package org.lognet.springboot.grpc.security;

import io.grpc.BindableService;
import io.grpc.MethodDescriptor;
import io.grpc.ServerInterceptor;
import io.grpc.ServerMethodDefinition;
import io.grpc.ServerServiceDefinition;
import io.grpc.ServiceDescriptor;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.lognet.springboot.grpc.GRpcServicesRegistry;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;

/* loaded from: input_file:org/lognet/springboot/grpc/security/GrpcServiceAuthorizationConfigurer.class */
public class GrpcServiceAuthorizationConfigurer extends SecurityConfigurerAdapter<ServerInterceptor, GrpcSecurity> {
    private final Registry registry;

    /* loaded from: input_file:org/lognet/springboot/grpc/security/GrpcServiceAuthorizationConfigurer$AuthorizedMethod.class */
    public class AuthorizedMethod {
        private List<MethodDescriptor<?, ?>> methods;

        private AuthorizedMethod(MethodDescriptor<?, ?>... methodDescriptorArr) {
            this.methods = Arrays.asList(methodDescriptorArr);
        }

        private AuthorizedMethod(ServiceDescriptor... serviceDescriptorArr) {
            this.methods = (List) Stream.of((Object[]) serviceDescriptorArr).flatMap(serviceDescriptor -> {
                return serviceDescriptor.getMethods().stream();
            }).collect(Collectors.toList());
        }

        public Registry authenticated() {
            GrpcServiceAuthorizationConfigurer.this.registry.map(this.methods);
            return GrpcServiceAuthorizationConfigurer.this.registry;
        }

        public Registry hasAnyRole(String... strArr) {
            String str = "ROLE_";
            for (String str2 : strArr) {
                if (str2.startsWith("ROLE_")) {
                    throw new IllegalArgumentException("role should not start with 'ROLE_' since it is automatically inserted. Got '" + str2 + "'");
                }
            }
            Stream stream = Arrays.stream(strArr);
            Objects.requireNonNull("ROLE_");
            return hasAnyAuthority((String[]) stream.map(str::concat).toArray(i -> {
                return new String[i];
            }));
        }

        public Registry hasAnyAuthority(String... strArr) {
            for (String str : strArr) {
                GrpcServiceAuthorizationConfigurer.this.registry.map(str, this.methods);
            }
            return GrpcServiceAuthorizationConfigurer.this.registry;
        }
    }

    /* loaded from: input_file:org/lognet/springboot/grpc/security/GrpcServiceAuthorizationConfigurer$Registry.class */
    public class Registry {
        GRpcServicesRegistry servicesRegistry;
        private MultiValueMap<MethodDescriptor<?, ?>, ConfigAttribute> securedMethods = new LinkedMultiValueMap();
        private boolean withSecuredAnnotation = true;

        Registry(GRpcServicesRegistry gRpcServicesRegistry) {
            this.servicesRegistry = gRpcServicesRegistry;
        }

        public AuthorizedMethod anyMethod() {
            return new AuthorizedMethod((ServiceDescriptor[]) this.servicesRegistry.getBeanNameToServiceBeanMap().values().stream().map((v0) -> {
                return v0.bindService();
            }).map((v0) -> {
                return v0.getServiceDescriptor();
            }).toArray(i -> {
                return new ServiceDescriptor[i];
            }));
        }

        public GrpcSecurity withoutSecuredAnnotation() {
            return withSecuredAnnotation(false);
        }

        public GrpcSecurity withSecuredAnnotation() {
            return withSecuredAnnotation(true);
        }

        public GrpcSecurity withSecuredAnnotation(boolean z) {
            this.withSecuredAnnotation = z;
            return and();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void processSecuredAnnotation() {
            if (this.withSecuredAnnotation) {
                for (BindableService bindableService : this.servicesRegistry.getBeanNameToServiceBeanMap().values()) {
                    ServerServiceDefinition bindService = bindableService.bindService();
                    Optional.ofNullable((Secured) AnnotationUtils.findAnnotation(bindableService.getClass(), Secured.class)).ifPresent(secured -> {
                        if (secured.value().length == 0) {
                            new AuthorizedMethod(new ServiceDescriptor[]{bindService.getServiceDescriptor()}).authenticated();
                        } else {
                            new AuthorizedMethod(new ServiceDescriptor[]{bindService.getServiceDescriptor()}).hasAnyAuthority(secured.value());
                        }
                    });
                    for (ServerMethodDefinition<?, ?> serverMethodDefinition : bindService.getMethods()) {
                        Stream.of((Object[]) bindableService.getClass().getMethods()).filter(method -> {
                            return method.getName().equalsIgnoreCase(serverMethodDefinition.getMethodDescriptor().getBareMethodName());
                        }).findFirst().flatMap(method2 -> {
                            return Optional.ofNullable((Secured) AnnotationUtils.findAnnotation(method2, Secured.class));
                        }).ifPresent(secured2 -> {
                            if (secured2.value().length == 0) {
                                new AuthorizedMethod(new MethodDescriptor[]{serverMethodDefinition.getMethodDescriptor()}).authenticated();
                            } else {
                                new AuthorizedMethod(new MethodDescriptor[]{serverMethodDefinition.getMethodDescriptor()}).hasAnyAuthority(secured2.value());
                            }
                        });
                    }
                }
            }
        }

        public AuthorizedMethod methods(MethodDescriptor<?, ?>... methodDescriptorArr) {
            return new AuthorizedMethod(methodDescriptorArr);
        }

        public AuthorizedMethod services(ServiceDescriptor... serviceDescriptorArr) {
            return new AuthorizedMethod(serviceDescriptorArr);
        }

        void map(List<MethodDescriptor<?, ?>> list) {
            list.forEach(methodDescriptor -> {
                this.securedMethods.addAll(methodDescriptor, Collections.singletonList(new AuthenticatedConfigAttribute()));
            });
        }

        void map(String str, List<MethodDescriptor<?, ?>> list) {
            list.forEach(methodDescriptor -> {
                this.securedMethods.addAll(methodDescriptor, SecurityConfig.createList(str));
            });
        }

        public GrpcSecurity and() {
            return (GrpcSecurity) GrpcServiceAuthorizationConfigurer.this.and();
        }
    }

    public GrpcServiceAuthorizationConfigurer(GRpcServicesRegistry gRpcServicesRegistry) {
        this.registry = new Registry(gRpcServicesRegistry);
    }

    public Registry getRegistry() {
        return this.registry;
    }

    public void configure(GrpcSecurity grpcSecurity) throws Exception {
        this.registry.processSecuredAnnotation();
        grpcSecurity.setSharedObject(GrpcSecurityMetadataSource.class, new GrpcSecurityMetadataSource(this.registry.servicesRegistry, this.registry.securedMethods));
    }
}
