package com.github.rexsheng.springboot.faster.system.oauth2.adapter;

import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.SecurityContext;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.UUID;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.http.MediaType;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.server.authorization.client.InMemoryRegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration.OAuth2AuthorizationServerConfiguration;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;

@Configuration
@EnableWebSecurity
/* loaded from: input_file:com/github/rexsheng/springboot/faster/system/oauth2/adapter/SecurityConfig.class */
public class SecurityConfig {
    @Bean
    @Order(1)
    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
        OAuth2AuthorizationServerConfigurer oAuth2AuthorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer();
        httpSecurity.apply(oAuth2AuthorizationServerConfigurer);
        oAuth2AuthorizationServerConfigurer.oidc(Customizer.withDefaults()).authorizationServerSettings(AuthorizationServerSettings.builder().build());
        httpSecurity.exceptionHandling(exceptionHandlingConfigurer -> {
            exceptionHandlingConfigurer.defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint("/login"), new MediaTypeRequestMatcher(new MediaType[]{MediaType.TEXT_HTML}));
        }).oauth2ResourceServer(oAuth2ResourceServerConfigurer -> {
            oAuth2ResourceServerConfigurer.jwt(Customizer.withDefaults());
        });
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Bean
    @Order(2)
    public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.anyRequest()).authenticated();
        }).formLogin(Customizer.withDefaults());
        return (SecurityFilterChain) httpSecurity.build();
    }

    @Bean
    public UserDetailsService userDetailsService() {
        return new InMemoryUserDetailsManager(new UserDetails[]{User.withDefaultPasswordEncoder().username("user").password("password").roles(new String[]{"USER"}).build()});
    }

    @Bean
    public RegisteredClientRepository registeredClientRepository() {
        return new InMemoryRegisteredClientRepository(new RegisteredClient[]{RegisteredClient.withId(UUID.randomUUID().toString()).clientId("messaging-client").clientSecret("{noop}secret").clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).redirectUri("http://127.0.0.1:8080/login/oauth2/code/messaging-client-oidc").redirectUri("http://127.0.0.1:8080/login/oauth2/code/felord-oidc").redirectUri("http://127.0.0.1:8080/authorized").redirectUri("http://127.0.0.1:8080/foo/bar").redirectUri("https://www.baidu.com").postLogoutRedirectUri("http://127.0.0.1:8080/").scope("openid").scope("profile").scope("message.read").clientSettings(ClientSettings.builder().requireAuthorizationConsent(true).build()).build()});
    }

    @Bean
    public JWKSource<SecurityContext> jwkSource() {
        KeyPair generateRsaKey = generateRsaKey();
        RSAPublicKey rSAPublicKey = (RSAPublicKey) generateRsaKey.getPublic();
        return new ImmutableJWKSet(new JWKSet(new RSAKey.Builder(rSAPublicKey).privateKey((RSAPrivateKey) generateRsaKey.getPrivate()).keyID(UUID.randomUUID().toString()).build()));
    }

    private static KeyPair generateRsaKey() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            return keyPairGenerator.generateKeyPair();
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    @Bean
    public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jWKSource) {
        return OAuth2AuthorizationServerConfiguration.jwtDecoder(jWKSource);
    }

    @Bean
    public AuthorizationServerSettings authorizationServerSettings() {
        return AuthorizationServerSettings.builder().build();
    }
}
