package cn.springcloud.gray.server.configuration;

import cn.springcloud.gray.server.oauth2.DefaultTokenGranter;
import cn.springcloud.gray.server.oauth2.Oauth2Service;
import cn.springcloud.gray.server.resources.domain.ApiRes;
import cn.springcloud.gray.server.utils.WebHelper;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.ClassPathResource;
import org.springframework.http.HttpMethod;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.AccessDeniedHandler;

@ConditionalOnProperty(value = {"gray.server.security.oauth2.enabled"}, matchIfMissing = true)
@Configuration
/* loaded from: input_file:cn/springcloud/gray/server/configuration/OAuth2Config.class */
public class OAuth2Config {
    private static final Logger log = LoggerFactory.getLogger(OAuth2Config.class);

    @Configuration
    @EnableAuthorizationServer
    /* loaded from: input_file:cn/springcloud/gray/server/configuration/OAuth2Config$OAuth2Config2.class */
    public static class OAuth2Config2 extends AuthorizationServerConfigurerAdapter {

        @Autowired
        private AuthenticationManager authenticationManager;

        @Autowired
        private JwtTokenStore tokenStore;

        @Autowired
        private JwtAccessTokenConverter jwtAccessTokenConverter;

        public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
            clientDetailsServiceConfigurer.inMemory().withClient("gray-server").secret("V@JA-#i+6BkDhhq9").authorizedGrantTypes(new String[]{"client_credentials", "refresh_token", DefaultTokenGranter.GRANT_TYPE}).accessTokenValiditySeconds(2592000).refreshTokenValiditySeconds(5184000);
        }

        public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) throws Exception {
            authorizationServerSecurityConfigurer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
        }

        public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) throws Exception {
            authorizationServerEndpointsConfigurer.tokenStore(this.tokenStore).tokenEnhancer(this.jwtAccessTokenConverter).authenticationManager(this.authenticationManager);
            authorizationServerEndpointsConfigurer.exceptionTranslator((WebResponseExceptionTranslator) null);
        }
    }

    @EnableResourceServer
    @Configuration
    /* loaded from: input_file:cn/springcloud/gray/server/configuration/OAuth2Config$ResourceServerConfiguration.class */
    public static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

        @Autowired
        private TokenStore tokenStore;

        public void configure(HttpSecurity httpSecurity) throws Exception {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.formLogin().and().authorizeRequests().antMatchers(new String[]{"/gray/user/login"})).permitAll().antMatchers(new String[]{"/gray/user/login"})).permitAll().antMatchers(new String[]{"/gray/instances/enable"})).permitAll().antMatchers(new String[]{"/gray/instances"})).permitAll().antMatchers(new String[]{"/gray/trackDefinitions"})).permitAll().antMatchers(HttpMethod.OPTIONS, new String[]{"/gray/**"})).permitAll().antMatchers(new String[]{"/gray/service/**"})).authenticated().antMatchers(new String[]{"/gray/policy/**"})).authenticated().antMatchers(new String[]{"/gray/decision/**"})).authenticated().antMatchers(new String[]{"/gray/discover/**"})).authenticated().antMatchers(new String[]{"/gray/track/**"})).authenticated().anyRequest()).permitAll().and().csrf().disable();
        }

        public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) throws Exception {
            resourceServerSecurityConfigurer.authenticationEntryPoint(new AuthenticationEntryPoint() { // from class: cn.springcloud.gray.server.configuration.OAuth2Config.ResourceServerConfiguration.2
                public void commence(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException {
                    OAuth2Config.log.debug("path:{} -> {}", httpServletRequest.getServletPath(), authenticationException.getMessage());
                    httpServletResponse.setContentType("application/json");
                    httpServletResponse.setStatus(401);
                    WebHelper.response(httpServletResponse, ApiRes.builder().code(String.valueOf(401)).message("无权访问").build());
                }
            }).accessDeniedHandler(new AccessDeniedHandler() { // from class: cn.springcloud.gray.server.configuration.OAuth2Config.ResourceServerConfiguration.1
                public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException accessDeniedException) throws IOException {
                    OAuth2Config.log.debug("path:{} -> {}", httpServletRequest.getServletPath(), accessDeniedException.getMessage());
                    httpServletResponse.setContentType("application/json");
                    httpServletResponse.setStatus(400);
                    WebHelper.response(httpServletResponse, ApiRes.builder().code(String.valueOf(400)).message("无权访问").build());
                }
            });
        }
    }

    @Bean
    public JwtTokenStore tokenStore() {
        return new JwtTokenStore(jwtAccessTokenConverter());
    }

    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        jwtAccessTokenConverter.setKeyPair(new KeyStoreKeyFactory(new ClassPathResource("keystore.jks"), "password".toCharArray()).getKeyPair("selfsigned"));
        return jwtAccessTokenConverter;
    }

    @Bean
    public OAuth2RequestFactory requestFactory(ClientDetailsService clientDetailsService) {
        return new DefaultOAuth2RequestFactory(clientDetailsService);
    }

    @Bean
    public RefreshTokenGranter refreshTokenGranter(AuthorizationServerTokenServices authorizationServerTokenServices, ClientDetailsService clientDetailsService, OAuth2RequestFactory oAuth2RequestFactory) {
        return new RefreshTokenGranter(authorizationServerTokenServices, clientDetailsService, oAuth2RequestFactory);
    }

    @Bean
    public DefaultTokenGranter defaultTokenGranter(AuthorizationServerTokenServices authorizationServerTokenServices, ClientDetailsService clientDetailsService, OAuth2RequestFactory oAuth2RequestFactory) {
        return new DefaultTokenGranter(authorizationServerTokenServices, clientDetailsService, oAuth2RequestFactory);
    }

    @Bean
    public Oauth2Service oauth2Service(ClientDetailsService clientDetailsService, OAuth2RequestFactory oAuth2RequestFactory, DefaultTokenGranter defaultTokenGranter) {
        return new Oauth2Service(clientDetailsService, oAuth2RequestFactory, defaultTokenGranter);
    }
}
