package uk.gov.justice.hmpps.kotlin.auth;

import java.util.Iterator;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.web.servlet.ConditionalOnMissingFilterBean;
import org.springframework.cache.CacheManager;
import org.springframework.cache.annotation.EnableCaching;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.AuthorizeHttpRequestsDsl;
import org.springframework.security.config.annotation.web.CsrfDsl;
import org.springframework.security.config.annotation.web.HeadersDsl;
import org.springframework.security.config.annotation.web.HttpSecurityDsl;
import org.springframework.security.config.annotation.web.HttpSecurityDslKt;
import org.springframework.security.config.annotation.web.OAuth2ResourceServerDsl;
import org.springframework.security.config.annotation.web.SessionManagementDsl;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.headers.FrameOptionsDsl;
import org.springframework.security.config.annotation.web.oauth2.resourceserver.JwtDsl;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.SecurityFilterChain;
import uk.gov.justice.hmpps.kotlin.auth.dsl.ResourceServerConfigurationCustomizer;
import uk.gov.justice.hmpps.kotlin.auth.dsl.ResourceServerConfigurationCustomizerDsl;

/* compiled from: HmppsResourceServerConfiguration.kt */
@EnableWebSecurity
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
@SourceDebugExtension({"SMAP\nHmppsResourceServerConfiguration.kt\nKotlin\n*S Kotlin\n*F\n+ 1 HmppsResourceServerConfiguration.kt\nuk/gov/justice/hmpps/kotlin/auth/HmppsResourceServerConfiguration\n+ 2 fake.kt\nkotlin/jvm/internal/FakeKt\n*L\n1#1,100:1\n1#2:101\n*E\n"})
@Configuration
@Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"��2\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0017\u0018��2\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\u0018\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\bH\u0017J\u001a\u0010\t\u001a\u00020\n2\b\b\u0001\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000eH\u0017J\b\u0010\u000f\u001a\u00020\bH\u0017¨\u0006\u0010"}, d2 = {"Luk/gov/justice/hmpps/kotlin/auth/HmppsResourceServerConfiguration;", "", "()V", "hmppsSecurityFilterChain", "Lorg/springframework/security/web/SecurityFilterChain;", "http", "Lorg/springframework/security/config/annotation/web/builders/HttpSecurity;", "customizer", "Luk/gov/justice/hmpps/kotlin/auth/dsl/ResourceServerConfigurationCustomizer;", "locallyCachedJwtDecoder", "Lorg/springframework/security/oauth2/jwt/JwtDecoder;", "jwkSetUri", "", "cacheManager", "Lorg/springframework/cache/CacheManager;", "resourceServerConfigurationCustomizer", "hmpps-kotlin-spring-boot-autoconfigure"})
@EnableMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
@EnableCaching
/* loaded from: input_file:uk/gov/justice/hmpps/kotlin/auth/HmppsResourceServerConfiguration.class */
public class HmppsResourceServerConfiguration {
    @ConditionalOnMissingFilterBean
    @Bean
    @NotNull
    public SecurityFilterChain hmppsSecurityFilterChain(@NotNull HttpSecurity httpSecurity, @NotNull final ResourceServerConfigurationCustomizer resourceServerConfigurationCustomizer) {
        Intrinsics.checkNotNullParameter(httpSecurity, "http");
        Intrinsics.checkNotNullParameter(resourceServerConfigurationCustomizer, "customizer");
        HttpSecurityDslKt.invoke(httpSecurity, new Function1<HttpSecurityDsl, Unit>() { // from class: uk.gov.justice.hmpps.kotlin.auth.HmppsResourceServerConfiguration$hmppsSecurityFilterChain$1
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(1);
            }

            public final void invoke(@NotNull HttpSecurityDsl httpSecurityDsl) {
                Intrinsics.checkNotNullParameter(httpSecurityDsl, "$this$invoke");
                httpSecurityDsl.sessionManagement(new Function1<SessionManagementDsl, Unit>() { // from class: uk.gov.justice.hmpps.kotlin.auth.HmppsResourceServerConfiguration$hmppsSecurityFilterChain$1.1
                    public final void invoke(@NotNull SessionManagementDsl sessionManagementDsl) {
                        Intrinsics.checkNotNullParameter(sessionManagementDsl, "$this$sessionManagement");
                        SessionCreationPolicy sessionCreationPolicy = SessionCreationPolicy.STATELESS;
                    }

                    public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                        invoke((SessionManagementDsl) obj);
                        return Unit.INSTANCE;
                    }
                });
                httpSecurityDsl.headers(new Function1<HeadersDsl, Unit>() { // from class: uk.gov.justice.hmpps.kotlin.auth.HmppsResourceServerConfiguration$hmppsSecurityFilterChain$1.2
                    public final void invoke(@NotNull HeadersDsl headersDsl) {
                        Intrinsics.checkNotNullParameter(headersDsl, "$this$headers");
                        headersDsl.frameOptions(new Function1<FrameOptionsDsl, Unit>() { // from class: uk.gov.justice.hmpps.kotlin.auth.HmppsResourceServerConfiguration.hmppsSecurityFilterChain.1.2.1
                            public final void invoke(@NotNull FrameOptionsDsl frameOptionsDsl) {
                                Intrinsics.checkNotNullParameter(frameOptionsDsl, "$this$frameOptions");
                                frameOptionsDsl.setSameOrigin(true);
                            }

                            public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                                invoke((FrameOptionsDsl) obj);
                                return Unit.INSTANCE;
                            }
                        });
                    }

                    public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                        invoke((HeadersDsl) obj);
                        return Unit.INSTANCE;
                    }
                });
                httpSecurityDsl.csrf(new Function1<CsrfDsl, Unit>() { // from class: uk.gov.justice.hmpps.kotlin.auth.HmppsResourceServerConfiguration$hmppsSecurityFilterChain$1.3
                    public final void invoke(@NotNull CsrfDsl csrfDsl) {
                        Intrinsics.checkNotNullParameter(csrfDsl, "$this$csrf");
                        csrfDsl.disable();
                    }

                    public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                        invoke((CsrfDsl) obj);
                        return Unit.INSTANCE;
                    }
                });
                final ResourceServerConfigurationCustomizer resourceServerConfigurationCustomizer2 = ResourceServerConfigurationCustomizer.this;
                httpSecurityDsl.authorizeHttpRequests(new Function1<AuthorizeHttpRequestsDsl, Unit>() { // from class: uk.gov.justice.hmpps.kotlin.auth.HmppsResourceServerConfiguration$hmppsSecurityFilterChain$1.4
                    {
                        super(1);
                    }

                    public final void invoke(@NotNull AuthorizeHttpRequestsDsl authorizeHttpRequestsDsl) {
                        Intrinsics.checkNotNullParameter(authorizeHttpRequestsDsl, "$this$authorizeHttpRequests");
                        Function1<AuthorizeHttpRequestsDsl, Unit> dsl = ResourceServerConfigurationCustomizer.this.getAuthorizeHttpRequestsCustomizer().getDsl();
                        if (dsl != null) {
                            dsl.invoke(authorizeHttpRequestsDsl);
                            return;
                        }
                        ResourceServerConfigurationCustomizer resourceServerConfigurationCustomizer3 = ResourceServerConfigurationCustomizer.this;
                        Iterator<T> it = resourceServerConfigurationCustomizer3.getUnauthorizedRequestPathsCustomizer().getUnauthorizedRequestPaths().iterator();
                        while (it.hasNext()) {
                            authorizeHttpRequestsDsl.authorize((String) it.next(), authorizeHttpRequestsDsl.getPermitAll());
                        }
                        String defaultRole = resourceServerConfigurationCustomizer3.getAnyRequestRoleCustomizer().getDefaultRole();
                        if (defaultRole != null) {
                            authorizeHttpRequestsDsl.authorize(authorizeHttpRequestsDsl.getAnyRequest(), authorizeHttpRequestsDsl.hasRole(defaultRole));
                        } else {
                            authorizeHttpRequestsDsl.authorize(authorizeHttpRequestsDsl.getAnyRequest(), authorizeHttpRequestsDsl.getAuthenticated());
                        }
                    }

                    public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                        invoke((AuthorizeHttpRequestsDsl) obj);
                        return Unit.INSTANCE;
                    }
                });
                httpSecurityDsl.oauth2ResourceServer(new Function1<OAuth2ResourceServerDsl, Unit>() { // from class: uk.gov.justice.hmpps.kotlin.auth.HmppsResourceServerConfiguration$hmppsSecurityFilterChain$1.5
                    public final void invoke(@NotNull OAuth2ResourceServerDsl oAuth2ResourceServerDsl) {
                        Intrinsics.checkNotNullParameter(oAuth2ResourceServerDsl, "$this$oauth2ResourceServer");
                        oAuth2ResourceServerDsl.jwt(new Function1<JwtDsl, Unit>() { // from class: uk.gov.justice.hmpps.kotlin.auth.HmppsResourceServerConfiguration.hmppsSecurityFilterChain.1.5.1
                            public final void invoke(@NotNull JwtDsl jwtDsl) {
                                Intrinsics.checkNotNullParameter(jwtDsl, "$this$jwt");
                                jwtDsl.setJwtAuthenticationConverter(new AuthAwareTokenConverter());
                            }

                            public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                                invoke((JwtDsl) obj);
                                return Unit.INSTANCE;
                            }
                        });
                    }

                    public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                        invoke((OAuth2ResourceServerDsl) obj);
                        return Unit.INSTANCE;
                    }
                });
            }

            public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                invoke((HttpSecurityDsl) obj);
                return Unit.INSTANCE;
            }
        });
        Unit unit = Unit.INSTANCE;
        SecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) httpSecurity.build();
        Intrinsics.checkNotNullExpressionValue(securityFilterChain, "let(...)");
        return securityFilterChain;
    }

    @ConditionalOnMissingBean
    @Bean
    @NotNull
    public ResourceServerConfigurationCustomizer resourceServerConfigurationCustomizer() {
        return ResourceServerConfigurationCustomizer.Companion.invoke(new Function1<ResourceServerConfigurationCustomizerDsl, Unit>() { // from class: uk.gov.justice.hmpps.kotlin.auth.HmppsResourceServerConfiguration$resourceServerConfigurationCustomizer$1
            public final void invoke(@NotNull ResourceServerConfigurationCustomizerDsl resourceServerConfigurationCustomizerDsl) {
                Intrinsics.checkNotNullParameter(resourceServerConfigurationCustomizerDsl, "$this$invoke");
            }

            public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                invoke((ResourceServerConfigurationCustomizerDsl) obj);
                return Unit.INSTANCE;
            }
        });
    }

    @ConditionalOnMissingBean
    @Bean
    @NotNull
    public JwtDecoder locallyCachedJwtDecoder(@Value("${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}") @NotNull String str, @NotNull CacheManager cacheManager) {
        Intrinsics.checkNotNullParameter(str, "jwkSetUri");
        Intrinsics.checkNotNullParameter(cacheManager, "cacheManager");
        JwtDecoder build = NimbusJwtDecoder.withJwkSetUri(str).cache(cacheManager.getCache("jwks")).build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        return build;
    }
}
