package help.lixin.security.config;

import help.lixin.security.service.IWhiteListService;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
import org.springframework.security.oauth2.server.resource.web.server.ServerBearerTokenAuthenticationConverter;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
import org.springframework.security.web.server.authorization.AuthorizationContext;
import org.springframework.security.web.server.authorization.ServerAccessDeniedHandler;
import reactor.core.publisher.Mono;

@Configuration
@EnableWebFluxSecurity
/* loaded from: input_file:help/lixin/security/config/ResourceServerConfig.class */
public class ResourceServerConfig {

    @Autowired
    private ReactiveAuthorizationManager<AuthorizationContext> resourceServerAuthorizationManager;

    @Autowired
    private ServerAuthenticationEntryPoint serverAuthenticationEntryPointCallback;

    @Autowired
    private ServerAccessDeniedHandler serverAccessDeniedCallback;

    @Autowired
    private Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtAuthenticationConverter;

    @Autowired
    private ReactiveJwtDecoder jwtDecoder;

    @Autowired
    private IWhiteListService whiteListService;

    @Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity serverHttpSecurity) throws NoSuchAlgorithmException, IOException, InvalidKeySpecException {
        Object[] array = this.whiteListService.whiteList().toArray();
        ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) serverHttpSecurity.oauth2ResourceServer().jwt().jwtAuthenticationConverter(this.jwtAuthenticationConverter).jwtDecoder(this.jwtDecoder).and().accessDeniedHandler(this.serverAccessDeniedCallback).authenticationEntryPoint(this.serverAuthenticationEntryPointCallback).bearerTokenConverter(new ServerBearerTokenAuthenticationConverter()).and().authorizeExchange().pathMatchers((String[]) Arrays.copyOf(array, array.length, String[].class))).permitAll().anyExchange().access(this.resourceServerAuthorizationManager).and().exceptionHandling().accessDeniedHandler(this.serverAccessDeniedCallback).authenticationEntryPoint(this.serverAuthenticationEntryPointCallback).and().csrf().disable();
        return serverHttpSecurity.build();
    }
}
