package com.naturalprogrammer.spring.lemon.commonsreactive.security;

import com.naturalprogrammer.spring.lemon.commons.security.BlueTokenService;
import com.naturalprogrammer.spring.lemon.commons.security.LemonPrincipal;
import com.naturalprogrammer.spring.lemon.commons.security.UserDto;
import com.naturalprogrammer.spring.lemon.commons.util.LecUtils;
import com.naturalprogrammer.spring.lemon.exceptions.util.LexUtils;
import com.nimbusds.jwt.JWTClaimsSet;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.authentication.AuthenticationWebFilter;
import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
import org.springframework.security.web.server.context.NoOpServerSecurityContextRepository;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/naturalprogrammer/spring/lemon/commonsreactive/security/LemonCommonsReactiveSecurityConfig.class */
public class LemonCommonsReactiveSecurityConfig {
    private static final Log log = LogFactory.getLog(LemonCommonsReactiveSecurityConfig.class);
    protected BlueTokenService blueTokenService;

    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity serverHttpSecurity) {
        log.info("Configuring SecurityWebFilterChain ...");
        formLogin(serverHttpSecurity);
        authorizeExchange(serverHttpSecurity);
        oauth2Login(serverHttpSecurity);
        return serverHttpSecurity.securityContextRepository(NoOpServerSecurityContextRepository.getInstance()).exceptionHandling().accessDeniedHandler((serverWebExchange, accessDeniedException) -> {
            return Mono.error(accessDeniedException);
        }).authenticationEntryPoint((serverWebExchange2, authenticationException) -> {
            return Mono.error(authenticationException);
        }).and().cors().and().csrf().disable().addFilterAt(tokenAuthenticationFilter(), SecurityWebFiltersOrder.AUTHENTICATION).logout().disable().build();
    }

    protected void oauth2Login(ServerHttpSecurity serverHttpSecurity) {
    }

    protected void authorizeExchange(ServerHttpSecurity serverHttpSecurity) {
        serverHttpSecurity.authorizeExchange().anyExchange().permitAll();
    }

    protected void formLogin(ServerHttpSecurity serverHttpSecurity) {
    }

    protected AuthenticationWebFilter tokenAuthenticationFilter() {
        AuthenticationWebFilter authenticationWebFilter = new AuthenticationWebFilter(tokenAuthenticationManager());
        authenticationWebFilter.setServerAuthenticationConverter(tokenAuthenticationConverter());
        authenticationWebFilter.setAuthenticationFailureHandler((webFilterExchange, authenticationException) -> {
            return Mono.error(authenticationException);
        });
        return authenticationWebFilter;
    }

    protected ReactiveAuthenticationManager tokenAuthenticationManager() {
        return authentication -> {
            log.debug("Authenticating with token ...");
            String str = (String) authentication.getCredentials();
            JWTClaimsSet parseToken = this.blueTokenService.parseToken(str, "auth");
            UserDto userDto = LecUtils.getUserDto(parseToken);
            return (userDto == null ? fetchUserDto(parseToken) : Mono.just(userDto)).map(LemonPrincipal::new).doOnNext((v0) -> {
                v0.eraseCredentials();
            }).map(lemonPrincipal -> {
                return new UsernamePasswordAuthenticationToken(lemonPrincipal, str, lemonPrincipal.getAuthorities());
            });
        };
    }

    protected Mono<UserDto> fetchUserDto(JWTClaimsSet jWTClaimsSet) {
        return Mono.error(new AuthenticationCredentialsNotFoundException(LexUtils.getMessage("com.naturalprogrammer.spring.userClaimAbsent", new Object[0])));
    }

    protected ServerAuthenticationConverter tokenAuthenticationConverter() {
        return serverWebExchange -> {
            String first = serverWebExchange.getRequest().getHeaders().getFirst("Authorization");
            return (first == null || !first.startsWith("Bearer ")) ? Mono.empty() : Mono.just(new UsernamePasswordAuthenticationToken((Object) null, first.substring(7)));
        };
    }

    public LemonCommonsReactiveSecurityConfig(BlueTokenService blueTokenService) {
        this.blueTokenService = blueTokenService;
    }
}
