package uk.gov.justice.hmpps.kotlin.auth;

import java.util.Iterator;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.web.servlet.ConditionalOnMissingFilterBean;
import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration;
import org.springframework.cache.concurrent.ConcurrentMapCache;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.AuthorizeHttpRequestsDsl;
import org.springframework.security.config.annotation.web.CsrfDsl;
import org.springframework.security.config.annotation.web.HeadersDsl;
import org.springframework.security.config.annotation.web.HttpSecurityDsl;
import org.springframework.security.config.annotation.web.HttpSecurityDslKt;
import org.springframework.security.config.annotation.web.OAuth2ResourceServerDsl;
import org.springframework.security.config.annotation.web.SessionManagementDsl;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.headers.FrameOptionsDsl;
import org.springframework.security.config.annotation.web.oauth2.resourceserver.JwtDsl;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.SecurityFilterChain;
import uk.gov.justice.hmpps.kotlin.auth.dsl.ResourceServerConfigurationCustomizer;
import uk.gov.justice.hmpps.kotlin.auth.dsl.ResourceServerConfigurationCustomizerDsl;

/* compiled from: HmppsResourceServerConfiguration.kt */
@AutoConfigureBefore({WebMvcAutoConfiguration.class})
@EnableWebSecurity
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
@SourceDebugExtension({"SMAP\nHmppsResourceServerConfiguration.kt\nKotlin\n*S Kotlin\n*F\n+ 1 HmppsResourceServerConfiguration.kt\nuk/gov/justice/hmpps/kotlin/auth/HmppsResourceServerConfiguration\n+ 2 fake.kt\nkotlin/jvm/internal/FakeKt\n+ 3 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n*L\n1#1,102:1\n1#2:103\n1863#3,2:104\n*S KotlinDebug\n*F\n+ 1 HmppsResourceServerConfiguration.kt\nuk/gov/justice/hmpps/kotlin/auth/HmppsResourceServerConfiguration\n*L\n49#1:104,2\n*E\n"})
@Configuration
@Metadata(mv = {2, 0, 0}, k = 1, xi = 48, d1 = {"��,\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n��\b\u0017\u0018��2\u00020\u0001B\u0007¢\u0006\u0004\b\u0002\u0010\u0003J\u0018\u0010\u0004\u001a\u00020\u00052\u0006\u0010\u0006\u001a\u00020\u00072\u0006\u0010\b\u001a\u00020\tH\u0017J\b\u0010\n\u001a\u00020\tH\u0017J\u0012\u0010\u000b\u001a\u00020\f2\b\b\u0001\u0010\r\u001a\u00020\u000eH\u0017¨\u0006\u000f"}, d2 = {"Luk/gov/justice/hmpps/kotlin/auth/HmppsResourceServerConfiguration;", "", "<init>", "()V", "hmppsSecurityFilterChain", "Lorg/springframework/security/web/SecurityFilterChain;", "http", "Lorg/springframework/security/config/annotation/web/builders/HttpSecurity;", "customizer", "Luk/gov/justice/hmpps/kotlin/auth/dsl/ResourceServerConfigurationCustomizer;", "resourceServerConfigurationCustomizer", "locallyCachedJwtDecoder", "Lorg/springframework/security/oauth2/jwt/JwtDecoder;", "jwkSetUri", "", "hmpps-kotlin-spring-boot-autoconfigure"})
@EnableMethodSecurity(prePostEnabled = true, proxyTargetClass = true)
/* loaded from: input_file:uk/gov/justice/hmpps/kotlin/auth/HmppsResourceServerConfiguration.class */
public class HmppsResourceServerConfiguration {
    @ConditionalOnMissingFilterBean
    @Bean
    @NotNull
    public SecurityFilterChain hmppsSecurityFilterChain(@NotNull HttpSecurity httpSecurity, @NotNull ResourceServerConfigurationCustomizer resourceServerConfigurationCustomizer) {
        Intrinsics.checkNotNullParameter(httpSecurity, "http");
        Intrinsics.checkNotNullParameter(resourceServerConfigurationCustomizer, "customizer");
        HttpSecurityDslKt.invoke(httpSecurity, (v1) -> {
            return hmppsSecurityFilterChain$lambda$12(r1, v1);
        });
        Unit unit = Unit.INSTANCE;
        SecurityFilterChain securityFilterChain = (DefaultSecurityFilterChain) httpSecurity.build();
        Intrinsics.checkNotNullExpressionValue(securityFilterChain, "let(...)");
        return securityFilterChain;
    }

    @ConditionalOnMissingBean
    @Bean
    @NotNull
    public ResourceServerConfigurationCustomizer resourceServerConfigurationCustomizer() {
        return ResourceServerConfigurationCustomizer.Companion.invoke(HmppsResourceServerConfiguration::resourceServerConfigurationCustomizer$lambda$14);
    }

    @ConditionalOnMissingBean
    @Bean
    @NotNull
    public JwtDecoder locallyCachedJwtDecoder(@Value("${spring.security.oauth2.resourceserver.jwt.jwk-set-uri}") @NotNull String str) {
        Intrinsics.checkNotNullParameter(str, "jwkSetUri");
        JwtDecoder build = NimbusJwtDecoder.withJwkSetUri(str).cache(new ConcurrentMapCache("jwks")).build();
        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
        return build;
    }

    private static final Unit hmppsSecurityFilterChain$lambda$12$lambda$0(SessionManagementDsl sessionManagementDsl) {
        Intrinsics.checkNotNullParameter(sessionManagementDsl, "$this$sessionManagement");
        SessionCreationPolicy sessionCreationPolicy = SessionCreationPolicy.STATELESS;
        return Unit.INSTANCE;
    }

    private static final Unit hmppsSecurityFilterChain$lambda$12$lambda$2$lambda$1(FrameOptionsDsl frameOptionsDsl) {
        Intrinsics.checkNotNullParameter(frameOptionsDsl, "$this$frameOptions");
        frameOptionsDsl.setSameOrigin(true);
        return Unit.INSTANCE;
    }

    private static final Unit hmppsSecurityFilterChain$lambda$12$lambda$2(HeadersDsl headersDsl) {
        Intrinsics.checkNotNullParameter(headersDsl, "$this$headers");
        headersDsl.frameOptions(HmppsResourceServerConfiguration::hmppsSecurityFilterChain$lambda$12$lambda$2$lambda$1);
        return Unit.INSTANCE;
    }

    private static final Unit hmppsSecurityFilterChain$lambda$12$lambda$3(CsrfDsl csrfDsl) {
        Intrinsics.checkNotNullParameter(csrfDsl, "$this$csrf");
        csrfDsl.disable();
        return Unit.INSTANCE;
    }

    private static final Unit hmppsSecurityFilterChain$lambda$12$lambda$9(ResourceServerConfigurationCustomizer resourceServerConfigurationCustomizer, AuthorizeHttpRequestsDsl authorizeHttpRequestsDsl) {
        Intrinsics.checkNotNullParameter(resourceServerConfigurationCustomizer, "$customizer");
        Intrinsics.checkNotNullParameter(authorizeHttpRequestsDsl, "$this$authorizeHttpRequests");
        Function1<AuthorizeHttpRequestsDsl, Unit> dsl = resourceServerConfigurationCustomizer.getAuthorizeHttpRequestsCustomizer().getDsl();
        if (dsl != null) {
            dsl.invoke(authorizeHttpRequestsDsl);
        } else {
            Iterator<T> it = resourceServerConfigurationCustomizer.getUnauthorizedRequestPathsCustomizer().getUnauthorizedRequestPaths().iterator();
            while (it.hasNext()) {
                authorizeHttpRequestsDsl.authorize((String) it.next(), authorizeHttpRequestsDsl.getPermitAll());
            }
            String defaultRole = resourceServerConfigurationCustomizer.getAnyRequestRoleCustomizer().getDefaultRole();
            if (defaultRole != null) {
                authorizeHttpRequestsDsl.authorize(authorizeHttpRequestsDsl.getAnyRequest(), authorizeHttpRequestsDsl.hasRole(defaultRole));
            } else {
                authorizeHttpRequestsDsl.authorize(authorizeHttpRequestsDsl.getAnyRequest(), authorizeHttpRequestsDsl.getAuthenticated());
            }
        }
        return Unit.INSTANCE;
    }

    private static final Unit hmppsSecurityFilterChain$lambda$12$lambda$11$lambda$10(JwtDsl jwtDsl) {
        Intrinsics.checkNotNullParameter(jwtDsl, "$this$jwt");
        jwtDsl.setJwtAuthenticationConverter(new AuthAwareTokenConverter());
        return Unit.INSTANCE;
    }

    private static final Unit hmppsSecurityFilterChain$lambda$12$lambda$11(OAuth2ResourceServerDsl oAuth2ResourceServerDsl) {
        Intrinsics.checkNotNullParameter(oAuth2ResourceServerDsl, "$this$oauth2ResourceServer");
        oAuth2ResourceServerDsl.jwt(HmppsResourceServerConfiguration::hmppsSecurityFilterChain$lambda$12$lambda$11$lambda$10);
        return Unit.INSTANCE;
    }

    private static final Unit hmppsSecurityFilterChain$lambda$12(ResourceServerConfigurationCustomizer resourceServerConfigurationCustomizer, HttpSecurityDsl httpSecurityDsl) {
        Intrinsics.checkNotNullParameter(resourceServerConfigurationCustomizer, "$customizer");
        Intrinsics.checkNotNullParameter(httpSecurityDsl, "$this$http");
        httpSecurityDsl.sessionManagement(HmppsResourceServerConfiguration::hmppsSecurityFilterChain$lambda$12$lambda$0);
        httpSecurityDsl.headers(HmppsResourceServerConfiguration::hmppsSecurityFilterChain$lambda$12$lambda$2);
        httpSecurityDsl.csrf(HmppsResourceServerConfiguration::hmppsSecurityFilterChain$lambda$12$lambda$3);
        httpSecurityDsl.authorizeHttpRequests((v1) -> {
            return hmppsSecurityFilterChain$lambda$12$lambda$9(r1, v1);
        });
        httpSecurityDsl.oauth2ResourceServer(HmppsResourceServerConfiguration::hmppsSecurityFilterChain$lambda$12$lambda$11);
        return Unit.INSTANCE;
    }

    private static final Unit resourceServerConfigurationCustomizer$lambda$14(ResourceServerConfigurationCustomizerDsl resourceServerConfigurationCustomizerDsl) {
        Intrinsics.checkNotNullParameter(resourceServerConfigurationCustomizerDsl, "$this$ResourceServerConfigurationCustomizer");
        return Unit.INSTANCE;
    }
}
