package org.shoulder.autoconfigure.security.token;

import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import java.security.KeyPair;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Nullable;
import javax.sql.DataSource;
import org.shoulder.autoconfigure.condition.ConditionalOnAuthType;
import org.shoulder.autoconfigure.security.AuthenticationHandlerConfig;
import org.shoulder.core.log.LoggerFactory;
import org.shoulder.crypto.asymmetric.exception.KeyPairException;
import org.shoulder.crypto.asymmetric.impl.DefaultAsymmetricCipher;
import org.shoulder.crypto.asymmetric.store.KeyPairCache;
import org.shoulder.security.SecurityConst;
import org.shoulder.security.authentication.AuthenticationType;
import org.shoulder.security.authentication.BeforeAuthEndpoint;
import org.shoulder.security.authentication.handler.json.BasicAuthorizationTokenAuthenticationSuccessHandler;
import org.shoulder.security.authentication.token.SimpleTokenIntrospector;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.UserAuthenticationConverter;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
import org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

@AutoConfigureBefore({AuthenticationHandlerConfig.class})
@EnableConfigurationProperties({TokenProperties.class})
@Configuration(proxyBeanMethods = false)
@ConditionalOnClass({SecurityConst.class})
@ConditionalOnAuthType(type = AuthenticationType.TOKEN)
/* loaded from: input_file:org/shoulder/autoconfigure/security/token/TokenAuthBeanConfiguration.class */
public class TokenAuthBeanConfiguration {

    @ConditionalOnMissingBean({TokenStore.class})
    @Configuration(proxyBeanMethods = false)
    /* loaded from: input_file:org/shoulder/autoconfigure/security/token/TokenAuthBeanConfiguration$TokenStoreConfig.class */
    public static class TokenStoreConfig {

        @ConditionalOnMissingBean({TokenStore.class})
        @Configuration(proxyBeanMethods = false)
        @ConditionalOnProperty(prefix = "shoulder.security.token", name = {"store"}, havingValue = "memory", matchIfMissing = true)
        /* loaded from: input_file:org/shoulder/autoconfigure/security/token/TokenAuthBeanConfiguration$TokenStoreConfig$InMemoryTokenStoreConfig.class */
        public static class InMemoryTokenStoreConfig {
            @Bean
            public TokenStore inMemoryTokenStore() {
                return new InMemoryTokenStore();
            }
        }

        @ConditionalOnMissingBean({TokenStore.class})
        @Configuration(proxyBeanMethods = false)
        @ConditionalOnProperty(prefix = "shoulder.security.token", name = {"store"}, havingValue = "jdbc")
        /* loaded from: input_file:org/shoulder/autoconfigure/security/token/TokenAuthBeanConfiguration$TokenStoreConfig$JdbcTokenStoreConfig.class */
        public static class JdbcTokenStoreConfig {
            @Bean
            public TokenStore jdbcTokenStore(DataSource dataSource) {
                return new JdbcTokenStore(dataSource);
            }
        }

        @ConditionalOnMissingBean({TokenStore.class})
        @Configuration(proxyBeanMethods = false)
        @ConditionalOnProperty(prefix = "shoulder.security.token", name = {"store"}, havingValue = "jwt", matchIfMissing = true)
        /* loaded from: input_file:org/shoulder/autoconfigure/security/token/TokenAuthBeanConfiguration$TokenStoreConfig$JwtTokenStoreConfig.class */
        public static class JwtTokenStoreConfig {
            @Bean
            public TokenStore jwtTokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) {
                return new JwtTokenStore(jwtAccessTokenConverter);
            }

            @ConditionalOnMissingBean
            @Bean
            public JwtAccessTokenConverter accessTokenConverter(KeyPair keyPair, @Nullable UserAuthenticationConverter userAuthenticationConverter) {
                JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
                jwtAccessTokenConverter.setKeyPair(keyPair);
                DefaultAccessTokenConverter defaultAccessTokenConverter = new DefaultAccessTokenConverter();
                if (userAuthenticationConverter != null) {
                    defaultAccessTokenConverter.setUserTokenConverter(userAuthenticationConverter);
                }
                jwtAccessTokenConverter.setAccessTokenConverter(defaultAccessTokenConverter);
                return jwtAccessTokenConverter;
            }

            @ConditionalOnMissingBean
            @Bean
            public KeyPair keyPair(List<String> list, KeyPairCache keyPairCache) throws KeyPairException {
                List of = List.of("jwk");
                DefaultAsymmetricCipher rsa2048 = DefaultAsymmetricCipher.rsa2048(keyPairCache);
                DefaultAsymmetricCipher.rsa2048(keyPairCache).buildKeyPair((String) of.get(0));
                return rsa2048.getKeyPair((String) of.get(0));
            }

            @ConditionalOnMissingBean
            @Bean
            public JWKSet jwkSet(List<String> list, KeyPairCache keyPairCache) throws KeyPairException {
                List<String> of = List.of("jwk");
                DefaultAsymmetricCipher rsa2048 = DefaultAsymmetricCipher.rsa2048(keyPairCache);
                ArrayList arrayList = new ArrayList(of.size());
                for (String str : of) {
                    rsa2048.buildKeyPair(str);
                    arrayList.add(new RSAKey.Builder((RSAPublicKey) rsa2048.getKeyPair(str).getPublic()).build());
                }
                return new JWKSet(arrayList);
            }
        }

        @ConditionalOnMissingBean({TokenStore.class})
        @Configuration(proxyBeanMethods = false)
        @ConditionalOnProperty(prefix = "shoulder.security.token", name = {"store"}, havingValue = "redis")
        /* loaded from: input_file:org/shoulder/autoconfigure/security/token/TokenAuthBeanConfiguration$TokenStoreConfig$RedisTokenStoreConfig.class */
        public static class RedisTokenStoreConfig {
            @Bean
            public TokenStore redisTokenStore(RedisConnectionFactory redisConnectionFactory) {
                return new RedisTokenStore(redisConnectionFactory);
            }
        }
    }

    @ConditionalOnProperty(value = {"shoulder.security.auth.browser.default-endpoint.enable"}, havingValue = "true", matchIfMissing = true)
    public BeforeAuthEndpoint beforeAuthEndpoint() {
        return new BeforeAuthEndpoint((String) null);
    }

    @ConditionalOnMissingBean
    @Bean
    public AuthenticationSuccessHandler tokenAuthenticationSuccessHandler(ClientDetailsService clientDetailsService, AuthorizationServerTokenServices authorizationServerTokenServices) {
        return new BasicAuthorizationTokenAuthenticationSuccessHandler(clientDetailsService, authorizationServerTokenServices);
    }

    @ConditionalOnMissingBean
    @Bean
    public DefaultTokenServices defaultTokenServices(TokenStore tokenStore) {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore);
        return defaultTokenServices;
    }

    @ConditionalOnMissingBean
    @Bean
    public OpaqueTokenAuthenticationProvider opaqueTokenAuthenticationProvider(OpaqueTokenIntrospector opaqueTokenIntrospector) {
        return new OpaqueTokenAuthenticationProvider(opaqueTokenIntrospector);
    }

    @ConditionalOnMissingBean
    @Bean
    public SimpleTokenIntrospector simpleTokenIntrospector(ResourceServerTokenServices resourceServerTokenServices, ClientDetailsService clientDetailsService) {
        LoggerFactory.getLogger(getClass()).warn("use SimpleTokenIntrospector, recommend inject a customized OpaqueTokenIntrospector");
        return new SimpleTokenIntrospector(resourceServerTokenServices, clientDetailsService);
    }
}
