package org.onetwo.boot.module.oauth2.authorize;

import java.util.List;
import java.util.Map;
import javax.sql.DataSource;
import org.onetwo.boot.module.oauth2.JFishOauth2Properties;
import org.onetwo.boot.module.oauth2.util.OAuth2Utils;
import org.onetwo.common.spring.SpringUtils;
import org.onetwo.common.spring.aop.Proxys;
import org.onetwo.common.utils.LangUtils;
import org.onetwo.common.utils.StringUtils;
import org.onetwo.ext.security.DefaultUrlSecurityConfigurer;
import org.onetwo.ext.security.method.DefaultMethodSecurityConfigurer;
import org.springframework.beans.ConfigurablePropertyAccessor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.builders.ClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.builders.InMemoryClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.builders.JdbcClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter;
import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.security.oauth2.provider.error.OAuth2ExceptionRenderer;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.util.Assert;

@EnableConfigurationProperties({JFishOauth2Properties.class})
@Configuration
@EnableAuthorizationServer
@ConditionalOnProperty(name = {JFishOauth2Properties.AuthorizationServerProps.ENABLED_KEY}, matchIfMissing = true)
/* loaded from: input_file:org/onetwo/boot/module/oauth2/authorize/AuthorizationServerConfiguration.class */
public class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private JFishOauth2Properties oauth2Properties;

    @Autowired(required = false)
    private DataSource dataSource;

    @Autowired(required = false)
    private PasswordEncoder passwordEncoder;

    @Autowired(required = false)
    private TokenStore tokenStore;

    @Autowired(required = false)
    List<TokenEnhancer> tokenEnhancers;

    @Autowired(required = false)
    private OAuth2ExceptionRenderer oauth2ExceptionRenderer;

    @Autowired(required = false)
    private OAuth2AuthenticationEntryPoint oauth2AuthenticationEntryPoint;

    @Autowired(required = false)
    private OAuth2AccessDeniedHandler oauth2AccessDeniedHandler;

    @Autowired(required = false)
    @Qualifier(OAuth2Utils.OAUTH2_CLIENT_DETAILS_SERVICE)
    private ClientDetailsService clientDetailsService;

    @Autowired(required = false)
    private TokenEndpointFilterInterceptor tokenEndpointFilterInterceptor;

    @Configuration
    /* loaded from: input_file:org/onetwo/boot/module/oauth2/authorize/AuthorizationServerConfiguration$AuthorizationWebSecurityConfigurerAdapter.class */
    protected class AuthorizationWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
        protected AuthorizationWebSecurityConfigurerAdapter() {
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            JFishOauth2Properties.AuthorizationServerProps authorizationServer = AuthorizationServerConfiguration.this.oauth2Properties.getAuthorizationServer();
            if (!LangUtils.isEmpty(authorizationServer.getRequestMatchers())) {
                httpSecurity.requestMatchers().antMatchers(authorizationServer.getRequestMatchers());
            }
            DefaultUrlSecurityConfigurer.configIntercepterUrls(httpSecurity, authorizationServer.getIntercepterUrls(), (List) null);
            DefaultMethodSecurityConfigurer.defaultAnyRequest(httpSecurity, authorizationServer.getAnyRequest());
        }
    }

    /* loaded from: input_file:org/onetwo/boot/module/oauth2/authorize/AuthorizationServerConfiguration$ClientCredentialsTokenEndpointFilterPostProcessor.class */
    protected class ClientCredentialsTokenEndpointFilterPostProcessor implements ObjectPostProcessor<ClientCredentialsTokenEndpointFilter> {
        protected ClientCredentialsTokenEndpointFilterPostProcessor() {
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v11, types: [org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter] */
        public <O extends ClientCredentialsTokenEndpointFilter> O postProcess(O o) {
            ConfigurablePropertyAccessor newPropertyAccessor = SpringUtils.newPropertyAccessor(o, true);
            if (AuthorizationServerConfiguration.this.oauth2ExceptionRenderer != null) {
                newPropertyAccessor.setPropertyValue("authenticationEntryPoint.exceptionRenderer", AuthorizationServerConfiguration.this.oauth2ExceptionRenderer);
            }
            if (AuthorizationServerConfiguration.this.tokenEndpointFilterInterceptor != null) {
                o = (ClientCredentialsTokenEndpointFilter) Proxys.intercept(o, AuthorizationServerConfiguration.this.tokenEndpointFilterInterceptor);
            }
            return o;
        }
    }

    public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) throws Exception {
        JFishOauth2Properties.AuthorizationServerProps authorizationServer = this.oauth2Properties.getAuthorizationServer();
        if (authorizationServer.isAllowFormAuthenticationForClients()) {
            authorizationServerSecurityConfigurer.allowFormAuthenticationForClients();
            authorizationServerSecurityConfigurer.addObjectPostProcessor(new ClientCredentialsTokenEndpointFilterPostProcessor());
        }
        if (authorizationServer.isSslOnly()) {
            authorizationServerSecurityConfigurer.sslOnly();
        }
        if (StringUtils.isNotBlank(authorizationServer.getRealm())) {
            authorizationServerSecurityConfigurer.realm(authorizationServer.getRealm());
        }
        if (StringUtils.isNotBlank(authorizationServer.getCheckTokenAccess())) {
            authorizationServerSecurityConfigurer.checkTokenAccess(authorizationServer.getCheckTokenAccess());
        }
        if (StringUtils.isNotBlank(authorizationServer.getTokenKeyAccess())) {
            authorizationServerSecurityConfigurer.tokenKeyAccess(authorizationServer.getTokenKeyAccess());
        }
        if (this.oauth2AuthenticationEntryPoint != null) {
            authorizationServerSecurityConfigurer.authenticationEntryPoint(this.oauth2AuthenticationEntryPoint);
        }
        if (this.oauth2AccessDeniedHandler != null) {
            authorizationServerSecurityConfigurer.accessDeniedHandler(this.oauth2AccessDeniedHandler);
        }
        if (this.passwordEncoder != null) {
            authorizationServerSecurityConfigurer.passwordEncoder(this.passwordEncoder);
        }
    }

    public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
        if (this.clientDetailsService != null) {
            clientDetailsServiceConfigurer.withClientDetails(this.clientDetailsService);
            return;
        }
        JFishOauth2Properties.ClientDetailStore clientDetailStore = this.oauth2Properties.getAuthorizationServer().getClientDetailStore();
        if (clientDetailStore == JFishOauth2Properties.ClientDetailStore.JDBC) {
            configJdbc(clientDetailsServiceConfigurer);
        } else if (clientDetailStore == JFishOauth2Properties.ClientDetailStore.IN_MEMORY) {
            configInMemory(clientDetailsServiceConfigurer);
        }
    }

    protected void configJdbc(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
        Assert.notNull(this.dataSource, "dataSource is required!");
        JdbcClientDetailsServiceBuilder jdbc = clientDetailsServiceConfigurer.jdbc(this.dataSource);
        if (this.passwordEncoder != null) {
            jdbc.passwordEncoder(this.passwordEncoder);
        }
        jdbc.build();
    }

    protected void configInMemory(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
        Map<String, JFishOauth2Properties.MemoryUser> clientDetails = this.oauth2Properties.getAuthorizationServer().getClientDetails();
        InMemoryClientDetailsServiceBuilder inMemory = clientDetailsServiceConfigurer.inMemory();
        clientDetails.forEach((str, memoryUser) -> {
            ClientDetailsServiceBuilder.ClientBuilder secret = inMemory.withClient(str).secret(memoryUser.getSecret());
            if (!LangUtils.isEmpty(memoryUser.getScopes())) {
                secret.scopes(memoryUser.getScopes());
            }
            if (!LangUtils.isEmpty(memoryUser.getAuthorities())) {
                secret.authorities(memoryUser.getAuthorities());
            }
            if (memoryUser.getAccessTokenValiditySeconds() != null) {
                secret.accessTokenValiditySeconds(memoryUser.getAccessTokenValiditySeconds().intValue());
            }
            secret.autoApprove(memoryUser.isAutoApprove());
            if (!LangUtils.isEmpty(memoryUser.getAutoApproveScopes())) {
                secret.autoApprove(memoryUser.getAutoApproveScopes());
            }
            if (!LangUtils.isEmpty(memoryUser.getResourceIds())) {
                secret.resourceIds(memoryUser.getResourceIds());
            }
            if (!LangUtils.isEmpty(memoryUser.getAuthorizedGrantTypes())) {
                secret.authorizedGrantTypes(memoryUser.getAuthorizedGrantTypes());
            }
            if (memoryUser.getRefreshTokenValiditySeconds() != null) {
                secret.refreshTokenValiditySeconds(memoryUser.getRefreshTokenValiditySeconds().intValue());
            }
            if (LangUtils.isEmpty(memoryUser.getRegisteredRedirectUris())) {
                return;
            }
            secret.redirectUris(memoryUser.getRegisteredRedirectUris());
        });
        inMemory.build();
    }

    public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) throws Exception {
        if (this.tokenStore != null) {
            authorizationServerEndpointsConfigurer.tokenStore(this.tokenStore);
        }
        authorizationServerEndpointsConfigurer.tokenEnhancer(tokenEnhancerChain());
        this.oauth2Properties.getAuthorizationServer().getPathMappings().forEach((str, str2) -> {
            authorizationServerEndpointsConfigurer.pathMapping(str, str2);
        });
    }

    protected TokenEnhancerChain tokenEnhancerChain() {
        TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
        if (this.tokenEnhancers != null) {
            tokenEnhancerChain.setTokenEnhancers(this.tokenEnhancers);
        }
        return tokenEnhancerChain;
    }
}
