package help.lixin.security.config;

import help.lixin.security.service.IPathCustomizerService;
import help.lixin.security.service.IPermissionListService;
import help.lixin.security.service.IPublicKeyService;
import help.lixin.security.service.IWhiteListService;
import help.lixin.security.service.ResourceServerAuthorizationManager;
import help.lixin.security.service.ServerAccessDeniedCallback;
import help.lixin.security.service.ServerAuthenticationEntryPointCallback;
import help.lixin.security.service.impl.PathCustomizerService;
import java.security.KeyFactory;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.NimbusReactiveJwtDecoder;
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter;
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
import org.springframework.security.web.server.authorization.AuthorizationContext;
import org.springframework.security.web.server.authorization.ServerAccessDeniedHandler;
import reactor.core.publisher.Mono;

@Configuration
/* loaded from: input_file:help/lixin/security/config/ResourceServerBeansConfig.class */
public class ResourceServerBeansConfig {
    @ConditionalOnMissingBean
    @Bean
    public ReactiveAuthorizationManager<AuthorizationContext> resourceServerAuthorizationManager(IPermissionListService iPermissionListService, IPathCustomizerService iPathCustomizerService, IWhiteListService iWhiteListService) {
        return new ResourceServerAuthorizationManager(iPermissionListService, iPathCustomizerService, iWhiteListService);
    }

    @ConditionalOnMissingBean
    @Bean
    public ServerAuthenticationEntryPoint serverAuthenticationEntryPointCallback() {
        return new ServerAuthenticationEntryPointCallback();
    }

    @ConditionalOnMissingBean
    @Bean
    public ServerAccessDeniedHandler serverAccessDeniedCallback() {
        return new ServerAccessDeniedCallback();
    }

    @ConditionalOnMissingBean
    @Bean
    public IPathCustomizerService pathCustomizerService() {
        return new PathCustomizerService();
    }

    @ConditionalOnMissingBean(name = {"jwtAuthenticationConverter"})
    @Bean
    public Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter() {
        JwtGrantedAuthoritiesConverter jwtGrantedAuthoritiesConverter = new JwtGrantedAuthoritiesConverter();
        jwtGrantedAuthoritiesConverter.setAuthorityPrefix("");
        jwtGrantedAuthoritiesConverter.setAuthoritiesClaimName("authorities");
        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
        jwtAuthenticationConverter.setPrincipalClaimName("user_name");
        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwtGrantedAuthoritiesConverter);
        return new ReactiveJwtAuthenticationConverterAdapter(jwtAuthenticationConverter);
    }

    @ConditionalOnMissingBean
    @Bean
    public ReactiveJwtDecoder jwtDecoder(IPublicKeyService iPublicKeyService) throws Exception {
        return NimbusReactiveJwtDecoder.withPublicKey((RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(iPublicKeyService.getPublicKey())))).signatureAlgorithm(SignatureAlgorithm.RS256).build();
    }
}
