package inc.yukawa.chain.security.jwt.config;

import inc.yukawa.chain.security.jwt.flux.JwtFluxAuthenticationManager;
import inc.yukawa.chain.security.jwt.flux.JwtFluxSecurityContextRepository;
import inc.yukawa.chain.security.jwt.token.JwsTokenReader;
import java.util.Arrays;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.server.context.ServerSecurityContextRepository;
import reactor.core.publisher.Mono;

/* loaded from: input_file:inc/yukawa/chain/security/jwt/config/WebFluxSecurityBase.class */
public abstract class WebFluxSecurityBase {

    @Autowired
    protected ReactiveAuthenticationManager authenticationManager;

    @Autowired
    protected ServerSecurityContextRepository securityContextRepository;

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public ReactiveAuthenticationManager authenticationManager(JwsTokenReader jwsTokenReader) {
        return new JwtFluxAuthenticationManager(jwsTokenReader);
    }

    @Bean
    public ServerSecurityContextRepository securityContextRepository(ReactiveAuthenticationManager reactiveAuthenticationManager) {
        return new JwtFluxSecurityContextRepository(reactiveAuthenticationManager);
    }

    protected ServerHttpSecurity configureOpen(ServerHttpSecurity serverHttpSecurity) {
        return ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) serverHttpSecurity.csrf().disable().authorizeExchange().pathMatchers(new String[]{"/**"})).permitAll().and();
    }

    protected ServerHttpSecurity configureBase(ServerHttpSecurity serverHttpSecurity) {
        return ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) serverHttpSecurity.exceptionHandling().authenticationEntryPoint((serverWebExchange, authenticationException) -> {
            return Mono.fromRunnable(() -> {
                serverWebExchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
            });
        }).accessDeniedHandler((serverWebExchange2, accessDeniedException) -> {
            return Mono.fromRunnable(() -> {
                serverWebExchange2.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
            });
        }).and().csrf().disable().formLogin().disable().httpBasic().disable().authenticationManager(this.authenticationManager).securityContextRepository(this.securityContextRepository).authorizeExchange().pathMatchers(HttpMethod.OPTIONS)).permitAll().pathMatchers((String[]) permitAllEndpoints().toArray(new String[0]))).permitAll().and();
    }

    public List<String> permitAllEndpoints() {
        return Arrays.asList("/error**", "/webjars/**", "/swagger.json", "/swagger-ui.html**", "/swagger-resources/**", "/v2/api-docs", "/v2/api-docs/**");
    }

    protected Mono<AuthorizationDecision> matchAuthority(Mono<Authentication> mono, String str) {
        return mono.map(authentication -> {
            return Boolean.valueOf(authentication.getAuthorities().stream().anyMatch(grantedAuthority -> {
                return grantedAuthority.getAuthority().matches(str);
            }));
        }).map((v1) -> {
            return new AuthorizationDecision(v1);
        });
    }

    protected Mono<AuthorizationDecision> hasAnyAuthority(Mono<Authentication> mono, String... strArr) {
        return matchAuthority(mono, String.join("|", strArr));
    }
}
