package inc.yukawa.chain.security.boot.config;

import com.fasterxml.classmate.TypeResolver;
import inc.yukawa.chain.base.rest.config.SwaggerConfigBase;
import inc.yukawa.chain.base.webflux.springfox.RecursiveAlternateTypeRule;
import inc.yukawa.chain.kafka.util.StreamUtil;
import inc.yukawa.chain.security.flux.rest.TokenAuthFluxController;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.function.Predicate;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.web.server.ServerWebExchange;
import springfox.documentation.builders.ApiInfoBuilder;
import springfox.documentation.builders.OAuthBuilder;
import springfox.documentation.builders.PathSelectors;
import springfox.documentation.builders.RequestHandlerSelectors;
import springfox.documentation.schema.AlternateTypeRule;
import springfox.documentation.service.ApiInfo;
import springfox.documentation.service.AuthorizationScope;
import springfox.documentation.service.Contact;
import springfox.documentation.service.GrantType;
import springfox.documentation.service.ResourceOwnerPasswordCredentialsGrant;
import springfox.documentation.service.SecurityReference;
import springfox.documentation.service.SecurityScheme;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spi.service.contexts.SecurityContext;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger.web.SecurityConfiguration;
import springfox.documentation.swagger.web.SecurityConfigurationBuilder;
import springfox.documentation.swagger2.annotations.EnableSwagger2WebFlux;

@Profile({"!prod"})
@Configuration
@EnableSwagger2WebFlux
/* loaded from: input_file:inc/yukawa/chain/security/boot/config/SwaggerConfig.class */
public class SwaggerConfig extends SwaggerConfigBase {

    @Autowired(required = false)
    @Qualifier("security.PermitEndpoints")
    private List<String> permitAllEndpoints;

    @Autowired
    private TypeResolver resolver;

    @Profile({"jwt", "!open"})
    @Bean
    public Docket api() {
        return apiBase().securitySchemes(securitySchemes()).securityContexts(securityContexts());
    }

    @Profile({"open"})
    @Bean
    public Docket apiOpen() {
        return apiBase();
    }

    protected Docket apiBase() {
        return new Docket(DocumentationType.SWAGGER_2).host(swaggerHost()).protocols(new HashSet(Arrays.asList(swaggerSchemes()))).apiInfo(apiInfo()).select().apis(RequestHandlerSelectors.basePackage(TokenAuthFluxController.class.getPackage().getName())).paths(PathSelectors.any()).build().directModelSubstitute(Instant.class, String.class).ignoredParameterTypes(new Class[]{ServerWebExchange.class}).alternateTypeRules(new AlternateTypeRule[]{RecursiveAlternateTypeRule.ruleMono(this.resolver)}).alternateTypeRules(new AlternateTypeRule[]{RecursiveAlternateTypeRule.ruleFlux(this.resolver)});
    }

    private ApiInfo apiInfo() {
        return new ApiInfoBuilder().contact(contract()).title("CHAIN Security").description(String.format("%s:%d (%s)", StreamUtil.initHostAddress("auto"), Integer.valueOf(this.extPort), new Date())).version(this.version).build();
    }

    private Contact contract() {
        return new Contact("Yukawa Systems", "https://www.yukawa.de/chain", "info@chain.yukawa.de");
    }

    private List<SecurityScheme> securitySchemes() {
        return Arrays.asList(oauth());
    }

    private List<SecurityContext> securityContexts() {
        Predicate any = PathSelectors.any();
        if (this.permitAllEndpoints != null) {
            Iterator<String> it = this.permitAllEndpoints.iterator();
            while (it.hasNext()) {
                any = any.and(PathSelectors.ant(it.next()).negate());
            }
        }
        return Collections.singletonList(SecurityContext.builder().securityReferences(tokenAuthRefs()).forPaths(any).build());
    }

    SecurityScheme oauth() {
        return new OAuthBuilder().name("OAuthLogin").scopes(Arrays.asList(scopes())).grantTypes(grantTypes()).build();
    }

    List<GrantType> grantTypes() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new ResourceOwnerPasswordCredentialsGrant(swaggerLoginFormUrl()));
        return arrayList;
    }

    private AuthorizationScope[] scopes() {
        return new AuthorizationScope[0];
    }

    @Profile({"!open"})
    @Bean
    SecurityConfiguration securityConfiguration() {
        return SecurityConfigurationBuilder.builder().clientId(clientId()).realm("ChainRealm").appName(this.appPrefix + "security").scopeSeparator(",").useBasicAuthenticationWithAccessCodeGrant(false).build();
    }

    protected List<SecurityReference> tokenAuthRefs() {
        return Arrays.asList(new SecurityReference("OAuthLogin", scopes()));
    }

    protected String clientId() {
        return null;
    }
}
