package cn.dustlight.auth.resources;

import cn.dustlight.auth.resources.services.AuthJwtAuthenticationConverter;
import cn.dustlight.auth.resources.services.ReactiveAuthOpaqueTokenIntrospector;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;

@Configuration
/* loaded from: input_file:cn/dustlight/auth/resources/AuthSecurityWebFilterChainConfiguration.class */
public class AuthSecurityWebFilterChainConfiguration {
    protected Log logger = LogFactory.getLog(AuthSecurityWebFilterChainConfiguration.class);

    @ConditionalOnProperty(prefix = "dustlight.auth.oauth2.resource-server", name = {"token-type"}, havingValue = "jwt", matchIfMissing = true)
    @Bean
    public SecurityWebFilterChain jwtSpringSecurityFilterChain(@Autowired ServerHttpSecurity serverHttpSecurity, @Autowired AuthResourceServerProperties authResourceServerProperties, @Autowired AuthJwtAuthenticationConverter authJwtAuthenticationConverter) {
        this.logger.info("Token Type: Jwt");
        return configure(serverHttpSecurity).httpBasic().disable().formLogin().disable().cors().and().csrf().disable().oauth2ResourceServer().jwt().jwkSetUri(authResourceServerProperties.getJwkSetUri()).jwtAuthenticationConverter(authJwtAuthenticationConverter).and().and().build();
    }

    @ConditionalOnProperty(prefix = "dustlight.auth.oauth2.resource-server", name = {"token-type"}, havingValue = "opaque")
    @Bean
    public SecurityWebFilterChain opaqueSpringSecurityFilterChain(@Autowired ServerHttpSecurity serverHttpSecurity, @Autowired AuthResourceServerProperties authResourceServerProperties, @Autowired ReactiveAuthOpaqueTokenIntrospector reactiveAuthOpaqueTokenIntrospector) {
        this.logger.info("Token Type: Opaque");
        return configure(serverHttpSecurity).httpBasic().disable().formLogin().disable().cors().and().csrf().disable().oauth2ResourceServer().opaqueToken().introspector(reactiveAuthOpaqueTokenIntrospector).and().and().build();
    }

    protected ServerHttpSecurity configure(ServerHttpSecurity serverHttpSecurity) {
        return ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) serverHttpSecurity.authorizeExchange().pathMatchers(HttpMethod.OPTIONS, new String[]{"/**"})).permitAll().anyExchange().authenticated().and();
    }
}
