package com.rivigo.oauth2.resource.config;

import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.rivigo.oauth2.resource.constants.UrlConstant;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.beans.factory.config.PropertiesFactoryBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
import org.springframework.core.io.ClassPathResource;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpRequest;
import org.springframework.http.client.ClientHttpRequestExecution;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.provider.authentication.BearerTokenExtractor;
import org.springframework.security.oauth2.provider.authentication.TokenExtractor;
import org.springframework.security.oauth2.provider.token.AccessTokenConverter;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.filter.OncePerRequestFilter;

@Configuration
@EnableResourceServer
@PropertySource(value = {"classpath:${login.profiles.active:staging}/authresource.properties", "classpath:${spring.profiles.active:local}/login.properties"}, ignoreResourceNotFound = true)
@ComponentScan({"com.rivigo.oauth2.resource.controller", "com.rivigo.oauth2.resource.model", "com.rivigo.oauth2.resource.service"})
/* loaded from: input_file:BOOT-INF/lib/rivigo-security-resource-server-commons-3.1.11.jar:com/rivigo/oauth2/resource/config/OAuth2ResourceConfig.class */
public class OAuth2ResourceConfig extends ResourceServerConfigurerAdapter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OAuth2ResourceConfig.class);
    private TokenExtractor tokenExtractor = new BearerTokenExtractor();

    @Value("${open.access.url.patterns}")
    private String openAccessUrlPatterns;

    /* loaded from: input_file:BOOT-INF/lib/rivigo-security-resource-server-commons-3.1.11.jar:com/rivigo/oauth2/resource/config/OAuth2ResourceConfig$RequestInterceptor.class */
    private class RequestInterceptor implements ClientHttpRequestInterceptor {
        private RequestInterceptor() {
        }

        @Override // org.springframework.http.client.ClientHttpRequestInterceptor
        public ClientHttpResponse intercept(HttpRequest httpRequest, byte[] bArr, ClientHttpRequestExecution clientHttpRequestExecution) throws IOException {
            OAuth2ResourceConfig.log.info("SsoService: Making {} call to {}", httpRequest.getMethod(), httpRequest.getURI());
            ClientHttpResponse execute = clientHttpRequestExecution.execute(httpRequest, bArr);
            OAuth2ResourceConfig.log.info("SsoService: Received response from sso for request to {}", httpRequest.getURI());
            return execute;
        }
    }

    @Bean
    public static PropertySourcesPlaceholderConfigurer propertyConfigInDev() {
        return new PropertySourcesPlaceholderConfigurer();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer
    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.addFilterAfter((Filter) new OncePerRequestFilter() { // from class: com.rivigo.oauth2.resource.config.OAuth2ResourceConfig.1
            @Override // org.springframework.web.filter.OncePerRequestFilter
            protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
                if (OAuth2ResourceConfig.this.tokenExtractor.extract(httpServletRequest) == null) {
                    SecurityContextHolder.clearContext();
                }
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            }
        }, AbstractPreAuthenticatedProcessingFilter.class);
        ArrayList arrayList = new ArrayList();
        arrayList.add("/create-user");
        arrayList.add("/update-user**");
        arrayList.add("/check-user**");
        arrayList.add("/user-permission**");
        arrayList.add("/access-token**");
        arrayList.add("/check-token**");
        arrayList.add("/revoke-token**");
        if (this.openAccessUrlPatterns != null) {
            for (String str : this.openAccessUrlPatterns.split(",")) {
                if (!str.trim().isEmpty()) {
                    arrayList.add(str.trim());
                }
            }
        }
        ((HttpSecurity) httpSecurity.authorizeRequests().antMatchers(HttpMethod.OPTIONS, "/**").permitAll().antMatchers((String[]) arrayList.toArray(new String[arrayList.size()])).permitAll().anyRequest().authenticated().and()).logout().logoutSuccessUrl("/").permitAll();
    }

    @Bean
    public AccessTokenConverter accessTokenConverter() {
        return new UserAccessTokenConverter();
    }

    @Bean
    public RemoteTokenServices remoteTokenServices(@Value("${auth.server.base.url}") String str, @Value("${auth.server.client.id}") String str2, @Value("${auth.server.client.secret}") String str3) {
        RemoteTokenServices remoteTokenServices = new RemoteTokenServices();
        remoteTokenServices.setCheckTokenEndpointUrl(str + UrlConstant.CHECK_TOKEN_URL);
        remoteTokenServices.setClientId(str2);
        remoteTokenServices.setClientSecret(str3);
        remoteTokenServices.setAccessTokenConverter(accessTokenConverter());
        return remoteTokenServices;
    }

    @Bean(name = {"myProperties"})
    public PropertiesFactoryBean mapper(@Value("${login.profiles.active:staging}") String str) {
        PropertiesFactoryBean propertiesFactoryBean = new PropertiesFactoryBean();
        propertiesFactoryBean.setLocation(new ClassPathResource(str + "/authresource.properties"));
        return propertiesFactoryBean;
    }

    @Bean(name = {"ssoServiceObjectMapper"})
    public ObjectMapper objectMapper() {
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        return objectMapper;
    }

    @Bean(name = {"ssoServiceRestTemplate"})
    public RestTemplate restTemplate() {
        RestTemplate restTemplate = new RestTemplate();
        restTemplate.setInterceptors(Collections.singletonList(new RequestInterceptor()));
        return restTemplate;
    }
}
