package org.birchframework.security.oauth2;

import com.nimbusds.jose.shaded.json.JSONArray;
import java.util.Collection;
import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.spring.boot.autoconfigure.CxfAutoConfiguration;
import org.birchframework.configuration.BirchProperties;
import org.birchframework.framework.cxf.JAXRSUtils;
import org.springframework.beans.factory.config.BeanDefinitionCustomizer;
import org.springframework.boot.actuate.autoconfigure.security.reactive.ReactiveManagementWebSecurityAutoConfiguration;
import org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.support.GenericApplicationContext;
import org.springframework.security.authentication.AuthenticationEventPublisher;
import org.springframework.security.authentication.DefaultAuthenticationEventPublisher;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;
import org.springframework.security.web.SecurityFilterChain;

@EnableConfigurationProperties({BirchProperties.class})
@AutoConfigureBefore({SecurityAutoConfiguration.class, UserDetailsServiceAutoConfiguration.class})
@Configuration(proxyBeanMethods = false)
@EnableAutoConfiguration(exclude = {org.springframework.boot.autoconfigure.security.oauth2.resource.servlet.OAuth2ResourceServerAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class, ReactiveManagementWebSecurityAutoConfiguration.class})
@AutoConfigureAfter({CxfAutoConfiguration.class})
@ConditionalOnExpression("${birch.security.oauth2.enabled} and '${birch.security.oauth2.mode:STANDARD}'.toUpperCase() == 'STANDARD'  ")
/* loaded from: input_file:org/birchframework/security/oauth2/OAuth2ResourceServerAutoConfiguration.class */
public class OAuth2ResourceServerAutoConfiguration {
    private final BirchProperties properties;
    private final GenericApplicationContext context;

    @PostConstruct
    public void init() {
        this.properties.getSecurity().getOauth2().getRealms().entrySet().stream().filter(entry -> {
            return ((BirchProperties.IdPRealm) entry.getValue()).isEnabled();
        }).forEach(entry2 -> {
            this.context.registerBean(String.format("%s-%s", StringUtils.uncapitalize(OAuth2SecurityFilterChain.class.getSimpleName()), entry2.getKey()), SecurityFilterChain.class, () -> {
                return new OAuth2SecurityFilterChain((BirchProperties.IdPRealm) entry2.getValue(), this.properties.getSecurity().getUnsecureContextPaths());
            }, new BeanDefinitionCustomizer[0]);
        });
    }

    @ConditionalOnMissingBean({AuthenticationEventPublisher.class})
    @Bean
    DefaultAuthenticationEventPublisher authenticationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        return new DefaultAuthenticationEventPublisher(applicationEventPublisher);
    }

    @Bean
    BearerTokenResolver defaultBearerTokenResolver() {
        return new DefaultBearerTokenResolver();
    }

    @ConditionalOnMissingBean({GrantedAuthoritiesBuilder.class})
    @Bean
    GrantedAuthoritiesBuilder defaultGrantedAuthoritiesBuilder() {
        return (str, jwt) -> {
            return (Collection) ((JSONArray) jwt.getClaim(str)).stream().map(obj -> {
                return new SimpleGrantedAuthority((String) obj);
            }).collect(Collectors.toList());
        };
    }

    @ConditionalOnMissingBean({JAXRSUtils.class})
    @Bean
    JAXRSUtils jaxrsUtils(ApplicationContext applicationContext) {
        return new JAXRSUtils(applicationContext);
    }

    public OAuth2ResourceServerAutoConfiguration(BirchProperties birchProperties, GenericApplicationContext genericApplicationContext) {
        this.properties = birchProperties;
        this.context = genericApplicationContext;
    }
}
