package org.skr.security;

import java.util.HashSet;
import java.util.concurrent.Executor;
import java.util.concurrent.ForkJoinPool;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpMethod;
import org.springframework.security.concurrent.DelegatingSecurityContextExecutor;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.intercept.AuthorizationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Configuration
@ConditionalOnProperty(prefix = "spring.skr.security", name = {"app-enabled"}, havingValue = "true", matchIfMissing = true)
@Import({JwtAuthExceptionFilter.class})
/* loaded from: input_file:org/skr/security/SecurityConfiguration.class */
public class SecurityConfiguration {

    @Autowired
    private SkrSecurityProperties skrSecurityProperties;

    @Autowired
    private JwtAuthExceptionFilter jwtAuthExceptionFilter;

    @Bean
    public WebSecurityCustomizer skrWebSecurityCustomizer() {
        return webSecurity -> {
            webSecurity.ignoring().requestMatchers((String[]) new HashSet(this.skrSecurityProperties.getSkipUrls()).toArray(new String[0]));
        };
    }

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception {
        ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) httpSecurity.cors().and().csrf().disable().authorizeHttpRequests().requestMatchers((String[]) new HashSet(this.skrSecurityProperties.getSkipUrls()).toArray(new String[0]))).permitAll().anyRequest()).authenticated().and().addFilterBefore(new JwtAuthenticationFilter(this.skrSecurityProperties), AuthorizationFilter.class).addFilterBefore(this.jwtAuthExceptionFilter, JwtAuthenticationFilter.class).sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
        return (SecurityFilterChain) httpSecurity.build();
    }

    @ConditionalOnProperty(value = {"spring.skr.security.config-cors"}, havingValue = "true")
    @Bean
    CorsConfigurationSource corsConfigurationSource() {
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        CorsConfiguration applyPermitDefaultValues = new CorsConfiguration().applyPermitDefaultValues();
        applyPermitDefaultValues.addAllowedMethod(HttpMethod.PUT);
        applyPermitDefaultValues.addAllowedMethod(HttpMethod.DELETE);
        urlBasedCorsConfigurationSource.registerCorsConfiguration("/**", applyPermitDefaultValues);
        return urlBasedCorsConfigurationSource;
    }

    @Bean
    public Executor delegatingSecurityExecutor() {
        return new DelegatingSecurityContextExecutor(ForkJoinPool.commonPool());
    }
}
