package io.naradrama.prologue.util.spacekeeper.security;

import io.naradrama.prologue.domain.office.ServantType;
import io.naradrama.prologue.util.spacekeeper.filter.KeeperRequestBuilder;
import io.naradrama.prologue.util.spacekeeper.filter.SpaceAuthenticationFilter;
import io.naradrama.prologue.util.spacekeeper.filter.SpaceExceptionResolver;
import io.naradrama.prologue.util.spacekeeper.filter.drama.DramaRequest;
import io.naradrama.prologue.util.spacekeeper.filter.metro.MetroRequest;
import io.naradrama.prologue.util.spacekeeper.filter.support.SpaceAuthenticationMockFilter;
import java.util.Arrays;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.RequestMatcher;

@ConditionalOnMissingClass({"io.naraplatform.checkpoint.config.OAuth2ResourceServerConfig"})
@Configuration
@EnableResourceServer
@ConditionalOnWebApplication
/* loaded from: input_file:io/naradrama/prologue/util/spacekeeper/security/KeeperResourceServerConfig.class */
public class KeeperResourceServerConfig extends ResourceServerConfigurerAdapter {
    private static final Logger log = LoggerFactory.getLogger(KeeperResourceServerConfig.class);

    @Value("${nara.signing_key:naraBizAdmin1!!}")
    private String jwtSigningKey;

    @Value("${spring.profiles.active:default}")
    private List<String> activeProfiles;

    @Value("${nara.prologue.test-profiles:default,k8s_test}")
    private List<String> testProfiles;
    private final KeeperRequestBuilder requestBuilder;
    private final KeeperAuthenticationEntryPoint entryPoint;
    private final PublicAuthorizedRoleEndPointHolder endPointHolder;

    @Value("${nara.sample_drama_request.actorId:1@1:1:1-1}")
    private String sampleDramaActorId;

    @Value("${nara.sample_drama_request.loginId:user@company.io}")
    private String sampleDramaLoginId;

    @Value("${nara.sample_drama_request.displayName:User}")
    private String sampleDramaDisplayName;

    @Value("${nara.sample_drama_request.citizenId:1@1:1}")
    private String sampleDramaCitizenId;

    @Value("${nara.sample_drama_request.cineroomIds:1:1,1:2,1:3}")
    private List<String> sampleDramaCineroomIds;

    @Value("${nara.sample_metro_request.currentServantId:1#1:1}")
    private String sampleMetroCurrentServantId;

    @Value("${nara.sample_metro_request.currentServantType:PavilionServant}")
    private ServantType sampleMetroCurrentServantType;

    @Value("${nara.sample_sample_request.loginEmailId:admin@company.io}")
    private String sampleMetroLoginEmailId;

    @Value("${nara.sample_sample_request.displayName:Admin}")
    private String sampleMetroDisplayName;

    @Value("${nara.sample_sample_request.servantId:56864624-5c08-46c2-9105-c2bd21171461}")
    private String sampleMetroServantId;

    @Value("${nara.sample_sample_request.officeIds:S1,1,1:1}")
    private List<String> sampleMetroOfficeIds;

    public void configure(HttpSecurity httpSecurity) throws Exception {
        if (!this.testProfiles.isEmpty() && this.testProfiles.stream().anyMatch(str -> {
            return this.activeProfiles.contains(str);
        })) {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{"/**"})).permitAll().and().addFilterBefore(new SpaceAuthenticationMockFilter(this.requestBuilder, this.endPointHolder, sampleDramaRequest(), sampleMetroRequest()), BasicAuthenticationFilter.class).addFilterBefore(new SpaceExceptionResolver(), SpaceAuthenticationMockFilter.class);
            log.info("Space keeper authentication was disabled by test profiles={}", this.activeProfiles);
        } else {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().requestMatchers(new RequestMatcher[]{new PublicAuthorizedRoleMatcher(this.endPointHolder)})).permitAll().and().authorizeRequests().antMatchers(new String[]{"/swagger-ui.html**", "/swagger-resources/**", "/actuator/**", "/v2/api-docs/**", "/webjars/**"})).permitAll().and().authorizeRequests().anyRequest()).authenticated().and().addFilterAfter(new SpaceAuthenticationFilter(this.requestBuilder, this.endPointHolder), AnonymousAuthenticationFilter.class).addFilterBefore(new SpaceExceptionResolver(), SpaceAuthenticationFilter.class);
            log.info("Space keeper authentication was activated");
            log.info("Registered filter list={}", Arrays.asList(SpaceAuthenticationFilter.class.getSimpleName()));
        }
    }

    public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) {
        resourceServerSecurityConfigurer.tokenServices(tokenServices());
        resourceServerSecurityConfigurer.authenticationEntryPoint(this.entryPoint);
    }

    @Bean
    public TokenStore tokenStore() {
        return new JwtTokenStore(jwtAccessTokenConverter());
    }

    @Primary
    @Bean
    public DefaultTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        return defaultTokenServices;
    }

    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        jwtAccessTokenConverter.setSigningKey(this.jwtSigningKey);
        return jwtAccessTokenConverter;
    }

    public DramaRequest sampleDramaRequest() {
        return new DramaRequest(this.sampleDramaActorId, this.sampleDramaLoginId, this.sampleDramaDisplayName, this.sampleDramaCitizenId, this.sampleDramaCineroomIds);
    }

    public MetroRequest sampleMetroRequest() {
        return new MetroRequest(this.sampleMetroCurrentServantId, this.sampleMetroCurrentServantType, this.sampleMetroLoginEmailId, this.sampleMetroDisplayName, this.sampleMetroServantId, this.sampleMetroOfficeIds);
    }

    public KeeperResourceServerConfig(KeeperRequestBuilder keeperRequestBuilder, KeeperAuthenticationEntryPoint keeperAuthenticationEntryPoint, PublicAuthorizedRoleEndPointHolder publicAuthorizedRoleEndPointHolder) {
        this.requestBuilder = keeperRequestBuilder;
        this.entryPoint = keeperAuthenticationEntryPoint;
        this.endPointHolder = publicAuthorizedRoleEndPointHolder;
    }
}
