package xin.yuki.auth.boot;

import java.util.Collections;
import javax.sql.DataSource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.oauth2.authserver.AuthorizationServerProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Primary;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.builders.JdbcClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.TokenGranter;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices;
import org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator;
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestValidator;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.util.Assert;
import xin.yuki.auth.server.service.impl.DynamicTokenEndpoint;
import xin.yuki.auth.server.service.impl.DynamicTokenGranter;

@EnableConfigurationProperties({AuthorizationServerProperties.class})
@EnableAuthorizationServer
/* loaded from: input_file:xin/yuki/auth/boot/AuthorizationSecurityConfiguration.class */
public class AuthorizationSecurityConfiguration extends AuthorizationServerConfigurerAdapter {
    private static final Logger log = LoggerFactory.getLogger(AuthorizationSecurityConfiguration.class);
    private static final String DEFAULT_FRONT_CLIENT = "auth-front";
    private static final String DEFAULT_AUTH_MANAGER_CLIENT = "auth-manager";
    private final AuthenticationManager authenticationManager;
    private final PasswordEncoder passwordEncoder;
    private final DataSource dataSource;
    private final ClientDetailsService clientDetailsService;
    private final AuthorizationServerProperties authorizationServerProperties;

    @Autowired
    public AuthorizationSecurityConfiguration(AuthenticationConfiguration authenticationConfiguration, DataSource dataSource, PasswordEncoder passwordEncoder, ClientDetailsService clientDetailsService, AuthorizationServerProperties authorizationServerProperties) throws Exception {
        this.authenticationManager = authenticationConfiguration.getAuthenticationManager();
        this.passwordEncoder = passwordEncoder;
        this.dataSource = dataSource;
        this.clientDetailsService = clientDetailsService;
        this.authorizationServerProperties = authorizationServerProperties;
    }

    public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
        JdbcClientDetailsServiceBuilder passwordEncoder = clientDetailsServiceConfigurer.jdbc(this.dataSource).passwordEncoder(this.passwordEncoder);
        ClientDetails clientDetails = null;
        try {
            clientDetails = this.clientDetailsService.loadClientByClientId(DEFAULT_FRONT_CLIENT);
        } catch (ClientRegistrationException e) {
            log.info("Initialize Front Client");
        }
        if (clientDetails == null) {
            passwordEncoder.withClient(DEFAULT_FRONT_CLIENT).secret(DEFAULT_FRONT_CLIENT).scopes(new String[]{"all"}).authorizedGrantTypes("password,client_credentials".split(",")).accessTokenValiditySeconds(7200).refreshTokenValiditySeconds(2592000);
        }
        try {
            clientDetails = this.clientDetailsService.loadClientByClientId(DEFAULT_AUTH_MANAGER_CLIENT);
        } catch (ClientRegistrationException e2) {
            log.info("Initialize Manager Client");
        }
        if (clientDetails == null) {
            passwordEncoder.withClient(DEFAULT_AUTH_MANAGER_CLIENT).secret(DEFAULT_AUTH_MANAGER_CLIENT).scopes(new String[]{"all"}).authorizedGrantTypes(new String[]{"client_credentials"}).accessTokenValiditySeconds(7200).refreshTokenValiditySeconds(2592000);
        }
        passwordEncoder.build();
    }

    public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) {
        authorizationServerEndpointsConfigurer.authenticationManager(this.authenticationManager);
        authorizationServerEndpointsConfigurer.tokenServices(jdbcTokenService());
    }

    public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) {
        authorizationServerSecurityConfigurer.allowFormAuthenticationForClients().tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()").passwordEncoder(this.passwordEncoder);
    }

    @Bean
    public AuthorizationServerTokenServices jdbcTokenService() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setAuthenticationManager(this.authenticationManager);
        defaultTokenServices.setClientDetailsService(this.clientDetailsService);
        defaultTokenServices.setTokenStore(jdbcTokenStore());
        return defaultTokenServices;
    }

    @Bean
    public AuthorizationServerTokenServices jwtTokenService() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setAuthenticationManager(this.authenticationManager);
        defaultTokenServices.setClientDetailsService(this.clientDetailsService);
        defaultTokenServices.setTokenStore(jwtTokenStore());
        defaultTokenServices.setTokenEnhancer(jwtAccessTokenConverter());
        return defaultTokenServices;
    }

    @Bean
    @Primary
    public JwtTokenStore jwtTokenStore() {
        return new JwtTokenStore(jwtAccessTokenConverter());
    }

    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter() {
        String keyValue = this.authorizationServerProperties.getJwt().getKeyValue();
        Assert.notNull(keyValue, "keyValue cannot be null");
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        if (!keyValue.startsWith("-----BEGIN")) {
            jwtAccessTokenConverter.setSigningKey(keyValue);
        }
        jwtAccessTokenConverter.setVerifierKey(keyValue);
        return jwtAccessTokenConverter;
    }

    @Bean
    public JdbcTokenStore jdbcTokenStore() {
        return new JdbcTokenStore(this.dataSource);
    }

    @Bean
    @Primary
    public DynamicTokenEndpoint tokenEndpoint(ApplicationContext applicationContext) {
        applicationContext.getAutowireCapableBeanFactory().removeBeanDefinition("tokenEndpoint");
        DynamicTokenEndpoint dynamicTokenEndpoint = new DynamicTokenEndpoint();
        dynamicTokenEndpoint.setClientDetailsService(this.clientDetailsService);
        dynamicTokenEndpoint.setProviderExceptionHandler(new DefaultWebResponseExceptionTranslator());
        dynamicTokenEndpoint.setTokenGranter(dynamicTokenGranter());
        dynamicTokenEndpoint.setOAuth2RequestFactory(new DefaultOAuth2RequestFactory(this.clientDetailsService));
        dynamicTokenEndpoint.setOAuth2RequestValidator(new DefaultOAuth2RequestValidator());
        dynamicTokenEndpoint.setAllowedRequestMethods(Collections.singleton(HttpMethod.POST));
        return dynamicTokenEndpoint;
    }

    @Bean
    public AuthorizationCodeServices authorizationCodeServices() {
        return new JdbcAuthorizationCodeServices(this.dataSource);
    }

    @Bean
    public TokenGranter dynamicTokenGranter() {
        return new DynamicTokenGranter(this.clientDetailsService, jwtTokenService(), jdbcTokenService(), authorizationCodeServices(), this.authenticationManager);
    }
}
