package io.github.sevenparadigms.abac.configuration;

import io.github.sevenparadigms.abac.Constants;
import io.github.sevenparadigms.abac.security.abac.data.AbacRuleRepository;
import io.github.sevenparadigms.abac.security.abac.service.AbacRulePermissionService;
import io.github.sevenparadigms.abac.security.auth.encrypt.JwtTokenProvider;
import io.github.sevenparadigms.abac.security.support.ConfigHelper;
import java.util.Arrays;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.core.env.Environment;
import org.springframework.data.r2dbc.config.Beans;
import org.springframework.data.r2dbc.support.R2dbcUtils;
import org.springframework.http.HttpMethod;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
import org.springframework.security.web.server.context.NoOpServerSecurityContextRepository;
import org.springframework.security.web.server.savedrequest.NoOpServerRequestCache;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.web.reactive.function.server.RequestPredicates;
import org.springframework.web.reactive.function.server.RouterFunction;
import org.springframework.web.reactive.function.server.RouterFunctions;
import org.springframework.web.reactive.function.server.ServerResponse;
import org.springframework.web.server.WebFilter;

/* compiled from: SecurityConfig.kt */
@Configuration
@EnableWebFluxSecurity
@Metadata(mv = {1, 6, 0}, k = 1, xi = 48, d1 = {"��N\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\b\u0017\u0018��2\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0012\u0010\u0005\u001a\u00020\u00062\b\b\u0001\u0010\u0007\u001a\u00020\bH\u0017J\u0016\u0010\t\u001a\u0010\u0012\f\u0012\n \f*\u0004\u0018\u00010\u000b0\u000b0\nH\u0017J\u0010\u0010\r\u001a\u00020\u000e2\u0006\u0010\u000f\u001a\u00020\u0010H\u0017J(\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\r\u001a\u00020\u000e2\u0006\u0010\u0015\u001a\u00020\u00162\u0006\u0010\u0017\u001a\u00020\u0018H\u0017R\u000e\u0010\u0002\u001a\u00020\u0003X\u0092\u0004¢\u0006\u0002\n��¨\u0006\u0019"}, d2 = {"Lio/github/sevenparadigms/abac/configuration/SecurityConfig;", "Lio/github/sevenparadigms/abac/security/support/ConfigHelper;", "jwtTokenProvider", "Lio/github/sevenparadigms/abac/security/auth/encrypt/JwtTokenProvider;", "(Lio/github/sevenparadigms/abac/security/auth/encrypt/JwtTokenProvider;)V", "abacRuleRepository", "Lio/github/sevenparadigms/abac/security/abac/data/AbacRuleRepository;", "url", "", Constants.AUTHORITIES_KEY, "Lorg/springframework/web/reactive/function/server/RouterFunction;", "Lorg/springframework/web/reactive/function/server/ServerResponse;", "kotlin.jvm.PlatformType", "authenticationWebFilter", "Lorg/springframework/security/web/server/authentication/AuthenticationWebFilter;", "authenticationManager", "Lorg/springframework/security/authentication/ReactiveAuthenticationManager;", "securityWebFilterChain", "Lorg/springframework/security/web/server/SecurityWebFilterChain;", "http", "Lorg/springframework/security/config/web/server/ServerHttpSecurity;", "environment", "Lorg/springframework/core/env/Environment;", "expressionHandler", "Lorg/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler;", "reactive-spring-abac-security"})
@EnableReactiveMethodSecurity
@ComponentScan(basePackageClasses = {Constants.class})
@Import({Beans.class})
/* loaded from: input_file:io/github/sevenparadigms/abac/configuration/SecurityConfig.class */
public class SecurityConfig extends ConfigHelper {

    @NotNull
    private final JwtTokenProvider jwtTokenProvider;

    public SecurityConfig(@NotNull JwtTokenProvider jwtTokenProvider) {
        Intrinsics.checkNotNullParameter(jwtTokenProvider, "jwtTokenProvider");
        this.jwtTokenProvider = jwtTokenProvider;
    }

    @Bean
    @NotNull
    public SecurityWebFilterChain securityWebFilterChain(@NotNull ServerHttpSecurity serverHttpSecurity, @NotNull AuthenticationWebFilter authenticationWebFilter, @NotNull Environment environment, @NotNull DefaultMethodSecurityExpressionHandler defaultMethodSecurityExpressionHandler) {
        Intrinsics.checkNotNullParameter(serverHttpSecurity, "http");
        Intrinsics.checkNotNullParameter(authenticationWebFilter, "authenticationWebFilter");
        Intrinsics.checkNotNullParameter(environment, "environment");
        Intrinsics.checkNotNullParameter(defaultMethodSecurityExpressionHandler, "expressionHandler");
        PermissionEvaluator permissionEvaluator = (AbacRulePermissionService) Beans.of(AbacRulePermissionService.class, (Object) null);
        if (permissionEvaluator != null) {
            defaultMethodSecurityExpressionHandler.setPermissionEvaluator(permissionEvaluator);
        }
        ServerHttpSecurity.AuthorizeExchangeSpec authorizeExchange = ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) serverHttpSecurity.csrf().disable().headers().frameOptions().disable().cache().disable().and().exceptionHandling().authenticationEntryPoint(unauthorizedEntryPoint()).and().authorizeExchange().pathMatchers(HttpMethod.OPTIONS)).permitAll().and().requestCache().requestCache(NoOpServerRequestCache.getInstance()).and().authorizeExchange().matchers(new ServerWebExchangeMatcher[]{(ServerWebExchangeMatcher) EndpointRequest.toAnyEndpoint()})).hasAuthority(Constants.ROLE_ADMIN).and().authorizeExchange();
        String[] whitelist = Constants.INSTANCE.getWhitelist();
        ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) authorizeExchange.pathMatchers((String[]) Arrays.copyOf(whitelist, whitelist.length))).permitAll().anyExchange().authenticated().and().securityContextRepository(NoOpServerSecurityContextRepository.getInstance()).addFilterAt((WebFilter) authenticationWebFilter, SecurityWebFiltersOrder.AUTHORIZATION).httpBasic().disable().formLogin().disable().logout().disable();
        SecurityWebFilterChain build = super.tryAddTokenIntrospect(serverHttpSecurity).build();
        Intrinsics.checkNotNullExpressionValue(build, "super.tryAddTokenIntrospect(http).build()");
        return build;
    }

    @Bean
    @NotNull
    public AuthenticationWebFilter authenticationWebFilter(@NotNull ReactiveAuthenticationManager reactiveAuthenticationManager) {
        Intrinsics.checkNotNullParameter(reactiveAuthenticationManager, "authenticationManager");
        AuthenticationWebFilter authenticationWebFilter = new AuthenticationWebFilter(reactiveAuthenticationManager);
        Object property = Beans.getProperty(Constants.AUTHORIZE_PROPERTY, Boolean.TYPE, false);
        Intrinsics.checkNotNullExpressionValue(property, "getProperty(Constants.AU…olean::class.java, false)");
        boolean booleanValue = ((Boolean) property).booleanValue();
        authenticationWebFilter.setRequiresAuthenticationMatcher(jwtHeadersExchangeMatcher(booleanValue));
        authenticationWebFilter.setServerAuthenticationConverter(tokenAuthenticationConverter(booleanValue, this.jwtTokenProvider));
        return authenticationWebFilter;
    }

    @ConditionalOnProperty({"spring.security.abac.url"})
    @Bean
    @NotNull
    public AbacRuleRepository abacRuleRepository(@Value("${spring.security.abac.url}") @NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "url");
        Object repository = R2dbcUtils.getRepository(str, AbacRuleRepository.class);
        Intrinsics.checkNotNullExpressionValue(repository, "getRepository(url, AbacRuleRepository::class.java)");
        return (AbacRuleRepository) repository;
    }

    @Bean
    @NotNull
    public RouterFunction<ServerResponse> auth() {
        RouterFunction<ServerResponse> route = RouterFunctions.route(RequestPredicates.POST("/auth"), this::authorize);
        Intrinsics.checkNotNullExpressionValue(route, "route(POST(\"/auth\"), ::authorize)");
        return route;
    }
}
