package io.soffa.adapters.spring.security;

import io.soffa.core.security.PasswordEncoder;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.server.SecurityWebFilterChain;
import org.springframework.security.web.server.context.ServerSecurityContextRepository;
import reactor.core.publisher.Mono;

@Configuration
@ConditionalOnBean({ReactiveAuthenticationManager.class, ServerSecurityContextRepository.class})
/* loaded from: input_file:io/soffa/adapters/spring/security/SecurityBeansFactory.class */
public class SecurityBeansFactory {

    @Autowired
    private ReactiveAuthenticationManager authenticationManager;

    @Autowired
    private ServerSecurityContextRepository securityContextRepository;

    @Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity serverHttpSecurity) {
        return ((ServerHttpSecurity.AuthorizeExchangeSpec.Access) serverHttpSecurity.cors().disable().exceptionHandling().authenticationEntryPoint((serverWebExchange, authenticationException) -> {
            return Mono.from(subscriber -> {
                serverWebExchange.getResponse().setStatusCode(HttpStatus.UNAUTHORIZED);
            });
        }).accessDeniedHandler((serverWebExchange2, accessDeniedException) -> {
            return Mono.from(subscriber -> {
                serverWebExchange2.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
            });
        }).and().csrf().disable().authenticationManager(this.authenticationManager).securityContextRepository(this.securityContextRepository).authorizeExchange().pathMatchers(new String[]{"/api/**"})).authenticated().anyExchange().permitAll().and().build();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        final BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
        return new PasswordEncoder() { // from class: io.soffa.adapters.spring.security.SecurityBeansFactory.1
            public String encode(CharSequence charSequence) {
                return bCryptPasswordEncoder.encode(charSequence);
            }

            public Boolean matches(CharSequence charSequence, String str) {
                return Boolean.valueOf(bCryptPasswordEncoder.matches(charSequence, str));
            }
        };
    }
}
