package io.codingpassion.spring.jwt;

import io.jsonwebtoken.SignatureAlgorithm;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;

@EnableConfigurationProperties({JwtSecurityProperties.class})
@Configuration
/* loaded from: input_file:io/codingpassion/spring/jwt/JwtSecurityAutoConfiguration.class */
public class JwtSecurityAutoConfiguration {

    @Autowired
    private JwtSecurityProperties jwtSecurityProperties;

    @Configuration
    /* loaded from: input_file:io/codingpassion/spring/jwt/JwtSecurityAutoConfiguration$SecurityConfiguration.class */
    protected static class SecurityConfiguration extends WebSecurityConfigurerAdapter {
        private static final Logger log = LoggerFactory.getLogger(SecurityConfiguration.class);

        protected SecurityConfiguration() {
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            httpSecurity.addFilter(requestHeaderAuthenticationFilter());
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/webjars/**", "/swagger-ui.html", "/swagger-resources/**", "/v2/api-docs"})).permitAll().mvcMatchers(new String[]{"/api/user/login", "/api/user/validate"}).permitAll().requestMatchers(new RequestMatcher[]{EndpointRequest.to(new String[]{"health", "info", "prometheus", "metrics"})})).permitAll().requestMatchers(new RequestMatcher[]{EndpointRequest.toAnyEndpoint()})).authenticated().anyRequest()).authenticated();
            httpSecurity.csrf().disable();
            httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
            httpSecurity.exceptionHandling().authenticationEntryPoint(new Http401UnauthorizedEntryPoint());
        }

        private RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter() throws Exception {
            RequestHeaderAuthenticationFilter requestHeaderAuthenticationFilter = new RequestHeaderAuthenticationFilter();
            requestHeaderAuthenticationFilter.setPrincipalRequestHeader("Authorization");
            requestHeaderAuthenticationFilter.setAuthenticationManager(authenticationManager());
            requestHeaderAuthenticationFilter.setExceptionIfHeaderMissing(false);
            return requestHeaderAuthenticationFilter;
        }
    }

    @Bean
    public TokenValidator tokenValidator() {
        return new TokenValidator(new SecretKeySpec(this.jwtSecurityProperties.getTokenKey().getBytes(), SignatureAlgorithm.HS256.getJcaName()));
    }

    @Bean
    public TokenAuthenticationProvider tokenAuthenticationProvider() {
        return new TokenAuthenticationProvider();
    }
}
