package org.bremersee.security.authentication;

import java.util.Objects;
import org.bremersee.security.authentication.AuthProperties;
import org.bremersee.web.CorsProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.core.Ordered;
import org.springframework.core.convert.converter.Converter;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.util.ClassUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/bremersee/security/authentication/AbstractResourceServerAutoConfiguration.class */
public abstract class AbstractResourceServerAutoConfiguration extends WebSecurityConfigurerAdapter implements Ordered {
    private static final Logger log = LoggerFactory.getLogger(AbstractResourceServerAutoConfiguration.class);
    private final Environment environment;
    private final SecurityProperties securityProperties;
    private final AuthProperties authProperties;
    private final CorsProperties corsProperties;
    private final ObjectProvider<JsonPathJwtConverter> jwtConverterProvider;
    private final ObjectProvider<PasswordEncoder> passwordEncoderProvider;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractResourceServerAutoConfiguration(Environment environment, SecurityProperties securityProperties, AuthProperties authProperties, CorsProperties corsProperties, ObjectProvider<JsonPathJwtConverter> objectProvider, ObjectProvider<PasswordEncoder> objectProvider2) {
        this.environment = environment;
        this.securityProperties = securityProperties;
        this.authProperties = authProperties;
        this.corsProperties = corsProperties;
        this.jwtConverterProvider = objectProvider;
        this.passwordEncoderProvider = objectProvider2;
    }

    public int getOrder() {
        return this.authProperties.getResourceServerOrder();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void init() {
        log.info("\n*********************************************************************************\n* {}\n*********************************************************************************\n* enable = {}\n* order = {}\n* jwt = {}\n* cors = {}\n*********************************************************************************", new Object[]{ClassUtils.getUserClass(getClass()).getSimpleName(), this.authProperties.getResourceServer().name(), Integer.valueOf(this.authProperties.getResourceServerOrder()), Boolean.valueOf(StringUtils.hasText(this.environment.getProperty("spring.security.oauth2.resourceserver.jwt.jwk-set-uri"))), Boolean.valueOf(this.corsProperties.isEnable())});
    }

    protected abstract ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry init(HttpSecurity httpSecurity) throws Exception;

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry init = init(httpSecurity);
        HttpSecurity disable = (this.authProperties.getResourceServer() == AutoSecurityMode.NONE ? (HttpSecurity) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) init.anyRequest()).permitAll().and().httpBasic().disable() : configureAuthenticationProvider((HttpSecurity) configurePathMatchers(init).and())).headers().frameOptions(frameOptionsConfig -> {
            switch (this.authProperties.getFrameOptionsMode()) {
                case DISABLE:
                    frameOptionsConfig.disable();
                    return;
                case SAMEORIGIN:
                    frameOptionsConfig.sameOrigin();
                default:
                    frameOptionsConfig.deny();
                    return;
            }
        }).and().csrf().disable();
        if (this.corsProperties.isEnable()) {
            disable.cors();
        } else {
            disable.cors().disable();
        }
    }

    private ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry configurePathMatchers(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry) {
        for (AuthProperties.PathMatcherProperties pathMatcherProperties : this.authProperties.preparePathMatchers(this.corsProperties)) {
            log.info("Securing requests to {}", pathMatcherProperties);
            HttpMethod httpMethod = pathMatcherProperties.httpMethod();
            if (httpMethod == null) {
                ExpressionUrlAuthorizationConfigurer.AuthorizedUrl authorizedUrl = (ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) expressionInterceptUrlRegistry.antMatchers(new String[]{pathMatcherProperties.getAntPattern()});
                AuthProperties authProperties = this.authProperties;
                Objects.requireNonNull(authProperties);
                expressionInterceptUrlRegistry = authorizedUrl.access(pathMatcherProperties.accessExpression(authProperties::ensureRolePrefix));
            } else {
                ExpressionUrlAuthorizationConfigurer.AuthorizedUrl authorizedUrl2 = (ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) expressionInterceptUrlRegistry.antMatchers(httpMethod, new String[]{pathMatcherProperties.getAntPattern()});
                AuthProperties authProperties2 = this.authProperties;
                Objects.requireNonNull(authProperties2);
                expressionInterceptUrlRegistry = authorizedUrl2.access(pathMatcherProperties.accessExpression(authProperties2::ensureRolePrefix));
            }
        }
        return expressionInterceptUrlRegistry;
    }

    private HttpSecurity configureAuthenticationProvider(HttpSecurity httpSecurity) throws Exception {
        if (this.jwtConverterProvider.getIfAvailable() != null) {
            log.info("Configure authentication provider with JWT.");
            return httpSecurity.oauth2ResourceServer(oAuth2ResourceServerConfigurer -> {
                oAuth2ResourceServerConfigurer.jwt().jwtAuthenticationConverter((Converter) this.jwtConverterProvider.getIfAvailable()).and();
            });
        }
        log.info("Configure authentication provider with basic auth and user details service.");
        return httpSecurity.formLogin().disable().httpBasic().realmName(this.environment.getProperty("spring.application.name", "Restricted area")).and();
    }

    protected Environment getEnvironment() {
        return this.environment;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityProperties getSecurityProperties() {
        return this.securityProperties;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthProperties getAuthProperties() {
        return this.authProperties;
    }

    protected CorsProperties getCorsProperties() {
        return this.corsProperties;
    }

    protected ObjectProvider<JsonPathJwtConverter> getJwtConverterProvider() {
        return this.jwtConverterProvider;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ObjectProvider<PasswordEncoder> getPasswordEncoderProvider() {
        return this.passwordEncoderProvider;
    }
}
