package no.fintlabs.resource.server.config;

import java.util.Arrays;
import java.util.List;
import kotlin.Metadata;
import kotlin.ResultKt;
import kotlin.Unit;
import kotlin.coroutines.Continuation;
import kotlin.coroutines.CoroutineContext;
import kotlin.coroutines.intrinsics.IntrinsicsKt;
import kotlin.coroutines.jvm.internal.DebugMetadata;
import kotlin.coroutines.jvm.internal.SuspendLambda;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlinx.coroutines.CoroutineScope;
import kotlinx.coroutines.reactor.MonoKt;
import no.fintlabs.resource.server.CoreAccessService;
import no.fintlabs.resource.server.authentication.CorePrincipal;
import no.fintlabs.resource.server.converter.CorePrincipalConverter;
import no.fintlabs.resource.server.enums.JwtType;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authorization.AuthorizationContext;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* compiled from: SecurityConfiguration.kt */
@Configuration
@EnableWebFluxSecurity
@Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��\\\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0017\u0018��2\u00020\u0001B\u0015\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0002\u0010\u0006J\u0010\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rH\u0012J\u001a\u0010\u000e\u001a\b\u0018\u00010\u000fR\u00020\r2\n\u0010\u0010\u001a\u00060\u000fR\u00020\rH\u0012J\u0018\u0010\u0011\u001a\u00020\u00122\u000e\u0010\u0013\u001a\n0\u0014R\u00060\u0015R\u00020\rH\u0012J$\u0010\u0016\u001a\b\u0012\u0004\u0012\u00020\u00180\u00172\f\u0010\u0019\u001a\b\u0012\u0004\u0012\u00020\u001a0\u00172\u0006\u0010\u001b\u001a\u00020\u001cH\u0016J\u0010\u0010\u001d\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rH\u0012J\u0010\u0010\u001e\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rH\u0017R\u000e\u0010\u0004\u001a\u00020\u0005X\u0092\u0004¢\u0006\u0002\n��R\u0016\u0010\u0007\u001a\n \t*\u0004\u0018\u00010\b0\bX\u0092\u0004¢\u0006\u0002\n��R\u000e\u0010\u0002\u001a\u00020\u0003X\u0092\u0004¢\u0006\u0002\n��¨\u0006\u001f"}, d2 = {"Lno/fintlabs/resource/server/config/SecurityConfiguration;", "", "securityProperties", "Lno/fintlabs/resource/server/config/SecurityProperties;", "coreAccessService", "Lno/fintlabs/resource/server/CoreAccessService;", "(Lno/fintlabs/resource/server/config/SecurityProperties;Lno/fintlabs/resource/server/CoreAccessService;)V", "logger", "Lorg/slf4j/Logger;", "kotlin.jvm.PlatformType", "authorizeRequest", "Lorg/springframework/security/web/server/SecurityWebFilterChain;", "http", "Lorg/springframework/security/config/web/server/ServerHttpSecurity;", "configureExchanges", "Lorg/springframework/security/config/web/server/ServerHttpSecurity$AuthorizeExchangeSpec;", "exchanges", "configureJwtConverter", "", "jwtSpec", "Lorg/springframework/security/config/web/server/ServerHttpSecurity$OAuth2ResourceServerSpec$JwtSpec;", "Lorg/springframework/security/config/web/server/ServerHttpSecurity$OAuth2ResourceServerSpec;", "evaluateAuthorization", "Lreactor/core/publisher/Mono;", "Lorg/springframework/security/authorization/AuthorizationDecision;", "auth", "Lorg/springframework/security/core/Authentication;", "ctx", "Lorg/springframework/security/web/server/authorization/AuthorizationContext;", "permitAll", "securityWebFilterChain", "core-resource-server"})
@SourceDebugExtension({"SMAP\nSecurityConfiguration.kt\nKotlin\n*S Kotlin\n*F\n+ 1 SecurityConfiguration.kt\nno/fintlabs/resource/server/config/SecurityConfiguration\n+ 2 ArraysJVM.kt\nkotlin/collections/ArraysKt__ArraysJVMKt\n+ 3 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,77:1\n37#2,2:78\n1#3:80\n*S KotlinDebug\n*F\n+ 1 SecurityConfiguration.kt\nno/fintlabs/resource/server/config/SecurityConfiguration\n*L\n41#1:78,2\n*E\n"})
/* loaded from: input_file:no/fintlabs/resource/server/config/SecurityConfiguration.class */
public class SecurityConfiguration {

    @NotNull
    private final SecurityProperties securityProperties;

    @NotNull
    private final CoreAccessService coreAccessService;
    private final Logger logger;

    public SecurityConfiguration(@NotNull SecurityProperties securityProperties, @NotNull CoreAccessService coreAccessService) {
        Intrinsics.checkNotNullParameter(securityProperties, "securityProperties");
        Intrinsics.checkNotNullParameter(coreAccessService, "coreAccessService");
        this.securityProperties = securityProperties;
        this.coreAccessService = coreAccessService;
        this.logger = LoggerFactory.getLogger(getClass());
    }

    @Bean
    @NotNull
    public SecurityWebFilterChain securityWebFilterChain(@NotNull ServerHttpSecurity serverHttpSecurity) {
        Intrinsics.checkNotNullParameter(serverHttpSecurity, "http");
        return this.securityProperties.getEnabled() ? authorizeRequest(serverHttpSecurity) : permitAll(serverHttpSecurity);
    }

    private SecurityWebFilterChain authorizeRequest(ServerHttpSecurity serverHttpSecurity) {
        SecurityWebFilterChain build = serverHttpSecurity.oauth2ResourceServer((v1) -> {
            authorizeRequest$lambda$0(r1, v1);
        }).authorizeExchange(authorizeExchangeSpec -> {
            this.configureExchanges(authorizeExchangeSpec);
        }).build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        return build;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ServerHttpSecurity.AuthorizeExchangeSpec configureExchanges(ServerHttpSecurity.AuthorizeExchangeSpec authorizeExchangeSpec) {
        String[] strArr;
        List<String> exposedEndpoints = this.securityProperties.getExposedEndpoints();
        ServerHttpSecurity.AuthorizeExchangeSpec permitAll = (exposedEndpoints == null || (strArr = (String[]) exposedEndpoints.toArray(new String[0])) == null) ? null : ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) authorizeExchangeSpec.pathMatchers((String[]) Arrays.copyOf(strArr, strArr.length))).permitAll();
        authorizeExchangeSpec.anyExchange().access(this::evaluateAuthorization);
        return permitAll;
    }

    @NotNull
    public Mono<AuthorizationDecision> evaluateAuthorization(@NotNull Mono<Authentication> mono, @NotNull final AuthorizationContext authorizationContext) {
        Intrinsics.checkNotNullParameter(mono, "auth");
        Intrinsics.checkNotNullParameter(authorizationContext, "ctx");
        Function1<Authentication, Mono<? extends AuthorizationDecision>> function1 = new Function1<Authentication, Mono<? extends AuthorizationDecision>>() { // from class: no.fintlabs.resource.server.config.SecurityConfiguration$evaluateAuthorization$1

            /* JADX INFO: Access modifiers changed from: package-private */
            /* compiled from: SecurityConfiguration.kt */
            @Metadata(mv = {1, 9, 0}, k = 3, xi = 48, d1 = {"��\n\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\u0010��\u001a\u0004\u0018\u00010\u0001*\u00020\u0002H\u008a@"}, d2 = {"<anonymous>", "Lorg/springframework/security/authorization/AuthorizationDecision;", "Lkotlinx/coroutines/CoroutineScope;"})
            @DebugMetadata(f = "SecurityConfiguration.kt", l = {}, i = {}, s = {}, n = {}, m = "invokeSuspend", c = "no.fintlabs.resource.server.config.SecurityConfiguration$evaluateAuthorization$1$1")
            /* renamed from: no.fintlabs.resource.server.config.SecurityConfiguration$evaluateAuthorization$1$1, reason: invalid class name */
            /* loaded from: input_file:no/fintlabs/resource/server/config/SecurityConfiguration$evaluateAuthorization$1$1.class */
            public static final class AnonymousClass1 extends SuspendLambda implements Function2<CoroutineScope, Continuation<? super AuthorizationDecision>, Object> {
                int label;

                AnonymousClass1(Continuation<? super AnonymousClass1> continuation) {
                    super(2, continuation);
                }

                @Nullable
                public final Object invokeSuspend(@NotNull Object obj) {
                    IntrinsicsKt.getCOROUTINE_SUSPENDED();
                    switch (this.label) {
                        case 0:
                            ResultKt.throwOnFailure(obj);
                            return new AuthorizationDecision(true);
                        default:
                            throw new IllegalStateException("call to 'resume' before 'invoke' with coroutine");
                    }
                }

                @NotNull
                public final Continuation<Unit> create(@Nullable Object obj, @NotNull Continuation<?> continuation) {
                    return new AnonymousClass1(continuation);
                }

                @Nullable
                public final Object invoke(@NotNull CoroutineScope coroutineScope, @Nullable Continuation<? super AuthorizationDecision> continuation) {
                    return create(coroutineScope, continuation).invokeSuspend(Unit.INSTANCE);
                }
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* compiled from: SecurityConfiguration.kt */
            @Metadata(mv = {1, 9, 0}, k = 3, xi = 48, d1 = {"��\n\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\u0010��\u001a\u0004\u0018\u00010\u0001*\u00020\u0002H\u008a@"}, d2 = {"<anonymous>", "Lorg/springframework/security/authorization/AuthorizationDecision;", "Lkotlinx/coroutines/CoroutineScope;"})
            @DebugMetadata(f = "SecurityConfiguration.kt", l = {}, i = {}, s = {}, n = {}, m = "invokeSuspend", c = "no.fintlabs.resource.server.config.SecurityConfiguration$evaluateAuthorization$1$3")
            /* renamed from: no.fintlabs.resource.server.config.SecurityConfiguration$evaluateAuthorization$1$3, reason: invalid class name */
            /* loaded from: input_file:no/fintlabs/resource/server/config/SecurityConfiguration$evaluateAuthorization$1$3.class */
            public static final class AnonymousClass3 extends SuspendLambda implements Function2<CoroutineScope, Continuation<? super AuthorizationDecision>, Object> {
                int label;

                AnonymousClass3(Continuation<? super AnonymousClass3> continuation) {
                    super(2, continuation);
                }

                @Nullable
                public final Object invokeSuspend(@NotNull Object obj) {
                    IntrinsicsKt.getCOROUTINE_SUSPENDED();
                    switch (this.label) {
                        case 0:
                            ResultKt.throwOnFailure(obj);
                            return new AuthorizationDecision(false);
                        default:
                            throw new IllegalStateException("call to 'resume' before 'invoke' with coroutine");
                    }
                }

                @NotNull
                public final Continuation<Unit> create(@Nullable Object obj, @NotNull Continuation<?> continuation) {
                    return new AnonymousClass3(continuation);
                }

                @Nullable
                public final Object invoke(@NotNull CoroutineScope coroutineScope, @Nullable Continuation<? super AuthorizationDecision> continuation) {
                    return create(coroutineScope, continuation).invokeSuspend(Unit.INSTANCE);
                }
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }

            public final Mono<? extends AuthorizationDecision> invoke(Authentication authentication) {
                SecurityProperties securityProperties;
                Logger logger;
                String str;
                CoreAccessService coreAccessService;
                securityProperties = SecurityConfiguration.this.securityProperties;
                if (securityProperties.getJwtType() != JwtType.CORE) {
                    return MonoKt.mono$default((CoroutineContext) null, new AnonymousClass1(null), 1, (Object) null);
                }
                Object principal = authentication.getPrincipal();
                if (principal instanceof CorePrincipal) {
                    coreAccessService = SecurityConfiguration.this.coreAccessService;
                    Intrinsics.checkNotNull(principal);
                    ServerWebExchange exchange = authorizationContext.getExchange();
                    Intrinsics.checkNotNullExpressionValue(exchange, "getExchange(...)");
                    Mono<Boolean> authorizeCore = coreAccessService.authorizeCore((CorePrincipal) principal, exchange);
                    AnonymousClass2 anonymousClass2 = new Function1<Boolean, AuthorizationDecision>() { // from class: no.fintlabs.resource.server.config.SecurityConfiguration$evaluateAuthorization$1.2
                        public final AuthorizationDecision invoke(Boolean bool) {
                            Intrinsics.checkNotNull(bool);
                            return new AuthorizationDecision(bool.booleanValue());
                        }
                    };
                    Mono<? extends AuthorizationDecision> map = authorizeCore.map((v1) -> {
                        return invoke$lambda$0(r1, v1);
                    });
                    Intrinsics.checkNotNullExpressionValue(map, "map(...)");
                    return map;
                }
                logger = SecurityConfiguration.this.logger;
                if (principal != null) {
                    Class<?> cls = principal.getClass();
                    if (cls != null) {
                        str = cls.getSimpleName();
                        logger.debug("Principal is not CorePrincipal, type: " + str + ", denying access");
                        return MonoKt.mono$default((CoroutineContext) null, new AnonymousClass3(null), 1, (Object) null);
                    }
                }
                str = null;
                logger.debug("Principal is not CorePrincipal, type: " + str + ", denying access");
                return MonoKt.mono$default((CoroutineContext) null, new AnonymousClass3(null), 1, (Object) null);
            }

            private static final AuthorizationDecision invoke$lambda$0(Function1 function12, Object obj) {
                Intrinsics.checkNotNullParameter(function12, "$tmp0");
                return (AuthorizationDecision) function12.invoke(obj);
            }
        };
        Mono<AuthorizationDecision> flatMap = mono.flatMap((v1) -> {
            return evaluateAuthorization$lambda$3(r1, v1);
        });
        Intrinsics.checkNotNullExpressionValue(flatMap, "flatMap(...)");
        return flatMap;
    }

    private void configureJwtConverter(ServerHttpSecurity.OAuth2ResourceServerSpec.JwtSpec jwtSpec) {
        if (this.securityProperties.getJwtType() == JwtType.CORE) {
            jwtSpec.jwtAuthenticationConverter(new ReactiveJwtAuthenticationConverterAdapter(new CorePrincipalConverter()));
        }
    }

    private SecurityWebFilterChain permitAll(ServerHttpSecurity serverHttpSecurity) {
        SecurityWebFilterChain build = serverHttpSecurity.authorizeExchange(SecurityConfiguration::permitAll$lambda$4).build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        return build;
    }

    private static final void authorizeRequest$lambda$0(SecurityConfiguration securityConfiguration, ServerHttpSecurity.OAuth2ResourceServerSpec oAuth2ResourceServerSpec) {
        Intrinsics.checkNotNullParameter(securityConfiguration, "this$0");
        oAuth2ResourceServerSpec.jwt(securityConfiguration::configureJwtConverter);
    }

    private static final Mono evaluateAuthorization$lambda$3(Function1 function1, Object obj) {
        Intrinsics.checkNotNullParameter(function1, "$tmp0");
        return (Mono) function1.invoke(obj);
    }

    private static final void permitAll$lambda$4(ServerHttpSecurity.AuthorizeExchangeSpec authorizeExchangeSpec) {
        authorizeExchangeSpec.anyExchange().permitAll();
    }
}
