package leap.oauth2.as;

import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import leap.core.AppConfig;
import leap.core.AppConfigException;
import leap.core.annotation.ConfigProperty;
import leap.core.annotation.Configurable;
import leap.core.annotation.Inject;
import leap.core.ds.DataSourceManager;
import leap.core.schedule.SchedulerManager;
import leap.core.security.token.jwt.JwtVerifier;
import leap.core.security.token.jwt.RsaVerifier;
import leap.core.store.JdbcStore;
import leap.lang.Args;
import leap.lang.Strings;
import leap.lang.Try;
import leap.lang.security.RSA;
import leap.oauth2.as.client.AuthzClientStore;
import leap.oauth2.as.code.AuthzCodeStore;
import leap.oauth2.as.sso.AuthzSSOStore;
import leap.oauth2.as.store.AuthzInMemoryStore;
import leap.oauth2.as.token.AuthzTokenStore;
import leap.web.App;
import leap.web.AppInitializable;
import leap.web.security.SecurityConfigurator;

@Configurable(prefix = "oauth2.as")
/* loaded from: input_file:leap/oauth2/as/DefaultOAuth2AuthzServerConfig.class */
public class DefaultOAuth2AuthzServerConfig implements OAuth2AuthzServerConfig, OAuth2AuthzServerConfigurator, AppInitializable {

    @Inject
    protected AppConfig appConfig;

    @Inject
    protected SecurityConfigurator sc;

    @Inject
    protected DataSourceManager dsm;

    @Inject
    protected AuthzInMemoryStore inMemoryStore;

    @Inject
    protected AuthzClientStore clientStore;

    @Inject
    protected AuthzCodeStore codeStore;

    @Inject
    protected AuthzTokenStore tokenStore;

    @Inject
    protected AuthzSSOStore ssoStore;

    @Inject
    protected SchedulerManager schedulerManager;

    @Inject(name = "jdbc")
    protected AuthzClientStore jdbcClientStore;

    @Inject(name = "jdbc")
    protected AuthzCodeStore jdbcCodeStore;

    @Inject(name = "jdbc")
    protected AuthzTokenStore jdbcTokenStore;

    @Inject(name = "jdbc")
    protected AuthzSSOStore jdbcSSOStore;
    protected boolean enabled = false;
    protected boolean httpsOnly = true;
    protected boolean cleanupEnabled = true;
    protected int cleanupInterval = 300;
    protected boolean singleLoginEnabled = true;
    protected boolean singleLogoutEnabled = true;
    protected boolean passwordCredentialsEnabled = true;
    protected boolean loginTokenEnabled = true;
    protected boolean userInfoEnabled = true;
    protected boolean authorizationCodeEnabled = true;
    protected boolean implicitGrantEnabled = true;
    protected boolean clientCredentialsEnabled = true;
    protected boolean tokenClientEnabled = true;
    protected boolean requestLevelScopeEnabled = false;
    protected String tokenEndpointPath = OAuth2AuthzServerConfigurator.DEFAULT_TOKEN_ENDPOINT_PATH;
    protected String authzEndpointPath = OAuth2AuthzServerConfigurator.DEFAULT_AUTHZ_ENDPOINT_PATH;
    protected String tokenInfoEndpointPath = OAuth2AuthzServerConfigurator.DEFAULT_TOKENINFO_ENDPOINT_PATH;
    protected String userInfoEndpointPath = OAuth2AuthzServerConfigurator.DEFAULT_USERINFO_ENDPOINT_PATH;
    protected String logoutEndpointPath = "/oauth2/logout";
    protected String errorView = OAuth2AuthzServerConfigurator.DEFAULT_ERROR_VIEW;
    protected String loginView = OAuth2AuthzServerConfigurator.DEFAULT_LOGIN_VIEW;
    protected String logoutView = "/oauth2/logout";
    protected int defaultAccessTokenExpires = OAuth2AuthzServerConfigurator.DEFAULT_ACCESS_TOKEN_EXPIRES;
    protected int defaultRefreshTokenExpires = OAuth2AuthzServerConfigurator.DEFAULT_REFRESH_TOKEN_EXPIRES;
    protected int defaultLoginTokenExpires = 300;
    protected int defaultAuthorizationCodeExpires = 300;
    protected int defaultIdTokenExpires = 300;
    protected int defaultLoginSessionExpires = OAuth2AuthzServerConfigurator.DEFAULT_LOGIN_SESSION_EXPIRES;
    protected String jdbcDataSourceName = null;
    protected PrivateKey privateKey = null;
    protected PublicKey publicKey = null;
    protected JwtVerifier jwtVerifier = null;
    private boolean hasDataSources;

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    public OAuth2AuthzServerConfig config() {
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    public AuthzInMemoryStore inMemoryStore() {
        return this.inMemoryStore;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    public OAuth2AuthzServerConfigurator useInMemoryStore() {
        this.clientStore = this.inMemoryStore;
        this.codeStore = this.inMemoryStore;
        this.tokenStore = this.inMemoryStore;
        this.ssoStore = this.inMemoryStore;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    public OAuth2AuthzServerConfigurator useJdbcStore() {
        this.clientStore = this.jdbcClientStore;
        this.codeStore = this.jdbcCodeStore;
        this.tokenStore = this.jdbcTokenStore;
        this.ssoStore = this.jdbcSSOStore;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public boolean isEnabled() {
        return this.enabled;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setSingleLoginEnabled(boolean z) {
        this.singleLoginEnabled = z;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setSingleLogoutEnabled(boolean z) {
        this.singleLogoutEnabled = z;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setCleanupEnabled(boolean z) {
        this.cleanupEnabled = z;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setCleanupInterval(int i) {
        this.cleanupInterval = i;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public boolean isCleanupEnabled() {
        return this.cleanupEnabled;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public int getCleanupInterval() {
        return this.cleanupInterval;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public boolean isHttpsOnly() {
        return this.httpsOnly;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public boolean isSingleLoginEnabled() {
        return this.singleLoginEnabled;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public boolean isSingleLogoutEnabled() {
        return this.singleLogoutEnabled;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public boolean isPasswordCredentialsEnabled() {
        return this.passwordCredentialsEnabled;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public boolean isRequestLevelScopeEnabled() {
        return this.requestLevelScopeEnabled;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public boolean isUserInfoEnabled() {
        return this.userInfoEnabled;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public boolean isClientCredentialsEnabled() {
        return this.clientCredentialsEnabled;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public boolean isTokenClientEnabled() {
        return this.tokenClientEnabled;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public boolean isAuthorizationCodeEnabled() {
        return this.authorizationCodeEnabled;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public boolean isImplicitGrantEnabled() {
        return this.implicitGrantEnabled;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public String getTokenEndpointPath() {
        return this.tokenEndpointPath;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public String getAuthzEndpointPath() {
        return this.authzEndpointPath;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public String getTokenInfoEndpointPath() {
        return this.tokenInfoEndpointPath;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public String getUserInfoEndpointPath() {
        return this.userInfoEndpointPath;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public String getLogoutEndpointPath() {
        return this.logoutEndpointPath;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public String getErrorView() {
        return this.errorView;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public String getLoginView() {
        return this.loginView;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public String getLogoutView() {
        return this.logoutView;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public int getDefaultAccessTokenExpires() {
        return this.defaultAccessTokenExpires;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public int getDefaultRefreshTokenExpires() {
        return this.defaultRefreshTokenExpires;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public int getDefaultLoginTokenExpires() {
        return this.defaultLoginTokenExpires;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public int getDefaultAuthorizationCodeExpires() {
        return this.defaultAuthorizationCodeExpires;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public int getDefaultIdTokenExpires() {
        return this.defaultIdTokenExpires;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public int getDefaultLoginSessionExpires() {
        return this.defaultLoginSessionExpires;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public String getJdbcDataSourceName() {
        return this.jdbcDataSourceName;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setEnabled(boolean z) {
        this.enabled = z;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setHttpsOnly(boolean z) {
        this.httpsOnly = z;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setAuthorizationCodeEnabled(boolean z) {
        this.authorizationCodeEnabled = z;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setImplicitGrantEnabled(boolean z) {
        this.implicitGrantEnabled = z;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setPasswordCredentialsEnabled(boolean z) {
        this.passwordCredentialsEnabled = z;
        return this;
    }

    @ConfigProperty
    public OAuth2AuthzServerConfigurator setLoginTokenEnabled(boolean z) {
        this.loginTokenEnabled = z;
        return this;
    }

    @ConfigProperty
    public OAuth2AuthzServerConfig setUserInfoEnabled(boolean z) {
        this.userInfoEnabled = z;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setClientCredentialsEnabled(boolean z) {
        this.clientCredentialsEnabled = z;
        return this;
    }

    @ConfigProperty
    public OAuth2AuthzServerConfigurator setTokenClientEnabled(boolean z) {
        this.tokenClientEnabled = z;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setRequestLevelScopeEnabled(boolean z) {
        this.requestLevelScopeEnabled = z;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setTokenEndpointPath(String str) {
        this.tokenEndpointPath = str;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setAuthzEndpointPath(String str) {
        this.authzEndpointPath = str;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setTokenInfoEndpointPath(String str) {
        this.tokenInfoEndpointPath = str;
        return this;
    }

    @ConfigProperty
    public OAuth2AuthzServerConfig setUserInfoEndpointPath(String str) {
        this.userInfoEndpointPath = str;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setLogoutEndpointPath(String str) {
        this.logoutEndpointPath = str;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setErrorView(String str) {
        this.errorView = str;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setLoginView(String str) {
        this.loginView = str;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setLogoutView(String str) {
        this.loginView = str;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setDefaultAccessTokenExpires(int i) {
        this.defaultAccessTokenExpires = i;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setDefaultRefreshTokenExpires(int i) {
        this.defaultRefreshTokenExpires = i;
        return this;
    }

    @ConfigProperty
    public OAuth2AuthzServerConfigurator setDefaultLoginTokenExpires(int i) {
        this.defaultLoginTokenExpires = i;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setDefaultAuthorizationCodeExpires(int i) {
        this.defaultAuthorizationCodeExpires = i;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setDefaultIdTokenExpires(int i) {
        this.defaultIdTokenExpires = i;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    @ConfigProperty
    public OAuth2AuthzServerConfigurator setDefaultLoginSessionExpires(int i) {
        this.defaultLoginSessionExpires = i;
        return this;
    }

    @ConfigProperty
    public OAuth2AuthzServerConfigurator setJdbcDataSourceName(String str) {
        this.jdbcDataSourceName = str;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public PrivateKey ensureGetPrivateKey() {
        if (null == this.privateKey) {
            return this.appConfig.ensureGetPrivateKey();
        }
        return null;
    }

    public OAuth2AuthzServerConfigurator setClientStore(AuthzClientStore authzClientStore) {
        Args.notNull(authzClientStore);
        this.clientStore = authzClientStore;
        return this;
    }

    public OAuth2AuthzServerConfigurator setCodeStore(AuthzCodeStore authzCodeStore) {
        Args.notNull(authzCodeStore);
        this.codeStore = authzCodeStore;
        return this;
    }

    public OAuth2AuthzServerConfigurator setTokenStore(AuthzTokenStore authzTokenStore) {
        Args.notNull(authzTokenStore);
        this.tokenStore = authzTokenStore;
        return this;
    }

    public OAuth2AuthzServerConfigurator setSSOStore(AuthzSSOStore authzSSOStore) {
        Args.notNull(authzSSOStore);
        this.ssoStore = authzSSOStore;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public AuthzClientStore getClientStore() {
        return null == this.clientStore ? this.hasDataSources ? this.jdbcClientStore : this.inMemoryStore : this.clientStore;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public AuthzCodeStore getCodeStore() {
        return null == this.codeStore ? this.hasDataSources ? this.jdbcCodeStore : this.inMemoryStore : this.codeStore;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public AuthzTokenStore getTokenStore() {
        return null == this.tokenStore ? this.hasDataSources ? this.jdbcTokenStore : this.inMemoryStore : this.tokenStore;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public AuthzSSOStore getSSOStore() {
        return null == this.ssoStore ? this.hasDataSources ? this.jdbcSSOStore : this.inMemoryStore : this.ssoStore;
    }

    public OAuth2AuthzServerConfigurator setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    public OAuth2AuthzServerConfigurator setPublicKey(PublicKey publicKey) {
        this.publicKey = publicKey;
        return this;
    }

    @ConfigProperty
    public void setPrivateKeyStr(String str) {
        if (Strings.isEmpty(str)) {
            this.privateKey = null;
        } else {
            this.privateKey = RSA.decodePrivateKey(str);
        }
    }

    @ConfigProperty
    public void setPublicKeyStr(String str) {
        if (Strings.isEmpty(str)) {
            this.publicKey = null;
        } else {
            this.publicKey = RSA.decodePublicKey(str);
        }
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfig
    public JwtVerifier getJwtVerifier() {
        return this.jwtVerifier;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    public OAuth2AuthzServerConfigurator useRsaJwtVerifier() {
        if (this.publicKey == null) {
            throw new NullPointerException("public key is null! please use setPublicKeyStr(String publicKey) or setPublicKey to set the public key.");
        }
        if (!(this.publicKey instanceof RSAPublicKey)) {
            throw new AppConfigException("this public key is not a rsa public key!");
        }
        this.jwtVerifier = new RsaVerifier((RSAPublicKey) getPublicKey());
        return this;
    }

    @Override // leap.oauth2.as.OAuth2AuthzServerConfigurator
    public OAuth2AuthzServerConfigurator useJwtVerifier(JwtVerifier jwtVerifier) {
        return null;
    }

    public void postAppInit(App app) throws Throwable {
        if (this.enabled) {
            if (!this.sc.config().isEnabled()) {
                this.sc.enable(true);
            }
            this.hasDataSources = this.dsm.hasDataSources();
            if (this.hasDataSources) {
                String firstNotEmpty = Strings.firstNotEmpty(new String[]{this.jdbcDataSourceName, "default"});
                if (getTokenStore() instanceof JdbcStore) {
                    getTokenStore().setDataSourceName(firstNotEmpty);
                }
                if (getCodeStore() instanceof JdbcStore) {
                    getCodeStore().setDataSourceName(firstNotEmpty);
                }
                if (getClientStore() instanceof JdbcStore) {
                    getClientStore().setDataSourceName(firstNotEmpty);
                }
                if (getSSOStore() instanceof JdbcStore) {
                    getSSOStore().setDataSourceName(firstNotEmpty);
                }
            }
            if (isCleanupEnabled()) {
                this.schedulerManager.newFixedThreadPoolScheduler("auth-cleanup").scheduleAtFixedRate(() -> {
                    cleanup();
                }, getCleanupInterval() * 1000);
            }
        }
    }

    protected void cleanup() {
        Try.catchAll(() -> {
            getCodeStore().cleanupAuthorizationCodes();
        });
        Try.catchAll(() -> {
            getTokenStore().cleanupTokens();
        });
        Try.catchAll(() -> {
            getSSOStore().cleanupSSO();
        });
    }
}
