package org.entur.jwt.spring.grpc;

import io.grpc.util.TransmitStatusRuntimeExceptionInterceptor;
import java.util.Iterator;
import java.util.List;
import org.entur.jwt.spring.JwtAutoConfiguration;
import org.entur.jwt.spring.auth0.properties.SecurityProperties;
import org.entur.jwt.spring.filter.JwtAuthorityMapper;
import org.entur.jwt.spring.filter.JwtDetailsMapper;
import org.entur.jwt.spring.filter.JwtPrincipalMapper;
import org.entur.jwt.spring.filter.log.JwtMappedDiagnosticContextMapper;
import org.entur.jwt.spring.grpc.exception.ServerCallRuntimeExceptionTranslator;
import org.entur.jwt.spring.grpc.exception.ServerCallSecurityExceptionTranslator;
import org.entur.jwt.spring.grpc.exception.ServerCallStatusRuntimeExceptionTranslator;
import org.entur.jwt.spring.grpc.properties.GrpcPermitAll;
import org.entur.jwt.spring.grpc.properties.GrpcServicesConfiguration;
import org.entur.jwt.spring.grpc.properties.ServiceMatcherConfiguration;
import org.entur.jwt.verifier.JwtClaimExtractor;
import org.entur.jwt.verifier.JwtVerifier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.web.servlet.HandlerExceptionResolver;

@EnableConfigurationProperties({GrpcPermitAll.class})
@Configuration
@AutoConfigureAfter({JwtAutoConfiguration.class})
@ConditionalOnProperty(name = {"entur.jwt.enabled"}, havingValue = "true", matchIfMissing = false)
/* loaded from: input_file:org/entur/jwt/spring/grpc/GrpcAutoConfiguration.class */
public class GrpcAutoConfiguration {
    private static Logger log = LoggerFactory.getLogger(GrpcAutoConfiguration.class);

    @Bean
    public ServerCallSecurityExceptionTranslator serverCallSecurityExceptionTranslator() {
        return new ServerCallSecurityExceptionTranslator();
    }

    @ConditionalOnMissingBean({TransmitStatusRuntimeExceptionInterceptor.class})
    @Bean
    public ServerCallStatusRuntimeExceptionTranslator serverCallStatusRuntimeExceptionTranslator() {
        return new ServerCallStatusRuntimeExceptionTranslator();
    }

    @Bean
    public <T> GrpcAuthenticationInterceptorFactory<T> grpcAuthenticationInterceptorFactory(SecurityProperties securityProperties, JwtVerifier<T> jwtVerifier, @Autowired(required = false) JwtMappedDiagnosticContextMapper<T> jwtMappedDiagnosticContextMapper, JwtAuthorityMapper<T> jwtAuthorityMapper, JwtClaimExtractor<T> jwtClaimExtractor, @Lazy HandlerExceptionResolver handlerExceptionResolver, GrpcPermitAll grpcPermitAll, JwtPrincipalMapper jwtPrincipalMapper, JwtDetailsMapper jwtDetailsMapper, List<ServerCallRuntimeExceptionTranslator> list) {
        GrpcServiceMethodFilter grpcServiceMethodFilter;
        if (grpcPermitAll.isActive()) {
            grpcServiceMethodFilter = getGrpcServiceMethodFilter(grpcPermitAll.getGrpc());
        } else {
            log.info("No anonymous GRPC calls allowed");
            grpcServiceMethodFilter = null;
        }
        return new GrpcAuthenticationInterceptorFactory<>(new JwtAuthenticationInterceptor(jwtVerifier, grpcServiceMethodFilter, jwtAuthorityMapper, jwtMappedDiagnosticContextMapper, jwtClaimExtractor, jwtPrincipalMapper, jwtDetailsMapper), list);
    }

    private GrpcServiceMethodFilter getGrpcServiceMethodFilter(GrpcServicesConfiguration grpcServicesConfiguration) {
        DefaultGrpcServiceMethodFilter defaultGrpcServiceMethodFilter = new DefaultGrpcServiceMethodFilter();
        for (ServiceMatcherConfiguration serviceMatcherConfiguration : grpcServicesConfiguration.getServices()) {
            if (isStar(serviceMatcherConfiguration.getMethods())) {
                log.info("Allow anonymous access to all methods of GRPC service " + serviceMatcherConfiguration.getName());
                defaultGrpcServiceMethodFilter.addService(serviceMatcherConfiguration.getName());
            } else {
                log.info("Allow anonymous access to methods " + serviceMatcherConfiguration.getMethods() + " of GRPC service " + serviceMatcherConfiguration.getName());
                Iterator<String> it = serviceMatcherConfiguration.getMethods().iterator();
                while (it.hasNext()) {
                    defaultGrpcServiceMethodFilter.addServiceMethod(serviceMatcherConfiguration.getName(), it.next());
                }
            }
        }
        return defaultGrpcServiceMethodFilter;
    }

    private boolean isStar(List<String> list) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().equals("*")) {
                return true;
            }
        }
        return false;
    }
}
