package org.egov.restapi.web.security.oauth2.config;

import java.io.IOException;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.codehaus.jackson.annotate.JsonAutoDetect;
import org.codehaus.jackson.annotate.JsonMethod;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.map.SerializationConfig;
import org.egov.infra.exception.ApplicationRuntimeException;
import org.egov.restapi.web.security.oauth2.entity.SecuredResource;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;

@EnableResourceServer
@Configuration
/* loaded from: input_file:WEB-INF/classes/org/egov/restapi/web/security/oauth2/config/ResourceServerConfiguration.class */
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {
    private static final Logger LOGGER = Logger.getLogger(ResourceServerConfiguration.class);
    private static final String APIS_CONFIG = "config/restapi-secured-apis-config.json";
    private static final String APIS_CONFIG_OVERRIDE = "config/restapi-secured-apis-config-override.json";
    private static final String RESOURCE_ID = "egov-restapi";

    public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) {
        resourceServerSecurityConfigurer.resourceId(RESOURCE_ID).stateless(false);
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.requestMatchers().and();
        configurePatterns(httpSecurity);
        httpSecurity.exceptionHandling().accessDeniedHandler(new OAuth2AccessDeniedHandler());
    }

    private void configurePatterns(HttpSecurity httpSecurity) throws Exception {
        getSecuredResourceFromResource().getResources().forEach(resourceDetail -> {
            try {
                ExpressionUrlAuthorizationConfigurer.AuthorizedUrl authorizedUrl = (ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers(new String[]{resourceDetail.getUrl()});
                if (StringUtils.isNotEmpty(resourceDetail.getRoles())) {
                    authorizedUrl.access(resourceDetail.getRoles());
                } else {
                    authorizedUrl.authenticated();
                }
            } catch (Exception e) {
                throw new ApplicationRuntimeException("Exception occured while configuring: ", e);
            }
        });
    }

    private SecuredResource getSecuredResourceFromResource() throws IOException {
        ObjectMapper objectMapper = new ObjectMapper();
        objectMapper.setVisibility(JsonMethod.FIELD, JsonAutoDetect.Visibility.ANY);
        objectMapper.configure(SerializationConfig.Feature.AUTO_DETECT_FIELDS, true);
        return (SecuredResource) objectMapper.readValue(getResourcesConfig().getInputStream(), SecuredResource.class);
    }

    private Resource getResourcesConfig() {
        Resource classPathResource = new ClassPathResource(APIS_CONFIG_OVERRIDE);
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Overridden config present:" + classPathResource.exists());
        }
        if (!classPathResource.exists()) {
            classPathResource = new ClassPathResource(APIS_CONFIG);
        }
        return classPathResource;
    }
}
