package io.choerodon.resource.config;

import io.choerodon.core.oauth.CustomTokenConverter;
import io.choerodon.resource.filter.JwtTokenExtractor;
import io.choerodon.resource.filter.JwtTokenFilter;
import io.choerodon.resource.permission.PublicPermissionOperationPlugin;
import javax.servlet.DispatcherType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

/* loaded from: input_file:io/choerodon/resource/config/ChoerodonResourceServerConfiguration.class */
public class ChoerodonResourceServerConfiguration extends WebSecurityConfigurerAdapter {
    private static final Logger LOGGER = LoggerFactory.getLogger(ChoerodonResourceServerConfiguration.class);

    @Value("${choerodon.oauth.jwt.key:choerodon}")
    private String key;

    @Value("${choerodon.resource.pattern:/v1/*}")
    private String pattern;

    public void configure(WebSecurity webSecurity) throws Exception {
        ((WebSecurity.IgnoredRequestConfigurer) webSecurity.ignoring().antMatchers(new String[]{"/v1/**"})).antMatchers(new String[]{"/prometheus"});
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.httpBasic().disable();
    }

    @Bean
    public FilterRegistrationBean someFilterRegistration(JwtTokenFilter jwtTokenFilter) {
        FilterRegistrationBean filterRegistrationBean = new FilterRegistrationBean();
        filterRegistrationBean.setFilter(jwtTokenFilter);
        filterRegistrationBean.addUrlPatterns(new String[]{this.pattern});
        filterRegistrationBean.setName("jwtTokenFilter");
        filterRegistrationBean.setOrder(Integer.MAX_VALUE);
        filterRegistrationBean.setDispatcherTypes(DispatcherType.REQUEST, new DispatcherType[0]);
        return filterRegistrationBean;
    }

    @Bean
    public JwtTokenExtractor jwtTokenExtractor() {
        return new JwtTokenExtractor();
    }

    @Bean
    public JwtTokenFilter jwtTokenFilter(PublicPermissionOperationPlugin publicPermissionOperationPlugin, JwtTokenExtractor jwtTokenExtractor) {
        return new JwtTokenFilter(tokenServices(), jwtTokenExtractor, publicPermissionOperationPlugin.getPublicPaths());
    }

    private DefaultTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        return defaultTokenServices;
    }

    private TokenStore tokenStore() {
        return new JwtTokenStore(accessTokenConverter());
    }

    private JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        jwtAccessTokenConverter.setAccessTokenConverter(new CustomTokenConverter());
        jwtAccessTokenConverter.setSigningKey(this.key);
        try {
            jwtAccessTokenConverter.afterPropertiesSet();
        } catch (Exception e) {
            LOGGER.warn("error.ChoerodonResourceServerConfiguration.accessTokenConverter {}", e);
        }
        return jwtAccessTokenConverter;
    }
}
