package io.github.sevenparadigms.abac.configuration;

import io.github.sevenparadigms.abac.Constants;
import io.github.sevenparadigms.abac.security.abac.data.AbacRuleRepository;
import io.github.sevenparadigms.abac.security.abac.service.AbacRulePermissionService;
import io.github.sevenparadigms.abac.security.auth.CurrentUserResolver;
import io.github.sevenparadigms.abac.security.auth.encrypt.JwtTokenProvider;
import io.github.sevenparadigms.abac.security.support.ConfigHelper;
import java.util.Arrays;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.FunctionReferenceImpl;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.actuate.autoconfigure.security.reactive.EndpointRequest;
import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.data.r2dbc.repository.security.AuthenticationIdentifierResolver;
import org.springframework.data.r2dbc.support.Beans;
import org.springframework.data.r2dbc.support.R2dbcUtils;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
import org.springframework.security.web.server.context.NoOpServerSecurityContextRepository;
import org.springframework.security.web.server.savedrequest.NoOpServerRequestCache;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.web.reactive.function.server.RequestPredicate;
import org.springframework.web.reactive.function.server.RouterFunction;
import org.springframework.web.reactive.function.server.RouterFunctionDsl;
import org.springframework.web.reactive.function.server.RouterFunctionDslKt;
import org.springframework.web.reactive.function.server.ServerRequest;
import org.springframework.web.reactive.function.server.ServerResponse;
import org.springframework.web.server.WebFilter;
import reactor.core.publisher.Mono;

/* compiled from: SecurityConfig.kt */
@EnableConfigurationProperties({JwtProperties.class})
@ImportAutoConfiguration({Beans.class})
@ComponentScan(basePackageClasses = {Constants.class})
@Configuration
@EnableWebFluxSecurity
@Metadata(mv = {1, 6, 0}, k = 1, xi = 48, d1 = {"��X\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\b\u0017\u0018��2\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0012\u0010\u0005\u001a\u00020\u00062\b\b\u0001\u0010\u0007\u001a\u00020\bH\u0017J\u0018\u0010\t\u001a\u00020\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000eH\u0017J\b\u0010\u000f\u001a\u00020\u0010H\u0017J\u000e\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\u00130\u0012H\u0017J(\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u00172\u0006\u0010\t\u001a\u00020\n2\u0006\u0010\u0018\u001a\u00020\u00192\u0006\u0010\u001a\u001a\u00020\u001bH\u0017R\u000e\u0010\u0002\u001a\u00020\u0003X\u0092\u0004¢\u0006\u0002\n��¨\u0006\u001c"}, d2 = {"Lio/github/sevenparadigms/abac/configuration/SecurityConfig;", "Lio/github/sevenparadigms/abac/security/support/ConfigHelper;", "jwtTokenProvider", "Lio/github/sevenparadigms/abac/security/auth/encrypt/JwtTokenProvider;", "(Lio/github/sevenparadigms/abac/security/auth/encrypt/JwtTokenProvider;)V", "abacRuleRepository", "Lio/github/sevenparadigms/abac/security/abac/data/AbacRuleRepository;", "url", "", "authenticationWebFilter", "Lorg/springframework/security/web/server/authentication/AuthenticationWebFilter;", "authenticationManager", "Lorg/springframework/security/authentication/ReactiveAuthenticationManager;", Constants.JWT_CACHE, "Lio/github/sevenparadigms/abac/configuration/JwtProperties;", "currentUserResolver", "Lorg/springframework/data/r2dbc/repository/security/AuthenticationIdentifierResolver;", "route", "Lorg/springframework/web/reactive/function/server/RouterFunction;", "Lorg/springframework/web/reactive/function/server/ServerResponse;", "securityWebFilterChain", "Lorg/springframework/security/web/server/SecurityWebFilterChain;", "http", "Lorg/springframework/security/config/web/server/ServerHttpSecurity;", "environment", "Lorg/springframework/core/env/Environment;", "expressionHandler", "Lorg/springframework/security/access/expression/method/DefaultMethodSecurityExpressionHandler;", "reactive-spring-abac-security"})
@EnableReactiveMethodSecurity
/* loaded from: input_file:io/github/sevenparadigms/abac/configuration/SecurityConfig.class */
public class SecurityConfig extends ConfigHelper {

    @NotNull
    private final JwtTokenProvider jwtTokenProvider;

    public SecurityConfig(@NotNull JwtTokenProvider jwtTokenProvider) {
        Intrinsics.checkNotNullParameter(jwtTokenProvider, "jwtTokenProvider");
        this.jwtTokenProvider = jwtTokenProvider;
    }

    @Bean
    @NotNull
    public SecurityWebFilterChain securityWebFilterChain(@NotNull ServerHttpSecurity serverHttpSecurity, @NotNull AuthenticationWebFilter authenticationWebFilter, @NotNull Environment environment, @NotNull DefaultMethodSecurityExpressionHandler defaultMethodSecurityExpressionHandler) {
        Intrinsics.checkNotNullParameter(serverHttpSecurity, "http");
        Intrinsics.checkNotNullParameter(authenticationWebFilter, "authenticationWebFilter");
        Intrinsics.checkNotNullParameter(environment, "environment");
        Intrinsics.checkNotNullParameter(defaultMethodSecurityExpressionHandler, "expressionHandler");
        PermissionEvaluator permissionEvaluator = (AbacRulePermissionService) Beans.of(AbacRulePermissionService.class, (Object) null);
        if (permissionEvaluator != null) {
            defaultMethodSecurityExpressionHandler.setPermissionEvaluator(permissionEvaluator);
        }
        ServerHttpSecurity.AuthorizeExchangeSpec authorizeExchange = ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) serverHttpSecurity.csrf().disable().headers().frameOptions().disable().cache().disable().and().exceptionHandling().authenticationEntryPoint(unauthorizedEntryPoint()).and().authorizeExchange().pathMatchers(HttpMethod.OPTIONS)).permitAll().and().requestCache().requestCache(NoOpServerRequestCache.getInstance()).and().authorizeExchange().matchers(new ServerWebExchangeMatcher[]{(ServerWebExchangeMatcher) EndpointRequest.toAnyEndpoint()})).hasAuthority(Constants.ROLE_ADMIN).and().authorizeExchange();
        String[] whitelist = Constants.INSTANCE.getWhitelist();
        ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) authorizeExchange.pathMatchers((String[]) Arrays.copyOf(whitelist, whitelist.length))).permitAll().anyExchange().authenticated().and().securityContextRepository(NoOpServerSecurityContextRepository.getInstance()).addFilterAt((WebFilter) authenticationWebFilter, SecurityWebFiltersOrder.AUTHORIZATION).httpBasic().disable().formLogin().disable().logout().disable();
        SecurityWebFilterChain build = super.tryAddTokenIntrospect(serverHttpSecurity).build();
        Intrinsics.checkNotNullExpressionValue(build, "super.tryAddTokenIntrospect(http).build()");
        return build;
    }

    @Bean
    @NotNull
    public AuthenticationWebFilter authenticationWebFilter(@NotNull ReactiveAuthenticationManager reactiveAuthenticationManager, @NotNull JwtProperties jwtProperties) {
        Intrinsics.checkNotNullParameter(reactiveAuthenticationManager, "authenticationManager");
        Intrinsics.checkNotNullParameter(jwtProperties, Constants.JWT_CACHE);
        AuthenticationWebFilter authenticationWebFilter = new AuthenticationWebFilter(reactiveAuthenticationManager);
        authenticationWebFilter.setRequiresAuthenticationMatcher(jwtHeadersExchangeMatcher(jwtProperties.getHeaderAuthorize()));
        authenticationWebFilter.setServerAuthenticationConverter(tokenAuthenticationConverter(jwtProperties.getHeaderAuthorize(), this.jwtTokenProvider));
        return authenticationWebFilter;
    }

    @ConditionalOnProperty({Constants.ABAC_URL_PROPERTY})
    @Bean
    @NotNull
    public AbacRuleRepository abacRuleRepository(@Value("${spring.security.abac.url}") @NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "url");
        Object repository = R2dbcUtils.getRepository(str, AbacRuleRepository.class);
        Intrinsics.checkNotNullExpressionValue(repository, "getRepository(url, AbacRuleRepository::class.java)");
        return (AbacRuleRepository) repository;
    }

    @ConditionalOnProperty({Constants.ABAC_URL_PROPERTY})
    @Bean
    @NotNull
    public RouterFunction<ServerResponse> route() {
        return RouterFunctionDslKt.router(new Function1<RouterFunctionDsl, Unit>() { // from class: io.github.sevenparadigms.abac.configuration.SecurityConfig$route$1
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(1);
            }

            public final void invoke(@NotNull RouterFunctionDsl routerFunctionDsl) {
                Intrinsics.checkNotNullParameter(routerFunctionDsl, "$this$router");
                final SecurityConfig securityConfig = SecurityConfig.this;
                routerFunctionDsl.nest("/token", new Function1<RouterFunctionDsl, Unit>() { // from class: io.github.sevenparadigms.abac.configuration.SecurityConfig$route$1.1
                    {
                        super(1);
                    }

                    public final void invoke(@NotNull RouterFunctionDsl routerFunctionDsl2) {
                        Intrinsics.checkNotNullParameter(routerFunctionDsl2, "$this$nest");
                        MediaType mediaType = MediaType.APPLICATION_JSON;
                        Intrinsics.checkNotNullExpressionValue(mediaType, "APPLICATION_JSON");
                        RequestPredicate accept = routerFunctionDsl2.accept(new MediaType[]{mediaType});
                        final SecurityConfig securityConfig2 = SecurityConfig.this;
                        routerFunctionDsl2.nest(accept, new Function1<RouterFunctionDsl, Unit>() { // from class: io.github.sevenparadigms.abac.configuration.SecurityConfig.route.1.1.1

                            /* JADX INFO: Access modifiers changed from: package-private */
                            /* compiled from: SecurityConfig.kt */
                            @Metadata(mv = {1, 6, 0}, k = 3, xi = 48)
                            /* renamed from: io.github.sevenparadigms.abac.configuration.SecurityConfig$route$1$1$1$1, reason: invalid class name and collision with other inner class name */
                            /* loaded from: input_file:io/github/sevenparadigms/abac/configuration/SecurityConfig$route$1$1$1$1.class */
                            public /* synthetic */ class C00011 extends FunctionReferenceImpl implements Function1<ServerRequest, Mono<ServerResponse>> {
                                C00011(Object obj) {
                                    super(1, obj, SecurityConfig.class, "authorize", "authorize(Lorg/springframework/web/reactive/function/server/ServerRequest;)Lreactor/core/publisher/Mono;", 0);
                                }

                                @NotNull
                                public final Mono<ServerResponse> invoke(@NotNull ServerRequest serverRequest) {
                                    Intrinsics.checkNotNullParameter(serverRequest, "p0");
                                    return ((SecurityConfig) this.receiver).authorize(serverRequest);
                                }
                            }

                            {
                                super(1);
                            }

                            public final void invoke(@NotNull RouterFunctionDsl routerFunctionDsl3) {
                                Intrinsics.checkNotNullParameter(routerFunctionDsl3, "$this$nest");
                                routerFunctionDsl3.POST("", new C00011(SecurityConfig.this));
                            }

                            public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                                invoke((RouterFunctionDsl) obj);
                                return Unit.INSTANCE;
                            }
                        });
                        MediaType mediaType2 = MediaType.APPLICATION_JSON;
                        Intrinsics.checkNotNullExpressionValue(mediaType2, "APPLICATION_JSON");
                        RequestPredicate accept2 = routerFunctionDsl2.accept(new MediaType[]{mediaType2});
                        final SecurityConfig securityConfig3 = SecurityConfig.this;
                        routerFunctionDsl2.nest(accept2, new Function1<RouterFunctionDsl, Unit>() { // from class: io.github.sevenparadigms.abac.configuration.SecurityConfig.route.1.1.2

                            /* JADX INFO: Access modifiers changed from: package-private */
                            /* compiled from: SecurityConfig.kt */
                            @Metadata(mv = {1, 6, 0}, k = 3, xi = 48)
                            /* renamed from: io.github.sevenparadigms.abac.configuration.SecurityConfig$route$1$1$2$1, reason: invalid class name and collision with other inner class name */
                            /* loaded from: input_file:io/github/sevenparadigms/abac/configuration/SecurityConfig$route$1$1$2$1.class */
                            public /* synthetic */ class C00021 extends FunctionReferenceImpl implements Function1<ServerRequest, Mono<ServerResponse>> {
                                C00021(Object obj) {
                                    super(1, obj, SecurityConfig.class, Constants.JWT_CACHE_REFRESH, "refresh(Lorg/springframework/web/reactive/function/server/ServerRequest;)Lreactor/core/publisher/Mono;", 0);
                                }

                                @NotNull
                                public final Mono<ServerResponse> invoke(@NotNull ServerRequest serverRequest) {
                                    Intrinsics.checkNotNullParameter(serverRequest, "p0");
                                    return ((SecurityConfig) this.receiver).refresh(serverRequest);
                                }
                            }

                            {
                                super(1);
                            }

                            public final void invoke(@NotNull RouterFunctionDsl routerFunctionDsl3) {
                                Intrinsics.checkNotNullParameter(routerFunctionDsl3, "$this$nest");
                                routerFunctionDsl3.GET("", new C00021(SecurityConfig.this));
                            }

                            public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                                invoke((RouterFunctionDsl) obj);
                                return Unit.INSTANCE;
                            }
                        });
                    }

                    public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                        invoke((RouterFunctionDsl) obj);
                        return Unit.INSTANCE;
                    }
                });
            }

            public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                invoke((RouterFunctionDsl) obj);
                return Unit.INSTANCE;
            }
        });
    }

    @Bean
    @NotNull
    public AuthenticationIdentifierResolver currentUserResolver() {
        return new CurrentUserResolver();
    }
}
