/web/reactive/function/server/ServerRequest;", "jwtHeadersExchangeMatcher", "Lorg/springframework/security/web/server/util/matcher/ServerWebExchangeMatcher;", "isAuthorizeKeyEnabled", "", "skipValidation", "Lorg/springframework/security/core/Authentication;", "authToken", "", "tokenAuthenticationConverter", "Lorg/springframework/security/web/server/authentication/ServerAuthenticationConverter;", "jwtTokenProvider", "Lio/github/sevenparadigms/abac/security/auth/encrypt/JwtTokenProvider;", "tryAddTokenIntrospect", "Lorg/springframework/security/config/web/server/ServerHttpSecurity;", "http", "unauthorizedEntryPoint", "Lorg/springframework/security/web/server/ServerAuthenticationEntryPoint;", "validateOpaqueToken", "reactive-spring-abac-security"})
/* loaded from: input_file:io/github/sevenparadigms/abac/security/support/ConfigHelper.class */
public class ConfigHelper {
    @NotNull
    public final ServerAuthenticationEntryPoint unauthorizedEntryPoint() {
        return ConfigHelper::m52unauthorizedEntryPoint$lambda1;
    }

    @NotNull
    public final ServerAuthenticationConverter tokenAuthenticationConverter(boolean z, @NotNull JwtTokenProvider jwtTokenProvider) {
        Intrinsics.checkNotNullParameter(jwtTokenProvider, "jwtTokenProvider");
        return (v3) -> {
            return m53tokenAuthenticationConverter$lambda2(r0, r1, r2, v3);
        };
    }

    @NotNull
    public final ServerWebExchangeMatcher jwtHeadersExchangeMatcher(boolean z) {
        return (v1) -> {
            return m58jwtHeadersExchangeMatcher$lambda7(r0, v1);
        };
    }

    @NotNull
    public final Mono<ServerResponse> authorize(@NotNull ServerRequest serverRequest) {
        Intrinsics.checkNotNullParameter(serverRequest, "serverRequest");
        Object of = Beans.of(JwtTokenProvider.class);
        Intrinsics.checkNotNullExpressionValue(of, "of(JwtTokenProvider::class.java)");
        JwtTokenProvider jwtTokenProvider = (JwtTokenProvider) of;
        Object of2 = Beans.of(ReactiveAuthenticationManager.class);
        Intrinsics.checkNotNullExpressionValue(of2, "of(ReactiveAuthenticationManager::class.java)");
        ReactiveAuthenticationManager reactiveAuthenticationManager = (ReactiveAuthenticationManager) of2;
        Mono<ServerResponse> flatMap = serverRequest.bodyToMono(UserPrincipal.class).filter(ConfigHelper::m59authorize$lambda8).switchIfEmpty(Mono.error(ConfigHelper::m60authorize$lambda9)).flatMap((v1) -> {
            return m61authorize$lambda10(r1, v1);
        }).flatMap((v1) -> {
            return m62authorize$lambda11(r1, v1);
        });
        Intrinsics.checkNotNullExpressionValue(flatMap, "serverRequest.bodyToMono…vider.getAuthToken(it)) }");
        return flatMap;
    }

    @NotNull
    public final Mono<ServerResponse> validateOpaqueToken(@NotNull ServerRequest serverRequest) {
        Intrinsics.checkNotNullParameter(serverRequest, "serverRequest");
        Object of = Beans.of(TokenAuthorizationService.class);
        Intrinsics.checkNotNullExpressionValue(of, "of(TokenAuthorizationService::class.java)");
        TokenAuthorizationService tokenAuthorizationService = (TokenAuthorizationService) of;
        Mono<ServerResponse> flatMap = serverRequest.bodyToMono(TokenIntrospectionRequest.class).flatMap((v1) -> {
            return m63validateOpaqueToken$lambda12(r1, v1);
        }).flatMap(ConfigHelper::m64validateOpaqueToken$lambda13);
        Intrinsics.checkNotNullExpressionValue(flatMap, "serverRequest.bodyToMono…mValue(it))\n            }");
        return flatMap;
    }

    private final Mono<Authentication> skipValidation(String str) {
        int parseInt = Integer.parseInt(((JwtTokenProvider) Beans.of(JwtTokenProvider.class)).getExpiration());
        Mono<Authentication> handle = Mono.just(str).handle((v2, v3) -> {
            m66skipValidation$lambda15(r1, r2, v2, v3);
        });
        Intrinsics.checkNotNullExpressionValue(handle, "just(authToken)\n        …          }\n            }");
        return handle;
    }

    @NotNull
    public final ServerHttpSecurity tryAddTokenIntrospect(@NotNull ServerHttpSecurity serverHttpSecurity) {
        Intrinsics.checkNotNullParameter(serverHttpSecurity, "http");
        try {
            Object of = Beans.of(ReactiveOpaqueTokenIntrospector.class);
            Intrinsics.checkNotNullExpressionValue(of, "of(ReactiveOpaqueTokenIntrospector::class.java)");
            serverHttpSecurity.oauth2ResourceServer().opaqueToken().introspector((ReactiveOpaqueTokenIntrospector) of);
        } catch (RuntimeException e) {
        }
        return serverHttpSecurity;
    }

    /* renamed from: unauthorizedEntryPoint$lambda-1$lambda-0, reason: not valid java name */
    private static final void m51unauthorizedEntryPoint$lambda1$lambda0(ServerWebExchange serverWebExchange) {
        Intrinsics.checkNotNullParameter(serverWebExchange, "$exchange");
        serverWebExchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
    }

    /* renamed from: unauthorizedEntryPoint$lambda-1, reason: not valid java name */
    private static final Mono m52unauthorizedEntryPoint$lambda1(ServerWebExchange serverWebExchange, AuthenticationException authenticationException) {
        Intrinsics.checkNotNullParameter(serverWebExchange, "exchange");
        Intrinsics.checkNotNullParameter(authenticationException, "$noName_1");
        return Mono.fromRunnable(() -> {
            m51unauthorizedEntryPoint$lambda1$lambda0(r0);
        });
    }

    /* renamed from: tokenAuthenticationConverter$lambda-2, reason: not valid java name */
    private static final Mono m53tokenAuthenticationConverter$lambda2(boolean z, ConfigHelper configHelper, JwtTokenProvider jwtTokenProvider, ServerWebExchange serverWebExchange) {
        String str;
        List createAuthorityList;
        Intrinsics.checkNotNullParameter(configHelper, "this$0");
        Intrinsics.checkNotNullParameter(jwtTokenProvider, "$jwtTokenProvider");
        Intrinsics.checkNotNullParameter(serverWebExchange, "serverWebExchange");
        String first = serverWebExchange.getRequest().getHeaders().getFirst("Authorization");
        if (!ObjectUtils.isEmpty(first)) {
            Intrinsics.checkNotNull(first);
            if (StringsKt.startsWith$default(first, Constants.BEARER, false, 2, (Object) null) && first.length() > Constants.BEARER.length()) {
                Object property = Beans.getProperty(Constants.SKIP_TOKEN_PROPERTY, Boolean.TYPE, false);
                Intrinsics.checkNotNullExpressionValue(property, "getProperty(SKIP_TOKEN_P…olean::class.java, false)");
                if (((Boolean) property).booleanValue()) {
                    String substring = first.substring(Constants.BEARER.length());
                    Intrinsics.checkNotNullExpressionValue(substring, "this as java.lang.String).substring(startIndex)");
                    return configHelper.skipValidation(substring);
                }
                String substring2 = first.substring(Constants.BEARER.length());
                Intrinsics.checkNotNullExpressionValue(substring2, "this as java.lang.String).substring(startIndex)");
                return Mono.just(jwtTokenProvider.getAuthentication(substring2));
            }
        }
        if (!z) {
            return Mono.just(new AnonymousAuthenticationToken("key", "anonymous", AuthorityUtils.createAuthorityList(new String[]{Constants.ANONYMOUS})));
        }
        String first2 = serverWebExchange.getRequest().getHeaders().getFirst(Constants.AUTHORIZE_KEY);
        if (first2 == null) {
            throw new NullPointerException("null cannot be cast to non-null type kotlin.String");
        }
        if (serverWebExchange.getRequest().getHeaders().containsKey(Constants.AUTHORIZE_LOGIN)) {
            str = serverWebExchange.getRequest().getHeaders().getFirst(Constants.AUTHORIZE_LOGIN);
            if (str == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.String");
            }
        } else {
            str = "";
        }
        String str2 = str;
        String first3 = serverWebExchange.getRequest().getHeaders().getFirst(Constants.AUTHORIZE_ROLES);
        if (first3 == null) {
            throw new NullPointerException("null cannot be cast to non-null type kotlin.String");
        }
        if (ObjectUtils.isEmpty(first3)) {
            createAuthorityList = AuthorityUtils.createAuthorityList(new String[]{Constants.ROLE_USER});
        } else {
            Object[] array = StringsKt.split$default(first3, new String[]{","}, false, 0, 6, (Object) null).toArray(new String[0]);
            if (array == null) {
                throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T of kotlin.collections.ArraysKt__ArraysJVMKt.toTypedArray>");
            }
            String[] strArr = (String[]) array;
            createAuthorityList = AuthorityUtils.createAuthorityList((String[]) Arrays.copyOf(strArr, strArr.length));
        }
        List list = createAuthorityList;
        return Mono.just(new UsernamePasswordAuthenticationToken(new User(first2, str2, list), UUID.fromString(first2), list));
    }

    /* renamed from: jwtHeadersExchangeMatcher$lambda-7$lambda-3, reason: not valid java name */
    private static final ServerHttpRequest m54jwtHeadersExchangeMatcher$lambda7$lambda3(ServerWebExchange serverWebExchange) {
        Intrinsics.checkNotNullParameter(serverWebExchange, "obj");
        return serverWebExchange.getRequest();
    }

    /* renamed from: jwtHeadersExchangeMatcher$lambda-7$lambda-4, reason: not valid java name */
    private static final HttpHeaders m55jwtHeadersExchangeMatcher$lambda7$lambda4(ServerHttpRequest serverHttpRequest) {
        Intrinsics.checkNotNullParameter(serverHttpRequest, "obj");
        return serverHttpRequest.getHeaders();
    }

    /* renamed from: jwtHeadersExchangeMatcher$lambda-7$lambda-5, reason: not valid java name */
    private static final boolean m56jwtHeadersExchangeMatcher$lambda7$lambda5(boolean z, HttpHeaders httpHeaders) {
        return httpHeaders.containsKey("Authorization") || (z && httpHeaders.containsKey(Constants.AUTHORIZE_KEY));
    }

    /* renamed from: jwtHeadersExchangeMatcher$lambda-7$lambda-6, reason: not valid java name */
    private static final Mono m57jwtHeadersExchangeMatcher$lambda7$lambda6(HttpHeaders httpHeaders) {
        return ServerWebExchangeMatcher.MatchResult.match();
    }

    /* renamed from: jwtHeadersExchangeMatcher$lambda-7, reason: not valid java name */
    private static final Mono m58jwtHeadersExchangeMatcher$lambda7(boolean z, ServerWebExchange serverWebExchange) {
        Intrinsics.checkNotNullParameter(serverWebExchange, "serverWebExchange");
        Mono map = Mono.just(serverWebExchange).map(ConfigHelper::m54jwtHeadersExchangeMatcher$lambda7$lambda3);
        Intrinsics.checkNotNullExpressionValue(map, "just(serverWebExchange).…Exchange -> obj.request }");
        return map.map(ConfigHelper::m55jwtHeadersExchangeMatcher$lambda7$lambda4).filter((v1) -> {
            return m56jwtHeadersExchangeMatcher$lambda7$lambda5(r1, v1);
        }).flatMap(ConfigHelper::m57jwtHeadersExchangeMatcher$lambda7$lambda6).switchIfEmpty(ServerWebExchangeMatcher.MatchResult.notMatch());
    }

    /* renamed from: authorize$lambda-8, reason: not valid java name */
    private static final boolean m59authorize$lambda8(UserPrincipal userPrincipal) {
        return (ObjectUtils.isEmpty(userPrincipal.getLogin()) || ObjectUtils.isEmpty(userPrincipal.getPassword())) ? false : true;
    }

    /* renamed from: authorize$lambda-9, reason: not valid java name */
    private static final Throwable m60authorize$lambda9() {
        throw new BadCredentialsException("Login and password required");
    }

    /* renamed from: authorize$lambda-10, reason: not valid java name */
    private static final Mono m61authorize$lambda10(ReactiveAuthenticationManager reactiveAuthenticationManager, UserPrincipal userPrincipal) {
        Intrinsics.checkNotNullParameter(reactiveAuthenticationManager, "$authenticationManager");
        return reactiveAuthenticationManager.authenticate(new UsernamePasswordAuthenticationToken(userPrincipal.getLogin(), userPrincipal.getPassword()));
    }

    /* renamed from: authorize$lambda-11, reason: not valid java name */
    private static final Mono m62authorize$lambda11(JwtTokenProvider jwtTokenProvider, Authentication authentication) {
        Intrinsics.checkNotNullParameter(jwtTokenProvider, "$jwtTokenProvider");
        ServerResponse.BodyBuilder ok = ServerResponse.ok();
        Intrinsics.checkNotNullExpressionValue(authentication, "it");
        return ok.bodyValue(jwtTokenProvider.getAuthToken(authentication));
    }

    /* renamed from: validateOpaqueToken$lambda-12, reason: not valid java name */
    private static final Mono m63validateOpaqueToken$lambda12(TokenAuthorizationService tokenAuthorizationService, TokenIntrospectionRequest tokenIntrospectionRequest) {
        Intrinsics.checkNotNullParameter(tokenAuthorizationService, "$validator");
        Intrinsics.checkNotNullExpressionValue(tokenIntrospectionRequest, "it");
        return tokenAuthorizationService.validateToken(tokenIntrospectionRequest);
    }

    /* renamed from: validateOpaqueToken$lambda-13, reason: not valid java name */
    private static final Mono m64validateOpaqueToken$lambda13(TokenIntrospectionSuccessResponse tokenIntrospectionSuccessResponse) {
        return tokenIntrospectionSuccessResponse != null ? ServerResponse.ok().body(BodyInserters.fromValue(tokenIntrospectionSuccessResponse)) : ServerResponse.badRequest().body(BodyInserters.fromValue(tokenIntrospectionSuccessResponse));
    }

    /* renamed from: skipValidation$lambda-15$lambda-14, reason: not valid java name */
    private static final SimpleGrantedAuthority m65skipValidation$lambda15$lambda14(String str) {
        return new SimpleGrantedAuthority(str);
    }

    /* renamed from: skipValidation$lambda-15, reason: not valid java name */
    private static final void m66skipValidation$lambda15(int i, ConfigHelper configHelper, String str, SynchronousSink synchronousSink) {
        Intrinsics.checkNotNullParameter(configHelper, "this$0");
        Base64.Decoder decoder = Base64.getDecoder();
        Intrinsics.checkNotNullExpressionValue(str, "token");
        byte[] decode = decoder.decode((String) StringsKt.split$default(str, new String[]{"."}, false, 0, 6, (Object) null).get(1));
        Intrinsics.checkNotNullExpressionValue(decode, "getDecoder().decode(token.split(DslUtils.DOT)[1])");
        LinkedHashMap linkedHashMap = (LinkedHashMap) JsonUtils.stringToObject(new String(decode, Charsets.UTF_8), LinkedHashMap.class);
        if (linkedHashMap.get("exp") == null) {
            throw new NullPointerException("null cannot be cast to non-null type kotlin.Int");
        }
        if (((Integer) r0).intValue() + i < TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis())) {
            LogExtensionsKt.error(configHelper, "Expired JWT token", new Object[0]);
            return;
        }
        Object[] array = new Regex(",").split(String.valueOf(linkedHashMap.get(Constants.AUTHORITIES_KEY)), 0).toArray(new String[0]);
        if (array == null) {
            throw new NullPointerException("null cannot be cast to non-null type kotlin.Array<T of kotlin.collections.ArraysKt__ArraysJVMKt.toTypedArray>");
        }
        Object collect = Arrays.stream(array).map(ConfigHelper::m65skipValidation$lambda15$lambda14).collect(Collectors.toList());
        Intrinsics.checkNotNullExpressionValue(collect, "stream(\n                …lect(Collectors.toList())");
        Collection collection = (Collection) collect;
        synchronousSink.next(new UsernamePasswordAuthenticationToken(new User(String.valueOf(linkedHashMap.get("sub")), "", collection), linkedHashMap, collection));
    }
}
