package com.supwisdom.infras.security.reactive.jwt;

import com.supwisdom.infras.security.utils.JWTTokenUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.authentication.UserDetailsRepositoryReactiveAuthenticationManager;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.userdetails.ReactiveUserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers;

@Configuration
@ConditionalOnProperty(name = {"infras.security.jwt.reactive.enabled"}, havingValue = "true")
/* loaded from: input_file:BOOT-INF/lib/infras-security-0.1.1-SNAPSHOT.jar:com/supwisdom/infras/security/reactive/jwt/JWTWebFluxConfiguration.class */
public class JWTWebFluxConfiguration {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) JWTWebFluxConfiguration.class);

    @Autowired(required = false)
    private ReactiveUserDetailsService reactiveUserDetailsService;

    @Autowired(required = false)
    private PasswordEncoder passwordEncoder;

    @Bean
    public ReactiveAuthenticationManager reactiveAuthenticationManager() {
        if (this.reactiveUserDetailsService == null) {
            return null;
        }
        UserDetailsRepositoryReactiveAuthenticationManager userDetailsRepositoryReactiveAuthenticationManager = new UserDetailsRepositoryReactiveAuthenticationManager(this.reactiveUserDetailsService);
        if (this.passwordEncoder != null) {
            userDetailsRepositoryReactiveAuthenticationManager.setPasswordEncoder(this.passwordEncoder);
        }
        return userDetailsRepositoryReactiveAuthenticationManager;
    }

    @Bean
    public JWTTokenUtil jwtTokenUtil() {
        return new JWTTokenUtil();
    }

    @Bean
    JWTKeyController jwtKeyController() {
        JWTKeyController jWTKeyController = new JWTKeyController();
        logger.debug("JWTWebFluxConfiguration jwtKeyController is {}", jWTKeyController);
        return jWTKeyController;
    }

    @Bean
    public JWTTokenController jwtTokenController() {
        JWTTokenController jWTTokenController = new JWTTokenController();
        logger.debug("JWTWebFluxConfiguration jwtTokenController is {}", jWTTokenController);
        return jWTTokenController;
    }

    @Bean
    public JWTSecurityContextRepository jwtSecurityContextRepository(JWTTokenUtil jWTTokenUtil) {
        return new JWTSecurityContextRepository(jWTTokenUtil);
    }

    @Bean
    public SecurityWebFilterChain jwtTokenSpringSecurityFilterChain(ServerHttpSecurity serverHttpSecurity) {
        logger.debug("jwtTokenSpringSecurityFilterChain(ServerHttpSecurity)");
        serverHttpSecurity.securityMatcher(ServerWebExchangeMatchers.pathMatchers("/jwt/**")).authorizeExchange().pathMatchers(HttpMethod.OPTIONS).permitAll().pathMatchers("/jwt/publicKey").permitAll().pathMatchers("/jwt/**").permitAll().anyExchange().authenticated();
        serverHttpSecurity.httpBasic().disable();
        serverHttpSecurity.formLogin().disable();
        serverHttpSecurity.csrf().disable();
        return serverHttpSecurity.build();
    }

    @Bean
    public SecurityWebFilterChain jwtApiSpringSecurityFilterChain(ServerHttpSecurity serverHttpSecurity) {
        logger.debug("jwtApiSpringSecurityFilterChain(ServerHttpSecurity)");
        serverHttpSecurity.securityMatcher(ServerWebExchangeMatchers.pathMatchers("/api/**")).authorizeExchange().pathMatchers(HttpMethod.OPTIONS).permitAll().pathMatchers("/api/public/**", "/api/open/**").permitAll().pathMatchers("/api/v*/public/**", "/api/v*/open/**").permitAll().pathMatchers("/api/*/v*/public/**", "/api/*/v*/open/**").permitAll().pathMatchers("/api/**").authenticated().anyExchange().authenticated();
        serverHttpSecurity.securityContextRepository(jwtSecurityContextRepository(jwtTokenUtil()));
        serverHttpSecurity.httpBasic().disable();
        serverHttpSecurity.formLogin().disable();
        serverHttpSecurity.csrf().disable();
        return serverHttpSecurity.build();
    }
}
