package org.lognet.springboot.grpc.security;

import io.grpc.Context;
import io.grpc.ServerInterceptor;
import java.util.Arrays;
import java.util.Collection;
import java.util.Optional;
import org.aopalliance.intercept.MethodInvocation;
import org.lognet.springboot.grpc.GRpcServicesRegistry;
import org.lognet.springboot.grpc.autoconfigure.GRpcServerProperties;
import org.lognet.springboot.grpc.security.GrpcServiceAuthorizationConfigurer;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.access.expression.method.ExpressionBasedAnnotationAttributeFactory;
import org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice;
import org.springframework.security.access.expression.method.ExpressionBasedPreInvocationAdvice;
import org.springframework.security.access.intercept.AfterInvocationManager;
import org.springframework.security.access.intercept.AfterInvocationProviderManager;
import org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource;
import org.springframework.security.access.prepost.PostInvocationAdviceProvider;
import org.springframework.security.access.prepost.PreInvocationAuthorizationAdviceVoter;
import org.springframework.security.access.prepost.PrePostAnnotationSecurityMetadataSource;
import org.springframework.security.access.vote.AffirmativeBased;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.SecurityBuilder;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetailsService;

/* loaded from: input_file:BOOT-INF/lib/grpc-spring-boot-starter-5.1.5.jar:org/lognet/springboot/grpc/security/GrpcSecurity.class */
public class GrpcSecurity extends AbstractConfiguredSecurityBuilder<ServerInterceptor, GrpcSecurity> implements SecurityBuilder<ServerInterceptor>, ApplicationContextAware {
    private ApplicationContext applicationContext;
    public static final Context.Key<Authentication> AUTHENTICATION_CONTEXT_KEY = Context.key("AUTHENTICATION");

    public GrpcSecurity(ObjectPostProcessor<Object> objectPostProcessor) {
        super(objectPostProcessor);
    }

    public GrpcServiceAuthorizationConfigurer.Registry authorizeRequests() throws Exception {
        return ((GrpcServiceAuthorizationConfigurer) getOrApply(new GrpcServiceAuthorizationConfigurer((GRpcServicesRegistry) this.applicationContext.getBean(GRpcServicesRegistry.class)))).getRegistry();
    }

    public GrpcSecurity userDetailsService(UserDetailsService userDetailsService) throws Exception {
        getAuthenticationRegistry().userDetailsService(userDetailsService);
        return this;
    }

    @Override // org.springframework.context.ApplicationContextAware
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
    }

    public ApplicationContext getApplicationContext() {
        return this.applicationContext;
    }

    public GrpcSecurity authenticationSchemeSelector(AuthenticationSchemeSelector authenticationSchemeSelector) {
        getAuthenticationSchemeService().register(authenticationSchemeSelector);
        return this;
    }

    public GrpcSecurity authenticationProvider(AuthenticationProvider authenticationProvider) {
        getAuthenticationRegistry().authenticationProvider(authenticationProvider);
        return this;
    }

    protected void beforeConfigure() throws Exception {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: performBuild, reason: merged with bridge method [inline-methods] */
    public ServerInterceptor m4025performBuild() throws Exception {
        GrpcSecurityMetadataSource grpcSecurityMetadataSource = (GrpcSecurityMetadataSource) getSharedObject(GrpcSecurityMetadataSource.class);
        DefaultMethodSecurityExpressionHandler defaultMethodSecurityExpressionHandler = new DefaultMethodSecurityExpressionHandler();
        defaultMethodSecurityExpressionHandler.setApplicationContext(getApplicationContext());
        SecurityInterceptor securityInterceptor = new SecurityInterceptor(new DelegatingMethodSecurityMetadataSource(Arrays.asList(grpcSecurityMetadataSource, new PrePostAnnotationSecurityMetadataSource(new ExpressionBasedAnnotationAttributeFactory(defaultMethodSecurityExpressionHandler)))), getAuthenticationSchemeService());
        securityInterceptor.setAfterInvocationManager(afterInvocationManager());
        securityInterceptor.setAuthenticationManager((AuthenticationManager) ((AuthenticationManagerBuilder) getSharedObject(AuthenticationManagerBuilder.class)).build());
        AccessDecisionVoter roleVoter = new RoleVoter();
        roleVoter.setRolePrefix("SCOPE_");
        ExpressionBasedPreInvocationAdvice expressionBasedPreInvocationAdvice = new ExpressionBasedPreInvocationAdvice();
        expressionBasedPreInvocationAdvice.setExpressionHandler(defaultMethodSecurityExpressionHandler);
        AffirmativeBased affirmativeBased = new AffirmativeBased(Arrays.asList(new RoleVoter(), roleVoter, new AuthenticatedAttributeVoter(), new PreInvocationAuthorizationAdviceVoter(expressionBasedPreInvocationAdvice) { // from class: org.lognet.springboot.grpc.security.GrpcSecurity.1
            public int vote(Authentication authentication, MethodInvocation methodInvocation, Collection<ConfigAttribute> collection) {
                if (null == methodInvocation.getArguments()) {
                    return 0;
                }
                return super.vote(authentication, methodInvocation, collection);
            }

            public /* bridge */ /* synthetic */ int vote(Authentication authentication, Object obj, Collection collection) {
                return vote(authentication, (MethodInvocation) obj, (Collection<ConfigAttribute>) collection);
            }
        }));
        affirmativeBased.setAllowIfAllAbstainDecisions(true);
        securityInterceptor.setAccessDecisionManager(affirmativeBased);
        securityInterceptor.setConfig((GRpcServerProperties.SecurityProperties.Auth) Optional.of((GRpcServerProperties) this.applicationContext.getBean(GRpcServerProperties.class)).map((v0) -> {
            return v0.getSecurity();
        }).map((v0) -> {
            return v0.getAuth();
        }).orElse(null));
        return securityInterceptor;
    }

    private <C extends SecurityConfigurerAdapter<ServerInterceptor, GrpcSecurity>> C getOrApply(C c) throws Exception {
        C configurer = getConfigurer(c.getClass());
        return configurer != null ? configurer : (C) apply(c);
    }

    private AuthenticationManagerBuilder getAuthenticationRegistry() {
        return (AuthenticationManagerBuilder) getSharedObject(AuthenticationManagerBuilder.class);
    }

    private AuthenticationSchemeService getAuthenticationSchemeService() {
        return (AuthenticationSchemeService) getSharedObject(AuthenticationSchemeService.class);
    }

    protected AfterInvocationManager afterInvocationManager() {
        AfterInvocationProviderManager afterInvocationProviderManager = new AfterInvocationProviderManager();
        afterInvocationProviderManager.setProviders(Arrays.asList(new PostInvocationAdviceProvider(new ExpressionBasedPostInvocationAdvice(new DefaultMethodSecurityExpressionHandler()))));
        afterInvocationProviderManager.afterPropertiesSet();
        return afterInvocationProviderManager;
    }
}
