package cn.structured.oauth.starter.resource.configuration;

import cn.structure.common.enums.NumberEnum;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;

@EnableResourceServer
@Configuration
/* loaded from: input_file:cn/structured/oauth/starter/resource/configuration/ResourceServerConfig.class */
public class ResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Resource
    private OauthResourceProperties properties;

    @Resource
    private AuthenticationEntryPoint authenticationEntryPoint;

    @Resource
    private AccessDeniedHandler accessDeniedHandler;

    @Resource
    private TokenStore tokenStore;

    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable().authorizeRequests();
        Map<String, List<String>> antMatchers = this.properties.getAntMatchers();
        if (antMatchers != null) {
            for (String str : antMatchers.keySet()) {
                if (str.equals("unAuthenticated")) {
                    Iterator<String> it = antMatchers.get(str).iterator();
                    while (it.hasNext()) {
                        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().authorizeRequests().antMatchers(new String[]{it.next()})).permitAll();
                    }
                } else {
                    String[] split = str.split("-");
                    if (split.length >= NumberEnum.TWO.getValue()) {
                        String str2 = split[NumberEnum.ZERO.getValue()];
                        String str3 = split[NumberEnum.ONE.getValue()];
                        List<String> list = antMatchers.get(str);
                        if (str2.equals("role")) {
                            Iterator<String> it2 = list.iterator();
                            while (it2.hasNext()) {
                                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().authorizeRequests().antMatchers(new String[]{it2.next()})).hasRole(str3);
                            }
                        }
                        if (str2.equals("auth")) {
                            Iterator<String> it3 = list.iterator();
                            while (it3.hasNext()) {
                                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().authorizeRequests().antMatchers(new String[]{it3.next()})).hasAuthority(str3);
                            }
                        }
                    }
                }
            }
        }
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.csrf().disable().authorizeRequests().anyRequest()).authenticated();
    }

    public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) {
        resourceServerSecurityConfigurer.resourceId(this.properties.getResourceId()).stateless(true).tokenStore(this.tokenStore).authenticationEntryPoint(this.authenticationEntryPoint).accessDeniedHandler(this.accessDeniedHandler);
    }
}
