package cn.kduck.security.oauth2.configuration;

import cn.kduck.secrity.baseapp.domain.service.impl.ClientDetailsService;
import cn.kduck.security.KduckSecurityProperties;
import cn.kduck.security.filter.AuthenticationFailureStrategyFilter;
import cn.kduck.security.mfa.oauth2.MfaAuthenticatorService;
import cn.kduck.security.mfa.oauth2.MfaPasswordTokenGranter;
import cn.kduck.security.mfa.oauth2.MfaTokenGranter;
import cn.kduck.security.oauth2.tokengranter.CustomResourceOwnerPasswordTokenGranter;
import java.util.ArrayList;
import java.util.List;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.CompositeTokenGranter;
import org.springframework.security.oauth2.provider.TokenGranter;
import org.springframework.security.oauth2.provider.TokenRequest;
import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter;
import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices;
import org.springframework.security.oauth2.provider.implicit.ImplicitTokenGranter;
import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;

@Configuration
@ConditionalOnClass({EnableAuthorizationServer.class})
@EnableAuthorizationServer
@ConditionalOnProperty(prefix = "kduck.security.oauth2.authServer", name = {"enabled"}, havingValue = "true")
/* loaded from: input_file:cn/kduck/security/oauth2/configuration/OAuthAuthServerConfiguration.class */
public class OAuthAuthServerConfiguration extends AuthorizationServerConfigurerAdapter {
    private final AuthenticationManager authenticationManager;

    @Autowired
    private KduckSecurityProperties securityProperties;

    @Autowired(required = false)
    private JwtAccessTokenConverter accessTokenConverter;

    @Autowired
    private TokenStore tokenStore;

    @Autowired
    private DataSource dataSource;

    @Autowired(required = false)
    private TokenEnhancer tokenEnhancer;

    @Autowired
    @Lazy
    private AuthenticationFailureStrategyFilter preAuthenticationFilter;

    @Autowired(required = false)
    private MfaAuthenticatorService mfaService;

    @Autowired
    public OAuthAuthServerConfiguration(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) throws Exception {
        authorizationServerSecurityConfigurer.allowFormAuthenticationForClients();
        authorizationServerSecurityConfigurer.addTokenEndpointAuthenticationFilter(this.preAuthenticationFilter);
    }

    @Bean(name = {"clientDetailsService"})
    public JdbcClientDetailsService jdbcClientDetailsService() {
        return new ClientDetailsService(this.dataSource);
    }

    public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) throws Exception {
        authorizationServerEndpointsConfigurer.tokenStore(this.tokenStore).tokenGranter(tokenGranter());
    }

    @Bean
    public DefaultOAuth2RequestFactory oAuth2RequestFactory() {
        return new DefaultOAuth2RequestFactory(jdbcClientDetailsService());
    }

    @Bean
    public AuthorizationCodeServices authorizationCodeServices() {
        return new JdbcAuthorizationCodeServices(this.dataSource);
    }

    @Bean
    public DefaultTokenServices authorizationServerTokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(this.tokenStore);
        defaultTokenServices.setSupportRefreshToken(true);
        defaultTokenServices.setClientDetailsService(jdbcClientDetailsService());
        if (this.accessTokenConverter != null && this.tokenEnhancer != null) {
            TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
            ArrayList arrayList = new ArrayList();
            arrayList.add(this.tokenEnhancer);
            arrayList.add(this.accessTokenConverter);
            tokenEnhancerChain.setTokenEnhancers(arrayList);
            defaultTokenServices.setTokenEnhancer(tokenEnhancerChain);
        }
        return defaultTokenServices;
    }

    private TokenGranter tokenGranter() {
        return new TokenGranter() { // from class: cn.kduck.security.oauth2.configuration.OAuthAuthServerConfiguration.1
            private CompositeTokenGranter delegate;

            public OAuth2AccessToken grant(String str, TokenRequest tokenRequest) {
                if (this.delegate == null) {
                    this.delegate = new CompositeTokenGranter(OAuthAuthServerConfiguration.this.getDefaultTokenGranters());
                }
                return this.delegate.grant(str, tokenRequest);
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<TokenGranter> getDefaultTokenGranters() {
        ArrayList arrayList = new ArrayList();
        if (this.securityProperties.getMfa() != null && this.securityProperties.getMfa().isEnabled()) {
            arrayList.add(new MfaPasswordTokenGranter(authorizationServerTokenServices(), jdbcClientDetailsService(), oAuth2RequestFactory(), this.authenticationManager));
            arrayList.add(new MfaTokenGranter(authorizationServerTokenServices(), jdbcClientDetailsService(), oAuth2RequestFactory(), this.authenticationManager, this.tokenStore));
        } else if (this.authenticationManager != null) {
            arrayList.add(new CustomResourceOwnerPasswordTokenGranter(this.authenticationManager, authorizationServerTokenServices(), jdbcClientDetailsService(), oAuth2RequestFactory()));
        }
        arrayList.add(new AuthorizationCodeTokenGranter(authorizationServerTokenServices(), authorizationCodeServices(), jdbcClientDetailsService(), oAuth2RequestFactory()));
        arrayList.add(new RefreshTokenGranter(authorizationServerTokenServices(), jdbcClientDetailsService(), oAuth2RequestFactory()));
        arrayList.add(new ImplicitTokenGranter(authorizationServerTokenServices(), jdbcClientDetailsService(), oAuth2RequestFactory()));
        arrayList.add(new ClientCredentialsTokenGranter(authorizationServerTokenServices(), jdbcClientDetailsService(), oAuth2RequestFactory()));
        return arrayList;
    }
}
