package org.hawaiiframework.security.oauth2.config;

import org.hawaiiframework.cache.Cache;
import org.hawaiiframework.security.oauth2.provider.token.HawaiiTokenServices;
import org.springframework.boot.autoconfigure.security.oauth2.resource.PrincipalExtractor;
import org.springframework.boot.autoconfigure.security.oauth2.resource.ResourceServerProperties;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Primary;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestOperations;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.jwk.JwkTokenStore;

@EnableResourceServer
@EnableWebSecurity
/* loaded from: input_file:org/hawaiiframework/security/oauth2/config/HawaiiResourceServerConfigurerAdapter.class */
public class HawaiiResourceServerConfigurerAdapter extends ResourceServerConfigurerAdapter {
    @Bean
    public TokenStore jwkTokenStore(ResourceServerProperties resourceServerProperties) {
        DefaultAccessTokenConverter defaultAccessTokenConverter = new DefaultAccessTokenConverter();
        defaultAccessTokenConverter.setUserTokenConverter(new DefaultUserAuthenticationConverter());
        return new JwkTokenStore(resolveJwkSetUri(resourceServerProperties.getJwk()), defaultAccessTokenConverter);
    }

    private String resolveJwkSetUri(ResourceServerProperties.Jwk jwk) {
        return jwk.getKeySetUri();
    }

    @Bean
    @Primary
    public OAuth2RestOperations oAuth2RestOperations(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, OAuth2ClientContext oAuth2ClientContext) {
        return new OAuth2RestTemplate(oAuth2ProtectedResourceDetails, oAuth2ClientContext);
    }

    @Bean
    public ResourceServerTokenServices resourceServerTokenServices(TokenStore tokenStore, OAuth2RestOperations oAuth2RestOperations, ResourceServerProperties resourceServerProperties, PrincipalExtractor principalExtractor, Cache<Authentication> cache) {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore);
        UserInfoTokenServices userInfoTokenServices = new UserInfoTokenServices(resourceServerProperties.getUserInfoUri(), resourceServerProperties.getClientId());
        userInfoTokenServices.setRestTemplate(oAuth2RestOperations);
        userInfoTokenServices.setTokenType(resourceServerProperties.getTokenType());
        userInfoTokenServices.setPrincipalExtractor(principalExtractor);
        return new HawaiiTokenServices(defaultTokenServices, userInfoTokenServices, cache);
    }
}
