package org.minbox.framework.on.security.authorization.server.oauth2.config.configuration;

import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.SecurityContext;
import java.util.Arrays;
import org.minbox.framework.on.security.authorization.server.jose.Jwks;
import org.minbox.framework.on.security.authorization.server.oauth2.authentication.OnSecurityDefaultAuthenticationFailureHandler;
import org.minbox.framework.on.security.authorization.server.oauth2.authentication.token.OnSecurityDelegatingOAuth2TokenGenerator;
import org.minbox.framework.on.security.authorization.server.oauth2.authentication.token.customizer.OnSecurityIdentityProviderIdTokenCustomizer;
import org.minbox.framework.on.security.authorization.server.oauth2.authentication.token.customizer.OnSecurityUserAuthorizeAttributeJwtClaimsCustomizer;
import org.minbox.framework.on.security.authorization.server.oauth2.authentication.token.customizer.OnSecurityUserBindGroupJwtClaimsCustomizer;
import org.minbox.framework.on.security.authorization.server.oauth2.config.configurers.OnSecurityOAuth2AuthorizationServerConfigurer;
import org.springframework.beans.factory.NoUniqueBeanDefinitionException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.core.ResolvableType;
import org.springframework.core.annotation.Order;
import org.springframework.jdbc.core.JdbcOperations;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenClaimsContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.util.matcher.RequestMatcher;

@Configuration
@Import({OnSecurityAuthorizationServerRegistrar.class})
/* loaded from: input_file:org/minbox/framework/on/security/authorization/server/oauth2/config/configuration/OnSecurityOAuth2AuthorizationServerConfiguration.class */
public class OnSecurityOAuth2AuthorizationServerConfiguration {
    private static final String DEFAULT_LOGIN_URL = "/login";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/minbox/framework/on/security/authorization/server/oauth2/config/configuration/OnSecurityOAuth2AuthorizationServerConfiguration$OnSecurityAuthorizationServerSettingsBuilder.class */
    public static class OnSecurityAuthorizationServerSettingsBuilder {
        private static final String ON_SECURITY_PREFIX = "/on-security";
        private static final String ON_SECURITY_TOKEN_ENDPOINT = "/on-security/token";
        private static final String ON_SECURITY_AUTHORIZE_ENDPOINT = "/on-security/authorize";
        private static final String ON_SECURITY_JWKS_ENDPOINT = "/on-security/jwks";
        private static final String ON_SECURITY_REVOKE_ENDPOINT = "/on-security/revoke";
        private static final String ON_SECURITY_INTROSPECT_ENDPOINT = "/on-security/introspect";
        private static final String ON_SECURITY_OIDC_CONNECT_REGISTER_ENDPOINT = "/on-security/connect/register";
        private static final String ON_SECURITY_OIDC_USERINFO_ENDPOINT = "/on-security/userinfo";

        private OnSecurityAuthorizationServerSettingsBuilder() {
        }

        public static AuthorizationServerSettings build() {
            return AuthorizationServerSettings.builder().tokenEndpoint(ON_SECURITY_TOKEN_ENDPOINT).authorizationEndpoint(ON_SECURITY_AUTHORIZE_ENDPOINT).jwkSetEndpoint(ON_SECURITY_JWKS_ENDPOINT).tokenRevocationEndpoint(ON_SECURITY_REVOKE_ENDPOINT).tokenIntrospectionEndpoint(ON_SECURITY_INTROSPECT_ENDPOINT).oidcClientRegistrationEndpoint(ON_SECURITY_OIDC_CONNECT_REGISTER_ENDPOINT).oidcUserInfoEndpoint(ON_SECURITY_OIDC_USERINFO_ENDPOINT).build();
        }
    }

    @Bean
    @Order(Integer.MIN_VALUE)
    public SecurityFilterChain onSecurityAuthorizationServerSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
        defaultOnSecurityAuthorizationServer(httpSecurity);
        return (SecurityFilterChain) httpSecurity.build();
    }

    protected void defaultOnSecurityAuthorizationServer(HttpSecurity httpSecurity) throws Exception {
        OnSecurityOAuth2AuthorizationServerConfigurer onSecurityOAuth2AuthorizationServerConfigurer = new OnSecurityOAuth2AuthorizationServerConfigurer();
        OnSecurityDefaultAuthenticationFailureHandler onSecurityDefaultAuthenticationFailureHandler = new OnSecurityDefaultAuthenticationFailureHandler();
        onSecurityOAuth2AuthorizationServerConfigurer.authorizationEndpoint(oAuth2AuthorizationEndpointConfigurer -> {
            oAuth2AuthorizationEndpointConfigurer.errorResponseHandler(onSecurityDefaultAuthenticationFailureHandler);
        }).tokenEndpoint(oAuth2TokenEndpointConfigurer -> {
            oAuth2TokenEndpointConfigurer.errorResponseHandler(onSecurityDefaultAuthenticationFailureHandler);
        }).tokenIntrospectionEndpoint(oAuth2TokenIntrospectionEndpointConfigurer -> {
            oAuth2TokenIntrospectionEndpointConfigurer.errorResponseHandler(onSecurityDefaultAuthenticationFailureHandler);
        }).tokenRevocationEndpoint(oAuth2TokenRevocationEndpointConfigurer -> {
            oAuth2TokenRevocationEndpointConfigurer.errorResponseHandler(onSecurityDefaultAuthenticationFailureHandler);
        }).clientAuthentication(oAuth2ClientAuthenticationConfigurer -> {
            oAuth2ClientAuthenticationConfigurer.errorResponseHandler(onSecurityDefaultAuthenticationFailureHandler);
        }).oidc(Customizer.withDefaults());
        RequestMatcher endpointsMatcher = onSecurityOAuth2AuthorizationServerConfigurer.getEndpointsMatcher();
        httpSecurity.requestMatcher(endpointsMatcher).authorizeRequests(expressionInterceptUrlRegistry -> {
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) expressionInterceptUrlRegistry.anyRequest()).authenticated();
        }).csrf(csrfConfigurer -> {
            csrfConfigurer.ignoringRequestMatchers(new RequestMatcher[]{endpointsMatcher});
        }).apply(onSecurityOAuth2AuthorizationServerConfigurer).and().exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint(DEFAULT_LOGIN_URL));
        }).oauth2ResourceServer((v0) -> {
            v0.jwt();
        });
    }

    @Bean
    public OAuth2TokenGenerator onSecurityTokenGenerator(JWKSource<SecurityContext> jWKSource, ApplicationContext applicationContext) {
        OnSecurityDelegatingOAuth2TokenGenerator.Builder withJWKSource = OnSecurityDelegatingOAuth2TokenGenerator.withJWKSource(jWKSource);
        OAuth2TokenCustomizer<OAuth2TokenClaimsContext> accessTokenCustomizer = getAccessTokenCustomizer(applicationContext);
        if (accessTokenCustomizer != null) {
            withJWKSource.setAccessTokenCustomizer(accessTokenCustomizer);
        }
        JdbcOperations jdbcOperations = (JdbcOperations) applicationContext.getBean(JdbcOperations.class);
        withJWKSource.setJwtCustomizers(Arrays.asList(new OnSecurityIdentityProviderIdTokenCustomizer(), new OnSecurityUserAuthorizeAttributeJwtClaimsCustomizer(jdbcOperations), new OnSecurityUserBindGroupJwtClaimsCustomizer(jdbcOperations)));
        return withJWKSource.build();
    }

    @Bean
    public JWKSource<SecurityContext> jwkSource() {
        return defaultJwkSource();
    }

    protected JWKSource<SecurityContext> defaultJwkSource() {
        JWKSet jWKSet = new JWKSet(Jwks.generateRsa());
        return (jWKSelector, securityContext) -> {
            return jWKSelector.select(jWKSet);
        };
    }

    @Bean
    public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jWKSource) {
        return defaultJwtDecoder(jWKSource);
    }

    protected JwtDecoder defaultJwtDecoder(JWKSource<SecurityContext> jWKSource) {
        return OAuth2AuthorizationServerConfiguration.jwtDecoder(jWKSource);
    }

    @Bean
    public AuthorizationServerSettings authorizationServerSettings() {
        return defaultAuthorizationServerSettings();
    }

    protected AuthorizationServerSettings defaultAuthorizationServerSettings() {
        return OnSecurityAuthorizationServerSettingsBuilder.build();
    }

    private OAuth2TokenCustomizer<OAuth2TokenClaimsContext> getAccessTokenCustomizer(ApplicationContext applicationContext) {
        return (OAuth2TokenCustomizer) getOptionalBean(applicationContext, ResolvableType.forClassWithGenerics(OAuth2TokenCustomizer.class, new Class[]{OAuth2TokenClaimsContext.class}));
    }

    private <T> T getOptionalBean(ApplicationContext applicationContext, ResolvableType resolvableType) {
        String[] beanNamesForType = applicationContext.getBeanNamesForType(resolvableType);
        if (beanNamesForType.length > 1) {
            throw new NoUniqueBeanDefinitionException(resolvableType, beanNamesForType);
        }
        if (beanNamesForType.length == 1) {
            return (T) applicationContext.getBean(beanNamesForType[0]);
        }
        return null;
    }
}
