package com.ella.rest.configuration;

import com.ella.frame.cache.DistributedCache;
import com.ella.frame.common.constants.CommonConstants;
import com.ella.rest.exception.CustomOAuth2ExceptionRenderer;
import javax.servlet.Filter;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.netflix.zuul.filters.discovery.DiscoveryClientRouteLocator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
import org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
import org.springframework.web.filter.CorsFilter;

@EnableResourceServer
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:BOOT-INF/classes/com/ella/rest/configuration/ResourceServerConfiguration.class */
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    @Autowired
    RedisConnectionFactory connectionFactory;

    @Autowired
    private RequestHeadAuthorizationFilter requestHeadAuthorizationFilter;

    @Value("${spring.profiles.active}")
    private String profilesActive;

    @Value("${token.renewhour}")
    private Integer renewHour;

    @Value("${permit.urls}")
    private String[] permitAllUrls;

    @Autowired
    private DistributedCache cache;

    @Autowired
    private TokenStore tokenStore;

    @Bean
    public TokenStore tokenStore() {
        return new RedisTokenStore(this.connectionFactory);
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer
    public void configure(HttpSecurity httpSecurity) throws Exception {
        if (!StringUtils.equalsIgnoreCase(CommonConstants.PROFILES_ACTIVE_DEV, this.profilesActive) && !StringUtils.equalsIgnoreCase(CommonConstants.PROFILES_ACTIVE_TEST, this.profilesActive)) {
            ((HttpSecurity) ((HttpSecurity) httpSecurity.cors().disable()).csrf().disable()).requestMatchers().antMatchers(DiscoveryClientRouteLocator.DEFAULT_ROUTE).and().authorizeRequests().antMatchers(HttpMethod.OPTIONS, DiscoveryClientRouteLocator.DEFAULT_ROUTE).permitAll().antMatchers(HttpMethod.OPTIONS, DiscoveryClientRouteLocator.DEFAULT_ROUTE).permitAll().antMatchers("/en/pay_out/**").permitAll().antMatchers(HttpMethod.GET, DiscoveryClientRouteLocator.DEFAULT_ROUTE).access("#oauth2.hasScope('read')").antMatchers(HttpMethod.PATCH, DiscoveryClientRouteLocator.DEFAULT_ROUTE).access("#oauth2.hasScope('write')").antMatchers(HttpMethod.POST, DiscoveryClientRouteLocator.DEFAULT_ROUTE).access("#oauth2.hasScope('write')").antMatchers(HttpMethod.PUT, DiscoveryClientRouteLocator.DEFAULT_ROUTE).access("#oauth2.hasScope('write')").antMatchers(HttpMethod.DELETE, DiscoveryClientRouteLocator.DEFAULT_ROUTE).access("#oauth2.hasScope('write')");
            super.configure(httpSecurity);
        } else {
            ((HttpSecurity) ((HttpSecurity) httpSecurity.cors().disable()).csrf().disable()).requestMatchers().antMatchers(DiscoveryClientRouteLocator.DEFAULT_ROUTE).and().authorizeRequests().antMatchers(getDefaultPermitAllUrls()).permitAll().antMatchers(HttpMethod.OPTIONS, DiscoveryClientRouteLocator.DEFAULT_ROUTE).permitAll().antMatchers(HttpMethod.GET, DiscoveryClientRouteLocator.DEFAULT_ROUTE).access("#oauth2.hasScope('read')").antMatchers(HttpMethod.PATCH, DiscoveryClientRouteLocator.DEFAULT_ROUTE).access("#oauth2.hasScope('write')").antMatchers(HttpMethod.POST, DiscoveryClientRouteLocator.DEFAULT_ROUTE).access("#oauth2.hasScope('write')").antMatchers(HttpMethod.PUT, DiscoveryClientRouteLocator.DEFAULT_ROUTE).access("#oauth2.hasScope('write')").antMatchers(HttpMethod.DELETE, DiscoveryClientRouteLocator.DEFAULT_ROUTE).access("#oauth2.hasScope('write')");
            httpSecurity.addFilterBefore((Filter) this.requestHeadAuthorizationFilter, WebAsyncManagerIntegrationFilter.class);
            super.configure(httpSecurity);
        }
    }

    @Override // org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer
    public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) throws Exception {
        OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
        oAuth2AuthenticationEntryPoint.setExceptionRenderer(new CustomOAuth2ExceptionRenderer());
        resourceServerSecurityConfigurer.tokenStore(this.tokenStore).authenticationEntryPoint(oAuth2AuthenticationEntryPoint);
        CustomOAuth2AuthenticationManager customOAuth2AuthenticationManager = new CustomOAuth2AuthenticationManager();
        customOAuth2AuthenticationManager.setClientDetailsService(clientDetails());
        customOAuth2AuthenticationManager.setTokenServices(tokenServices());
        customOAuth2AuthenticationManager.setTokenStore(this.tokenStore);
        customOAuth2AuthenticationManager.setRenewHour(this.renewHour);
        customOAuth2AuthenticationManager.setDistributedCache(this.cache);
        resourceServerSecurityConfigurer.authenticationManager(customOAuth2AuthenticationManager);
    }

    private ResourceServerTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        defaultTokenServices.setClientDetailsService(clientDetails());
        return defaultTokenServices;
    }

    private CorsConfiguration buildConfig() {
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.addAllowedOrigin("*");
        corsConfiguration.addAllowedHeader("*");
        corsConfiguration.addAllowedMethod("*");
        return corsConfiguration;
    }

    private ClientDetailsService clientDetails() {
        return null;
    }

    @Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource urlBasedCorsConfigurationSource = new UrlBasedCorsConfigurationSource();
        urlBasedCorsConfigurationSource.registerCorsConfiguration(DiscoveryClientRouteLocator.DEFAULT_ROUTE, buildConfig());
        return new CorsFilter(urlBasedCorsConfigurationSource);
    }

    private String[] managementUrl() {
        return new String[0];
    }

    private String[] getFinalPermitAllUrls() {
        if (null != this.permitAllUrls && this.permitAllUrls.length >= 1) {
            return this.permitAllUrls;
        }
        this.permitAllUrls = getDefaultPermitAllUrls();
        return this.permitAllUrls;
    }

    private String[] getDefaultPermitAllUrls() {
        return new String[]{DiscoveryClientRouteLocator.DEFAULT_ROUTE};
    }
}
