package org.minbox.framework.api.boot.autoconfigure.security.authorization;

import org.minbox.framework.api.boot.autoconfigure.security.ApiBootOauthProperties;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;

@EnableConfigurationProperties({ApiBootOauthProperties.class})
@Configuration
@ConditionalOnClass({AuthorizationServerConfigurerAdapter.class})
@EnableAuthorizationServer
/* loaded from: input_file:org/minbox/framework/api/boot/autoconfigure/security/authorization/ApiBootAuthorizationServerAutoConfiguration.class */
public class ApiBootAuthorizationServerAutoConfiguration extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private ApiBootOauthProperties apiBootOauthProperties;

    @Autowired
    private TokenStore tokenStore;

    public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) throws Exception {
        authorizationServerSecurityConfigurer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
    }

    @ConditionalOnProperty(prefix = ApiBootOauthProperties.API_BOOT_OAUTH_PREFIX, name = {"jwt.enable"}, havingValue = "true")
    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        jwtAccessTokenConverter.setSigningKey(this.apiBootOauthProperties.getJwt().getSignKey());
        return jwtAccessTokenConverter;
    }

    public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) throws Exception {
        authorizationServerEndpointsConfigurer.authenticationManager(this.authenticationManager).tokenStore(this.tokenStore);
        if (this.apiBootOauthProperties.getJwt().isEnable()) {
            authorizationServerEndpointsConfigurer.accessTokenConverter(jwtAccessTokenConverter());
        }
    }
}
