package top.verytouch.vkit.rabc.config;

import java.time.Duration;
import java.util.ArrayList;
import java.util.Arrays;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.CompositeTokenGranter;
import org.springframework.security.oauth2.provider.TokenGranter;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import top.verytouch.vkit.rabc.RbacProperties;
import top.verytouch.vkit.rabc.oauth2.AnotherClientDetailsService;
import top.verytouch.vkit.rabc.oauth2.CaptchaTokenGranter;
import top.verytouch.vkit.rabc.oauth2.InMemoryAuthorizationCodeService;
import top.verytouch.vkit.rabc.oauth2.JwtUserDetailsTokenEnhancer;
import top.verytouch.vkit.rabc.oauth2.OauthException;
import top.verytouch.vkit.rabc.oauth2.OauthExceptionSerializer;
import top.verytouch.vkit.rabc.oauth2.ParameterPasswordEncoder;

@Configuration
@EnableAuthorizationServer
/* loaded from: input_file:top/verytouch/vkit/rabc/config/AuthorizationSererConfig.class */
public class AuthorizationSererConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Autowired
    private AnotherClientDetailsService anotherClientDetailsService;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    private ParameterPasswordEncoder parameterPasswordEncoder;

    @Autowired
    private AuthorizationCodeServices authorizationCodeServices;

    @Autowired
    private RbacProperties rbacProperties;

    @Autowired
    private JwtUserDetailsTokenEnhancer jwtUserDetailsTokenEnhancer;

    public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) {
        authorizationServerSecurityConfigurer.allowFormAuthenticationForClients().checkTokenAccess("permitAll()").tokenKeyAccess("permitAll()").accessDeniedHandler((v0, v1, v2) -> {
            OauthExceptionSerializer.exceptionHandler(v0, v1, v2);
        }).authenticationEntryPoint((v0, v1, v2) -> {
            OauthExceptionSerializer.exceptionHandler(v0, v1, v2);
        });
    }

    public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
        clientDetailsServiceConfigurer.withClientDetails(this.anotherClientDetailsService);
    }

    public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) {
        authorizationServerEndpointsConfigurer.userDetailsService(this.userDetailsService).authenticationManager(this.authenticationManager).tokenGranter(tokenGranter(authorizationServerEndpointsConfigurer)).accessTokenConverter(jwtAccessTokenConverter()).tokenStore(tokenStore()).reuseRefreshTokens(false).authorizationCodeServices(new InMemoryAuthorizationCodeService(Duration.ofMinutes(3L))).tokenEnhancer(tokenEnhancerChain()).authorizationCodeServices(this.authorizationCodeServices).exceptionTranslator(exc -> {
            return new ResponseEntity(new OauthException(exc.getMessage()), HttpStatus.OK);
        });
    }

    @Bean
    public TokenStore tokenStore() {
        return new JwtTokenStore(jwtAccessTokenConverter());
    }

    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        jwtAccessTokenConverter.setSigningKey(this.rbacProperties.getJwtSingKey());
        return jwtAccessTokenConverter;
    }

    @Bean
    public TokenEnhancer tokenEnhancer() {
        return (oAuth2AccessToken, oAuth2Authentication) -> {
            if (this.jwtUserDetailsTokenEnhancer == null) {
                return oAuth2AccessToken;
            }
            UserDetails userDetails = null;
            if (oAuth2Authentication.getDetails() instanceof UserDetails) {
                userDetails = (UserDetails) oAuth2Authentication.getDetails();
            } else {
                Authentication userAuthentication = oAuth2Authentication.getUserAuthentication();
                if (userAuthentication instanceof UserDetails) {
                    userDetails = (UserDetails) oAuth2Authentication.getDetails();
                } else {
                    Object principal = userAuthentication.getPrincipal();
                    if (principal instanceof UserDetails) {
                        userDetails = (UserDetails) principal;
                    }
                }
            }
            if (userDetails != null) {
                ((DefaultOAuth2AccessToken) oAuth2AccessToken).setAdditionalInformation(this.jwtUserDetailsTokenEnhancer.enhance(userDetails));
            }
            return oAuth2AccessToken;
        };
    }

    private TokenEnhancerChain tokenEnhancerChain() {
        TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
        tokenEnhancerChain.setTokenEnhancers(Arrays.asList(tokenEnhancer(), jwtAccessTokenConverter()));
        return tokenEnhancerChain;
    }

    private TokenGranter tokenGranter(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) {
        ArrayList arrayList = new ArrayList(Arrays.asList(authorizationServerEndpointsConfigurer.getTokenGranter()));
        arrayList.add(new CaptchaTokenGranter(authorizationServerEndpointsConfigurer.getTokenServices(), authorizationServerEndpointsConfigurer.getClientDetailsService(), authorizationServerEndpointsConfigurer.getOAuth2RequestFactory(), this.userDetailsService, this.passwordEncoder, this.parameterPasswordEncoder, this.rbacProperties));
        return new CompositeTokenGranter(arrayList);
    }
}
