package cn.kduck.security.oauth2.configuration;

import cn.kduck.security.KduckSecurityProperties;
import cn.kduck.security.authentication.KduckWebAuthenticationDetails;
import cn.kduck.security.filter.AuthenticationFailureStrategyFilter;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.sql.DataSource;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
import org.springframework.security.web.authentication.WebAuthenticationDetails;

@Configuration
/* loaded from: input_file:cn/kduck/security/oauth2/configuration/TokenConfiguration.class */
public class TokenConfiguration {
    private final KduckSecurityProperties securityProperties;

    @Configuration
    @ConditionalOnClass({RedisConnectionFactory.class})
    @ConditionalOnProperty(prefix = "kduck.security.oauth2", name = {"tokenStore"}, havingValue = "redis")
    /* loaded from: input_file:cn/kduck/security/oauth2/configuration/TokenConfiguration$RedisTokenConfiguration.class */
    public static class RedisTokenConfiguration {
        @Bean
        public TokenStore redisTokenStore(RedisConnectionFactory redisConnectionFactory) {
            return new RedisTokenStore(redisConnectionFactory);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:cn/kduck/security/oauth2/configuration/TokenConfiguration$SubjectAttributeUserTokenConverter.class */
    public class SubjectAttributeUserTokenConverter extends DefaultUserAuthenticationConverter {
        private SubjectAttributeUserTokenConverter() {
        }

        public Map<String, ?> convertUserAuthentication(Authentication authentication) {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            Object details = authentication.getDetails();
            String str = null;
            String str2 = null;
            if (details instanceof LinkedHashMap) {
                LinkedHashMap linkedHashMap2 = (LinkedHashMap) details;
                str = (String) linkedHashMap2.get("tenant_domain");
                str2 = (String) linkedHashMap2.get(AuthenticationFailureStrategyFilter.FORM_USERNAME_KEY);
            } else if (details instanceof WebAuthenticationDetails) {
                str = ((KduckWebAuthenticationDetails) authentication.getDetails()).getTenantUrl();
            }
            linkedHashMap.put("tenant_domain", str);
            linkedHashMap.put("user_name", str2);
            if (authentication.getAuthorities() != null && !authentication.getAuthorities().isEmpty()) {
                linkedHashMap.put("authorities", AuthorityUtils.authorityListToSet(authentication.getAuthorities()));
            }
            return linkedHashMap;
        }
    }

    public TokenConfiguration(KduckSecurityProperties kduckSecurityProperties) {
        this.securityProperties = kduckSecurityProperties;
    }

    @ConditionalOnProperty(prefix = "kduck.security.oauth2", name = {"tokenStore"}, havingValue = "jwt", matchIfMissing = true)
    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        if (this.securityProperties.getOauth2() != null && this.securityProperties.getOauth2().getJwtKey() != null) {
            this.securityProperties.getOauth2().getJwtKey();
        }
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        jwtAccessTokenConverter.setKeyPair(keyPair());
        DefaultAccessTokenConverter defaultAccessTokenConverter = new DefaultAccessTokenConverter();
        defaultAccessTokenConverter.setUserTokenConverter(new SubjectAttributeUserTokenConverter());
        jwtAccessTokenConverter.setAccessTokenConverter(defaultAccessTokenConverter);
        return jwtAccessTokenConverter;
    }

    @ConditionalOnBean({JwtTokenExtInfo.class})
    @Bean
    public TokenEnhancer tokenEnhancer(JwtTokenExtInfo jwtTokenExtInfo) {
        return (oAuth2AccessToken, oAuth2Authentication) -> {
            ((DefaultOAuth2AccessToken) oAuth2AccessToken).setAdditionalInformation(jwtTokenExtInfo.extInfo(oAuth2AccessToken, oAuth2Authentication));
            return oAuth2AccessToken;
        };
    }

    @ConditionalOnProperty(prefix = "kduck.security.oauth2", name = {"tokenStore"}, havingValue = "jwt", matchIfMissing = true)
    @Bean
    public TokenStore jwtTokenStore() {
        return new JwtTokenStore(accessTokenConverter());
    }

    @ConditionalOnProperty(prefix = "kduck.security.oauth2", name = {"tokenStore"}, havingValue = "memory")
    @Bean
    public TokenStore memoryTokenStore() {
        return new InMemoryTokenStore();
    }

    @ConditionalOnProperty(prefix = "kduck.security.oauth2", name = {"tokenStore"}, havingValue = "jdbc")
    @Bean
    public TokenStore redisTokenStore(DataSource dataSource) {
        return new JdbcTokenStore(dataSource);
    }

    @Bean
    public KeyPair keyPair() {
        try {
            RSAPublicKeySpec rSAPublicKeySpec = new RSAPublicKeySpec(new BigInteger("18044398961479537755088511127417480155072543594514852056908450877656126120801808993616738273349107491806340290040410660515399239279742407357192875363433659810851147557504389760192273458065587503508596714389889971758652047927503525007076910925306186421971180013159326306810174367375596043267660331677530921991343349336096643043840224352451615452251387611820750171352353189973315443889352557807329336576421211370350554195530374360110583327093711721857129170040527236951522127488980970085401773781530555922385755722534685479501240842392531455355164896023070459024737908929308707435474197069199421373363801477026083786683"), new BigInteger("65537"));
            RSAPrivateKeySpec rSAPrivateKeySpec = new RSAPrivateKeySpec(new BigInteger("18044398961479537755088511127417480155072543594514852056908450877656126120801808993616738273349107491806340290040410660515399239279742407357192875363433659810851147557504389760192273458065587503508596714389889971758652047927503525007076910925306186421971180013159326306810174367375596043267660331677530921991343349336096643043840224352451615452251387611820750171352353189973315443889352557807329336576421211370350554195530374360110583327093711721857129170040527236951522127488980970085401773781530555922385755722534685479501240842392531455355164896023070459024737908929308707435474197069199421373363801477026083786683"), new BigInteger("3851612021791312596791631935569878540203393691253311342052463788814433805390794604753109719790052408607029530149004451377846406736413270923596916756321977922303381344613407820854322190592787335193581632323728135479679928871596911841005827348430783250026013354350760878678723915119966019947072651782000702927096735228356171563532131162414366310012554312756036441054404004920678199077822575051043273088621405687950081861819700809912238863867947415641838115425624808671834312114785499017269379478439158796130804789241476050832773822038351367878951389438751088021113551495469440016698505614123035099067172660197922333993"));
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            return new KeyPair(keyFactory.generatePublic(rSAPublicKeySpec), keyFactory.generatePrivate(rSAPrivateKeySpec));
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }
}
