package org.lognet.springboot.grpc.security;

import io.grpc.BindableService;
import io.grpc.ServerInterceptor;
import io.grpc.Status;
import java.util.Collection;
import java.util.Iterator;
import java.util.Optional;
import org.lognet.springboot.grpc.GRpcErrorHandler;
import org.lognet.springboot.grpc.GRpcGlobalInterceptor;
import org.lognet.springboot.grpc.autoconfigure.ConditionalOnMissingErrorHandler;
import org.lognet.springboot.grpc.recovery.ErrorHandlerAdapter;
import org.lognet.springboot.grpc.recovery.GRpcExceptionHandler;
import org.lognet.springboot.grpc.recovery.GRpcExceptionScope;
import org.lognet.springboot.grpc.recovery.GRpcServiceAdvice;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.core.AuthenticationException;

@Configuration
/* loaded from: input_file:org/lognet/springboot/grpc/security/GrpcSecurityConfiguration.class */
public class GrpcSecurityConfiguration {

    @Autowired
    private ConfigurableListableBeanFactory beanFactory;

    @Autowired
    private ObjectPostProcessor<Object> objectObjectPostProcessor;
    private Collection<GrpcSecurityConfigurer> grpcSecurityConfigurers;
    private GrpcSecurity grpcSecurity;

    @ConditionalOnMissingErrorHandler(AccessDeniedException.class)
    @Configuration
    /* loaded from: input_file:org/lognet/springboot/grpc/security/GrpcSecurityConfiguration$DefaultAccessDeniedErrorHandlerConfig.class */
    static class DefaultAccessDeniedErrorHandlerConfig {

        @GRpcServiceAdvice
        /* loaded from: input_file:org/lognet/springboot/grpc/security/GrpcSecurityConfiguration$DefaultAccessDeniedErrorHandlerConfig$DefaultAccessDeniedErrorHandler.class */
        public static class DefaultAccessDeniedErrorHandler extends ErrorHandlerAdapter {
            private static final Logger log = LoggerFactory.getLogger(DefaultAccessDeniedErrorHandler.class);

            public DefaultAccessDeniedErrorHandler(Optional<GRpcErrorHandler> optional) {
                super(optional);
            }

            @GRpcExceptionHandler
            public Status handle(AccessDeniedException accessDeniedException, GRpcExceptionScope gRpcExceptionScope) {
                return handle(accessDeniedException, Status.PERMISSION_DENIED, gRpcExceptionScope);
            }
        }

        DefaultAccessDeniedErrorHandlerConfig() {
        }
    }

    @ConditionalOnMissingErrorHandler(AuthenticationException.class)
    @Configuration
    /* loaded from: input_file:org/lognet/springboot/grpc/security/GrpcSecurityConfiguration$DefaultAuthErrorHandlerConfig.class */
    static class DefaultAuthErrorHandlerConfig {

        @GRpcServiceAdvice
        /* loaded from: input_file:org/lognet/springboot/grpc/security/GrpcSecurityConfiguration$DefaultAuthErrorHandlerConfig$DefaultAuthErrorHandler.class */
        public static class DefaultAuthErrorHandler extends ErrorHandlerAdapter {
            private static final Logger log = LoggerFactory.getLogger(DefaultAuthErrorHandler.class);

            public DefaultAuthErrorHandler(Optional<GRpcErrorHandler> optional) {
                super(optional);
            }

            @GRpcExceptionHandler
            public Status handle(AuthenticationException authenticationException, GRpcExceptionScope gRpcExceptionScope) {
                return handle(authenticationException, Status.UNAUTHENTICATED, gRpcExceptionScope);
            }
        }

        DefaultAuthErrorHandlerConfig() {
        }
    }

    @Bean
    public static BeanPostProcessor bypassMethodInterceptorForGrpcMethodInvocation() {
        return new BeanPostProcessor() { // from class: org.lognet.springboot.grpc.security.GrpcSecurityConfiguration.1
            @Override // org.springframework.beans.factory.config.BeanPostProcessor
            public Object postProcessAfterInitialization(Object obj, String str) throws BeansException {
                return obj instanceof MethodSecurityInterceptor ? methodInvocation -> {
                    return BindableService.class.isAssignableFrom(methodInvocation.getMethod().getDeclaringClass()) ? methodInvocation.proceed() : ((MethodSecurityInterceptor) obj).invoke(methodInvocation);
                } : obj;
            }
        };
    }

    @ConditionalOnMissingBean({GrpcSecurityConfigurerAdapter.class})
    @Bean
    public GrpcSecurityConfigurerAdapter defaultAdapter() {
        return new GrpcSecurityConfigurerAdapter() { // from class: org.lognet.springboot.grpc.security.GrpcSecurityConfiguration.2
        };
    }

    @GRpcGlobalInterceptor
    @Bean
    public ServerInterceptor springGrpcSecurityInterceptor() throws Exception {
        if (!((this.grpcSecurityConfigurers == null || this.grpcSecurityConfigurers.isEmpty()) ? false : true)) {
            this.grpcSecurity.apply((GrpcSecurityConfigurerAdapter) this.objectObjectPostProcessor.postProcess(new GrpcSecurityConfigurerAdapter() { // from class: org.lognet.springboot.grpc.security.GrpcSecurityConfiguration.3
            }));
        }
        return (ServerInterceptor) this.grpcSecurity.build();
    }

    @Bean
    public BasicAuthSchemeSelector basicAuthSchemeSelector() {
        return new BasicAuthSchemeSelector();
    }

    @ConditionalOnClass(name = {"org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken", "org.springframework.security.oauth2.core.OAuth2AuthenticationException"})
    @Bean
    public BearerTokenAuthSchemeSelector bearerTokenAuthSchemeSelector() {
        return new BearerTokenAuthSchemeSelector();
    }

    @Autowired(required = false)
    public void setFilterChainProxySecurityConfigurer(ObjectPostProcessor<Object> objectPostProcessor) throws Exception {
        this.grpcSecurity = (GrpcSecurity) objectPostProcessor.postProcess(new GrpcSecurity(objectPostProcessor));
        this.grpcSecurityConfigurers = this.beanFactory.getBeansOfType(GrpcSecurityConfigurer.class).values();
        Iterator<GrpcSecurityConfigurer> it = this.grpcSecurityConfigurers.iterator();
        while (it.hasNext()) {
            this.grpcSecurity.apply(it.next());
        }
    }
}
