package uk.gov.justice.hmpps.kotlin.auth;

import java.util.Iterator;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.web.servlet.ConditionalOnMissingFilterBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableReactiveMethodSecurity;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.AuthorizeExchangeDsl;
import org.springframework.security.config.web.server.ServerCsrfDsl;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurityDsl;
import org.springframework.security.config.web.server.ServerHttpSecurityDslKt;
import org.springframework.security.config.web.server.ServerJwtDsl;
import org.springframework.security.config.web.server.ServerOAuth2ResourceServerDsl;
import org.springframework.security.web.server.SecurityWebFilterChain;
import uk.gov.justice.hmpps.kotlin.auth.dsl.ResourceServerConfigurationCustomizer;
import uk.gov.justice.hmpps.kotlin.auth.dsl.ResourceServerConfigurationCustomizerDsl;

/* compiled from: HmppsResourceServerConfiguration.kt */
@Configuration
@EnableWebFluxSecurity
@Metadata(mv = {1, 9, 0}, k = 1, xi = 48, d1 = {"�� \n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0017\u0018��2\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002J\u0018\u0010\u0003\u001a\u00020\u00042\u0006\u0010\u0005\u001a\u00020\u00062\u0006\u0010\u0007\u001a\u00020\bH\u0017J\b\u0010\t\u001a\u00020\bH\u0017¨\u0006\n"}, d2 = {"Luk/gov/justice/hmpps/kotlin/auth/HmppsReactiveResourceServerConfiguration;", "", "()V", "hmppsSecurityWebFilterChain", "Lorg/springframework/security/web/server/SecurityWebFilterChain;", "http", "Lorg/springframework/security/config/web/server/ServerHttpSecurity;", "customizer", "Luk/gov/justice/hmpps/kotlin/auth/dsl/ResourceServerConfigurationCustomizer;", "resourceServerConfigurationCustomizer", "hmpps-kotlin-spring-boot-autoconfigure"})
@EnableReactiveMethodSecurity(useAuthorizationManager = false)
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
/* loaded from: input_file:uk/gov/justice/hmpps/kotlin/auth/HmppsReactiveResourceServerConfiguration.class */
public class HmppsReactiveResourceServerConfiguration {
    @ConditionalOnMissingFilterBean
    @Bean
    @NotNull
    public SecurityWebFilterChain hmppsSecurityWebFilterChain(@NotNull ServerHttpSecurity serverHttpSecurity, @NotNull final ResourceServerConfigurationCustomizer resourceServerConfigurationCustomizer) {
        Intrinsics.checkNotNullParameter(serverHttpSecurity, "http");
        Intrinsics.checkNotNullParameter(resourceServerConfigurationCustomizer, "customizer");
        return ServerHttpSecurityDslKt.invoke(serverHttpSecurity, new Function1<ServerHttpSecurityDsl, Unit>() { // from class: uk.gov.justice.hmpps.kotlin.auth.HmppsReactiveResourceServerConfiguration$hmppsSecurityWebFilterChain$1
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super(1);
            }

            public final void invoke(@NotNull ServerHttpSecurityDsl serverHttpSecurityDsl) {
                Intrinsics.checkNotNullParameter(serverHttpSecurityDsl, "$this$invoke");
                serverHttpSecurityDsl.csrf(new Function1<ServerCsrfDsl, Unit>() { // from class: uk.gov.justice.hmpps.kotlin.auth.HmppsReactiveResourceServerConfiguration$hmppsSecurityWebFilterChain$1.1
                    public final void invoke(@NotNull ServerCsrfDsl serverCsrfDsl) {
                        Intrinsics.checkNotNullParameter(serverCsrfDsl, "$this$csrf");
                        serverCsrfDsl.disable();
                    }

                    public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                        invoke((ServerCsrfDsl) obj);
                        return Unit.INSTANCE;
                    }
                });
                final ResourceServerConfigurationCustomizer resourceServerConfigurationCustomizer2 = ResourceServerConfigurationCustomizer.this;
                serverHttpSecurityDsl.authorizeExchange(new Function1<AuthorizeExchangeDsl, Unit>() { // from class: uk.gov.justice.hmpps.kotlin.auth.HmppsReactiveResourceServerConfiguration$hmppsSecurityWebFilterChain$1.2
                    {
                        super(1);
                    }

                    public final void invoke(@NotNull AuthorizeExchangeDsl authorizeExchangeDsl) {
                        Intrinsics.checkNotNullParameter(authorizeExchangeDsl, "$this$authorizeExchange");
                        Function1<AuthorizeExchangeDsl, Unit> dsl = ResourceServerConfigurationCustomizer.this.getAuthorizeExchangeCustomizer().getDsl();
                        if (dsl != null) {
                            dsl.invoke(authorizeExchangeDsl);
                            return;
                        }
                        ResourceServerConfigurationCustomizer resourceServerConfigurationCustomizer3 = ResourceServerConfigurationCustomizer.this;
                        Iterator<T> it = resourceServerConfigurationCustomizer3.getUnauthorizedRequestPathsCustomizer().getUnauthorizedRequestPaths().iterator();
                        while (it.hasNext()) {
                            authorizeExchangeDsl.authorize((String) it.next(), authorizeExchangeDsl.getPermitAll());
                        }
                        String defaultRole = resourceServerConfigurationCustomizer3.getAnyRequestRoleCustomizer().getDefaultRole();
                        if (defaultRole != null) {
                            authorizeExchangeDsl.authorize(authorizeExchangeDsl.getAnyExchange(), authorizeExchangeDsl.hasRole(defaultRole));
                        } else {
                            authorizeExchangeDsl.authorize(authorizeExchangeDsl.getAnyExchange(), authorizeExchangeDsl.getAuthenticated());
                        }
                    }

                    public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                        invoke((AuthorizeExchangeDsl) obj);
                        return Unit.INSTANCE;
                    }
                });
                serverHttpSecurityDsl.oauth2ResourceServer(new Function1<ServerOAuth2ResourceServerDsl, Unit>() { // from class: uk.gov.justice.hmpps.kotlin.auth.HmppsReactiveResourceServerConfiguration$hmppsSecurityWebFilterChain$1.3
                    public final void invoke(@NotNull ServerOAuth2ResourceServerDsl serverOAuth2ResourceServerDsl) {
                        Intrinsics.checkNotNullParameter(serverOAuth2ResourceServerDsl, "$this$oauth2ResourceServer");
                        serverOAuth2ResourceServerDsl.jwt(new Function1<ServerJwtDsl, Unit>() { // from class: uk.gov.justice.hmpps.kotlin.auth.HmppsReactiveResourceServerConfiguration.hmppsSecurityWebFilterChain.1.3.1
                            public final void invoke(@NotNull ServerJwtDsl serverJwtDsl) {
                                Intrinsics.checkNotNullParameter(serverJwtDsl, "$this$jwt");
                                serverJwtDsl.setJwtAuthenticationConverter(new AuthAwareReactiveTokenConverter());
                            }

                            public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                                invoke((ServerJwtDsl) obj);
                                return Unit.INSTANCE;
                            }
                        });
                    }

                    public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                        invoke((ServerOAuth2ResourceServerDsl) obj);
                        return Unit.INSTANCE;
                    }
                });
            }

            public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                invoke((ServerHttpSecurityDsl) obj);
                return Unit.INSTANCE;
            }
        });
    }

    @ConditionalOnMissingBean
    @Bean
    @NotNull
    public ResourceServerConfigurationCustomizer resourceServerConfigurationCustomizer() {
        return ResourceServerConfigurationCustomizer.Companion.invoke(new Function1<ResourceServerConfigurationCustomizerDsl, Unit>() { // from class: uk.gov.justice.hmpps.kotlin.auth.HmppsReactiveResourceServerConfiguration$resourceServerConfigurationCustomizer$1
            public final void invoke(@NotNull ResourceServerConfigurationCustomizerDsl resourceServerConfigurationCustomizerDsl) {
                Intrinsics.checkNotNullParameter(resourceServerConfigurationCustomizerDsl, "$this$invoke");
            }

            public /* bridge */ /* synthetic */ Object invoke(Object obj) {
                invoke((ResourceServerConfigurationCustomizerDsl) obj);
                return Unit.INSTANCE;
            }
        });
    }
}
