package com.elitesland.yst.core.security.config;

import cn.hutool.core.util.StrUtil;
import com.elitesland.yst.common.property.OAuth2Properties;
import com.elitesland.yst.core.security.handle.OAuth2AuthenticationEntryPoint;
import com.elitesland.yst.core.security.handle.SimpleAccessDeniedException;
import java.security.KeyPair;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.core.io.ClassPathResource;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.http.HttpMethod;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;

@EnableResourceServer
@ConditionalOnProperty(prefix = "elitesland.service", name = {"single"}, havingValue = "false")
@Configuration
/* loaded from: input_file:com/elitesland/yst/core/security/config/ResourceServerConfig.class */
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {
    private static final String DEFAULT_RESOURCE_ID = "elitesland-resource-svr";
    private OAuth2Properties oAuth2Properties;
    private AccessDecisionManager accessDecisionManager;
    private FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource;
    private final OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
    private final SimpleAccessDeniedException simpleAccessDeniedException = new SimpleAccessDeniedException();
    private RedisConnectionFactory redisConnectionFactory;

    @Autowired
    public void setoAuth2Properties(OAuth2Properties oAuth2Properties) {
        this.oAuth2Properties = oAuth2Properties;
    }

    @Autowired
    public void setAccessDecisionManager(AccessDecisionManager accessDecisionManager) {
        this.accessDecisionManager = accessDecisionManager;
    }

    @Autowired
    public void setFilterInvocationSecurityMetadataSource(FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource) {
        this.filterInvocationSecurityMetadataSource = filterInvocationSecurityMetadataSource;
    }

    @Autowired
    public void setRedisConnectionFactory(RedisConnectionFactory redisConnectionFactory) {
        this.redisConnectionFactory = redisConnectionFactory;
    }

    public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) throws Exception {
        if (StrUtil.isBlank(this.oAuth2Properties.getResourceId())) {
            resourceServerSecurityConfigurer.resourceId(DEFAULT_RESOURCE_ID);
            return;
        }
        resourceServerSecurityConfigurer.resourceId(this.oAuth2Properties.getResourceId());
        resourceServerSecurityConfigurer.accessDeniedHandler(this.simpleAccessDeniedException).authenticationEntryPoint(this.oAuth2AuthenticationEntryPoint);
        resourceServerSecurityConfigurer.tokenServices(resourceServerTokenServices());
    }

    @Bean
    @Primary
    public ResourceServerTokenServices resourceServerTokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenEnhancer(jwtAccessTokenConverter());
        defaultTokenServices.setTokenStore(new RedisTokenStore(this.redisConnectionFactory));
        return defaultTokenServices;
    }

    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        jwtAccessTokenConverter.setKeyPair(keyPair());
        return jwtAccessTokenConverter;
    }

    @Bean
    public KeyPair keyPair() {
        return new KeyStoreKeyFactory(new ClassPathResource("jwt.jks"), "123456".toCharArray()).getKeyPair("jwt", "123456".toCharArray());
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().cors().and().exceptionHandling().authenticationEntryPoint(this.oAuth2AuthenticationEntryPoint).accessDeniedHandler(this.simpleAccessDeniedException).and().authorizeRequests().antMatchers(new String[]{"/getPublicKey", "/oauth/**", "/oauth2/**", "/sec/captcha", "/sys/**"})).permitAll().antMatchers(HttpMethod.GET, new String[]{"/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/webSocket/**"})).permitAll().antMatchers(new String[]{"/swagger-ui.html"})).permitAll().antMatchers(new String[]{"/swagger-resources/**"})).permitAll().antMatchers(new String[]{"/webjars/**"})).permitAll().antMatchers(new String[]{"/*/api-docs"})).permitAll().antMatchers(new String[]{"/avatar/**"})).permitAll().antMatchers(new String[]{"/file/**"})).permitAll().antMatchers(new String[]{"/druid/**"})).permitAll().antMatchers(HttpMethod.OPTIONS, new String[]{"/**"})).permitAll().anyRequest()).authenticated().withObjectPostProcessor(new ObjectPostProcessor<FilterSecurityInterceptor>() { // from class: com.elitesland.yst.core.security.config.ResourceServerConfig.1
            public <O extends FilterSecurityInterceptor> O postProcess(O o) {
                o.setAccessDecisionManager(ResourceServerConfig.this.accessDecisionManager);
                o.setSecurityMetadataSource(ResourceServerConfig.this.filterInvocationSecurityMetadataSource);
                return o;
            }
        });
    }
}
