package com.mbap.gateway.config;

import com.mbap.gateway.component.AuthorizationManager;
import com.mbap.gateway.component.RestAuthenticationEntryPoint;
import com.mbap.gateway.component.RestfulAccessDeniedHandler;
import com.mbap.util.conf.ConfigItem;
import java.security.KeyPair;
import java.security.interfaces.RSAPublicKey;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.convert.converter.Converter;
import org.springframework.core.io.ClassPathResource;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder;
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter;
import org.springframework.security.rsa.crypto.KeyStoreKeyFactory;
import org.springframework.security.web.header.writers.frameoptions.XFrameOptionsHeaderWriter;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.header.XFrameOptionsServerHttpHeadersWriter;
import reactor.core.publisher.Mono;

@Configuration("com.mbap.gateway.config.ResourceServerConfig")
@EnableWebFluxSecurity
/* loaded from: input_file:com/mbap/gateway/config/ResourceServerConfig.class */
public class ResourceServerConfig {
    private final AuthorizationManager authorizationManager;

    @Autowired
    private ConfigItem configItem;
    private final RestfulAccessDeniedHandler restfulAccessDeniedHandler;
    private final RestAuthenticationEntryPoint restAuthenticationEntryPoint;

    @Bean({"springSecurityFilterChain"})
    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity serverHttpSecurity) {
        if (XFrameOptionsHeaderWriter.XFrameOptionsMode.SAMEORIGIN.name().equals(this.configItem.getIframePloy().toUpperCase())) {
            serverHttpSecurity.headers().frameOptions().mode(XFrameOptionsServerHttpHeadersWriter.Mode.SAMEORIGIN);
        } else {
            serverHttpSecurity.headers().frameOptions().mode(XFrameOptionsServerHttpHeadersWriter.Mode.DENY);
        }
        serverHttpSecurity.oauth2ResourceServer().jwt().jwtAuthenticationConverter(jwtAuthenticationConverter());
        serverHttpSecurity.oauth2ResourceServer().authenticationEntryPoint(this.restAuthenticationEntryPoint);
        serverHttpSecurity.authorizeExchange().anyExchange().access(this.authorizationManager).and().exceptionHandling().and().csrf().disable();
        return serverHttpSecurity.build();
    }

    @Bean({"jwtAuthenticationConverter"})
    public Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter() {
        JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
        jwtGrantedAuthoritiesConverter.setAuthorityPrefix("");
        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwtGrantedAuthoritiesConverter);
        return new ReactiveJwtAuthenticationConverterAdapter(jwtAuthenticationConverter);
    }

    @Bean
    ReactiveJwtDecoder reactiveJwtDecoder(KeyPair keyPair) {
        return NimbusReactiveJwtDecoder.withPublicKey((RSAPublicKey) keyPair.getPublic()).build();
    }

    @Bean
    public KeyPair keyPair() {
        return new KeyStoreKeyFactory(new ClassPathResource(this.configItem.getKeytool_keystore()), this.configItem.getKeytool_storepass().toCharArray()).getKeyPair(this.configItem.getKeytool_alias(), this.configItem.getKeytool_keypass().toCharArray());
    }

    @Bean
    public RSAPublicKey rsaPublicKey(KeyPair keyPair) {
        return (RSAPublicKey) keyPair.getPublic();
    }

    public ResourceServerConfig(AuthorizationManager authorizationManager, ConfigItem configItem, RestfulAccessDeniedHandler restfulAccessDeniedHandler, RestAuthenticationEntryPoint restAuthenticationEntryPoint) {
        this.authorizationManager = authorizationManager;
        this.configItem = configItem;
        this.restfulAccessDeniedHandler = restfulAccessDeniedHandler;
        this.restAuthenticationEntryPoint = restAuthenticationEntryPoint;
    }
}
