package org.springframework.security.config.annotation.rsocket;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.core.ResolvableType;
import org.springframework.core.annotation.AnnotationAwareOrderComparator;
import org.springframework.messaging.rsocket.annotation.support.RSocketMessageHandler;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.authorization.AuthenticatedReactiveAuthorizationManager;
import org.springframework.security.authorization.AuthorityReactiveAuthorizationManager;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.security.config.Customizer;
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
import org.springframework.security.oauth2.server.resource.authentication.JwtReactiveAuthenticationManager;
import org.springframework.security.rsocket.api.PayloadInterceptor;
import org.springframework.security.rsocket.authentication.AnonymousPayloadInterceptor;
import org.springframework.security.rsocket.authentication.AuthenticationPayloadExchangeConverter;
import org.springframework.security.rsocket.authentication.AuthenticationPayloadInterceptor;
import org.springframework.security.rsocket.authentication.BearerPayloadExchangeConverter;
import org.springframework.security.rsocket.authorization.AuthorizationPayloadInterceptor;
import org.springframework.security.rsocket.authorization.PayloadExchangeMatcherReactiveAuthorizationManager;
import org.springframework.security.rsocket.core.PayloadSocketAcceptorInterceptor;
import org.springframework.security.rsocket.util.matcher.PayloadExchangeAuthorizationContext;
import org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcher;
import org.springframework.security.rsocket.util.matcher.PayloadExchangeMatcherEntry;
import org.springframework.security.rsocket.util.matcher.PayloadExchangeMatchers;
import org.springframework.security.rsocket.util.matcher.RoutePayloadExchangeMatcher;
import reactor.core.publisher.Mono;

/* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.2.8.jar:org/springframework/security/config/annotation/rsocket/RSocketSecurity.class */
public class RSocketSecurity {
    private List<PayloadInterceptor> payloadInterceptors = new ArrayList();
    private BasicAuthenticationSpec basicAuthSpec;
    private SimpleAuthenticationSpec simpleAuthSpec;
    private JwtSpec jwtSpec;
    private AuthorizePayloadsSpec authorizePayload;
    private ApplicationContext context;
    private ReactiveAuthenticationManager authenticationManager;

    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.2.8.jar:org/springframework/security/config/annotation/rsocket/RSocketSecurity$AuthorizePayloadsSpec.class */
    public class AuthorizePayloadsSpec {
        private PayloadExchangeMatcherReactiveAuthorizationManager.Builder authzBuilder = PayloadExchangeMatcherReactiveAuthorizationManager.builder();

        /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.2.8.jar:org/springframework/security/config/annotation/rsocket/RSocketSecurity$AuthorizePayloadsSpec$Access.class */
        public final class Access {
            private final PayloadExchangeMatcher matcher;

            private Access(PayloadExchangeMatcher payloadExchangeMatcher) {
                this.matcher = payloadExchangeMatcher;
            }

            public AuthorizePayloadsSpec authenticated() {
                return access(AuthenticatedReactiveAuthorizationManager.authenticated());
            }

            public AuthorizePayloadsSpec hasAuthority(String str) {
                return access(AuthorityReactiveAuthorizationManager.hasAuthority(str));
            }

            public AuthorizePayloadsSpec hasRole(String str) {
                return access(AuthorityReactiveAuthorizationManager.hasRole(str));
            }

            public AuthorizePayloadsSpec hasAnyRole(String... strArr) {
                return access(AuthorityReactiveAuthorizationManager.hasAnyRole(strArr));
            }

            public AuthorizePayloadsSpec permitAll() {
                return access((mono, payloadExchangeAuthorizationContext) -> {
                    return Mono.just(new AuthorizationDecision(true));
                });
            }

            public AuthorizePayloadsSpec hasAnyAuthority(String... strArr) {
                return access(AuthorityReactiveAuthorizationManager.hasAnyAuthority(strArr));
            }

            public AuthorizePayloadsSpec access(ReactiveAuthorizationManager<PayloadExchangeAuthorizationContext> reactiveAuthorizationManager) {
                AuthorizePayloadsSpec.this.authzBuilder.add(new PayloadExchangeMatcherEntry(this.matcher, reactiveAuthorizationManager));
                return AuthorizePayloadsSpec.this;
            }

            public AuthorizePayloadsSpec denyAll() {
                return access((mono, payloadExchangeAuthorizationContext) -> {
                    return Mono.just(new AuthorizationDecision(false));
                });
            }
        }

        public AuthorizePayloadsSpec() {
        }

        public Access setup() {
            return matcher(PayloadExchangeMatchers.setup());
        }

        public Access anyRequest() {
            return matcher(PayloadExchangeMatchers.anyRequest());
        }

        public Access anyExchange() {
            return matcher(PayloadExchangeMatchers.anyExchange());
        }

        protected AuthorizationPayloadInterceptor build() {
            AuthorizationPayloadInterceptor authorizationPayloadInterceptor = new AuthorizationPayloadInterceptor(this.authzBuilder.build());
            authorizationPayloadInterceptor.setOrder(PayloadInterceptorOrder.AUTHORIZATION.getOrder());
            return authorizationPayloadInterceptor;
        }

        public Access route(String str) {
            RSocketMessageHandler rSocketMessageHandler = (RSocketMessageHandler) RSocketSecurity.this.getBean(RSocketMessageHandler.class);
            return matcher(new RoutePayloadExchangeMatcher(rSocketMessageHandler.getMetadataExtractor(), rSocketMessageHandler.getRouteMatcher(), str));
        }

        public Access matcher(PayloadExchangeMatcher payloadExchangeMatcher) {
            return new Access(payloadExchangeMatcher);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.2.8.jar:org/springframework/security/config/annotation/rsocket/RSocketSecurity$BasicAuthenticationSpec.class */
    public final class BasicAuthenticationSpec {
        private ReactiveAuthenticationManager authenticationManager;

        private BasicAuthenticationSpec() {
        }

        public BasicAuthenticationSpec authenticationManager(ReactiveAuthenticationManager reactiveAuthenticationManager) {
            this.authenticationManager = reactiveAuthenticationManager;
            return this;
        }

        private ReactiveAuthenticationManager getAuthenticationManager() {
            return this.authenticationManager == null ? RSocketSecurity.this.authenticationManager : this.authenticationManager;
        }

        protected AuthenticationPayloadInterceptor build() {
            AuthenticationPayloadInterceptor authenticationPayloadInterceptor = new AuthenticationPayloadInterceptor(getAuthenticationManager());
            authenticationPayloadInterceptor.setOrder(PayloadInterceptorOrder.AUTHENTICATION.getOrder());
            return authenticationPayloadInterceptor;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.2.8.jar:org/springframework/security/config/annotation/rsocket/RSocketSecurity$JwtSpec.class */
    public final class JwtSpec {
        private ReactiveAuthenticationManager authenticationManager;

        private JwtSpec() {
        }

        public JwtSpec authenticationManager(ReactiveAuthenticationManager reactiveAuthenticationManager) {
            this.authenticationManager = reactiveAuthenticationManager;
            return this;
        }

        private ReactiveAuthenticationManager getAuthenticationManager() {
            if (this.authenticationManager != null) {
                return this.authenticationManager;
            }
            ReactiveJwtDecoder reactiveJwtDecoder = (ReactiveJwtDecoder) RSocketSecurity.this.getBeanOrNull(ReactiveJwtDecoder.class);
            if (reactiveJwtDecoder == null) {
                return RSocketSecurity.this.authenticationManager;
            }
            this.authenticationManager = new JwtReactiveAuthenticationManager(reactiveJwtDecoder);
            return this.authenticationManager;
        }

        protected List<AuthenticationPayloadInterceptor> build() {
            ReactiveAuthenticationManager authenticationManager = getAuthenticationManager();
            AuthenticationPayloadInterceptor authenticationPayloadInterceptor = new AuthenticationPayloadInterceptor(authenticationManager);
            authenticationPayloadInterceptor.setAuthenticationConverter(new BearerPayloadExchangeConverter());
            authenticationPayloadInterceptor.setOrder(PayloadInterceptorOrder.AUTHENTICATION.getOrder());
            AuthenticationPayloadInterceptor authenticationPayloadInterceptor2 = new AuthenticationPayloadInterceptor(authenticationManager);
            authenticationPayloadInterceptor2.setAuthenticationConverter(new AuthenticationPayloadExchangeConverter());
            authenticationPayloadInterceptor2.setOrder(PayloadInterceptorOrder.AUTHENTICATION.getOrder());
            return Arrays.asList(authenticationPayloadInterceptor2, authenticationPayloadInterceptor);
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.2.8.jar:org/springframework/security/config/annotation/rsocket/RSocketSecurity$SimpleAuthenticationSpec.class */
    public final class SimpleAuthenticationSpec {
        private ReactiveAuthenticationManager authenticationManager;

        private SimpleAuthenticationSpec() {
        }

        public SimpleAuthenticationSpec authenticationManager(ReactiveAuthenticationManager reactiveAuthenticationManager) {
            this.authenticationManager = reactiveAuthenticationManager;
            return this;
        }

        private ReactiveAuthenticationManager getAuthenticationManager() {
            return this.authenticationManager == null ? RSocketSecurity.this.authenticationManager : this.authenticationManager;
        }

        protected AuthenticationPayloadInterceptor build() {
            AuthenticationPayloadInterceptor authenticationPayloadInterceptor = new AuthenticationPayloadInterceptor(getAuthenticationManager());
            authenticationPayloadInterceptor.setAuthenticationConverter(new AuthenticationPayloadExchangeConverter());
            authenticationPayloadInterceptor.setOrder(PayloadInterceptorOrder.AUTHENTICATION.getOrder());
            return authenticationPayloadInterceptor;
        }
    }

    public RSocketSecurity addPayloadInterceptor(PayloadInterceptor payloadInterceptor) {
        this.payloadInterceptors.add(payloadInterceptor);
        return this;
    }

    public RSocketSecurity authenticationManager(ReactiveAuthenticationManager reactiveAuthenticationManager) {
        this.authenticationManager = reactiveAuthenticationManager;
        return this;
    }

    public RSocketSecurity simpleAuthentication(Customizer<SimpleAuthenticationSpec> customizer) {
        if (this.simpleAuthSpec == null) {
            this.simpleAuthSpec = new SimpleAuthenticationSpec();
        }
        customizer.customize(this.simpleAuthSpec);
        return this;
    }

    @Deprecated
    public RSocketSecurity basicAuthentication(Customizer<BasicAuthenticationSpec> customizer) {
        if (this.basicAuthSpec == null) {
            this.basicAuthSpec = new BasicAuthenticationSpec();
        }
        customizer.customize(this.basicAuthSpec);
        return this;
    }

    public RSocketSecurity jwt(Customizer<JwtSpec> customizer) {
        if (this.jwtSpec == null) {
            this.jwtSpec = new JwtSpec();
        }
        customizer.customize(this.jwtSpec);
        return this;
    }

    public RSocketSecurity authorizePayload(Customizer<AuthorizePayloadsSpec> customizer) {
        if (this.authorizePayload == null) {
            this.authorizePayload = new AuthorizePayloadsSpec();
        }
        customizer.customize(this.authorizePayload);
        return this;
    }

    public PayloadSocketAcceptorInterceptor build() {
        PayloadSocketAcceptorInterceptor payloadSocketAcceptorInterceptor = new PayloadSocketAcceptorInterceptor(payloadInterceptors());
        RSocketMessageHandler rSocketMessageHandler = (RSocketMessageHandler) getBean(RSocketMessageHandler.class);
        payloadSocketAcceptorInterceptor.setDefaultDataMimeType(rSocketMessageHandler.getDefaultDataMimeType());
        payloadSocketAcceptorInterceptor.setDefaultMetadataMimeType(rSocketMessageHandler.getDefaultMetadataMimeType());
        return payloadSocketAcceptorInterceptor;
    }

    private List<PayloadInterceptor> payloadInterceptors() {
        ArrayList arrayList = new ArrayList(this.payloadInterceptors);
        if (this.basicAuthSpec != null) {
            arrayList.add(this.basicAuthSpec.build());
        }
        if (this.simpleAuthSpec != null) {
            arrayList.add(this.simpleAuthSpec.build());
        }
        if (this.jwtSpec != null) {
            arrayList.addAll(this.jwtSpec.build());
        }
        arrayList.add(anonymous());
        if (this.authorizePayload != null) {
            arrayList.add(this.authorizePayload.build());
        }
        AnnotationAwareOrderComparator.sort(arrayList);
        return arrayList;
    }

    private AnonymousPayloadInterceptor anonymous() {
        AnonymousPayloadInterceptor anonymousPayloadInterceptor = new AnonymousPayloadInterceptor("anonymousUser");
        anonymousPayloadInterceptor.setOrder(PayloadInterceptorOrder.ANONYMOUS.getOrder());
        return anonymousPayloadInterceptor;
    }

    private <T> T getBean(Class<T> cls) {
        if (this.context == null) {
            return null;
        }
        return (T) this.context.getBean(cls);
    }

    private <T> T getBeanOrNull(Class<T> cls) {
        return (T) getBeanOrNull(ResolvableType.forClass(cls));
    }

    private <T> T getBeanOrNull(ResolvableType resolvableType) {
        if (this.context == null) {
            return null;
        }
        String[] beanNamesForType = this.context.getBeanNamesForType(resolvableType);
        if (beanNamesForType.length == 1) {
            return (T) this.context.getBean(beanNamesForType[0]);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.context = applicationContext;
    }
}
