package com.kcloud.ms.authentication.config;

import com.kcloud.ms.authentication.basecore.service.CaptchaService;
import com.kcloud.ms.authentication.security.CustomAuthenticationProvider;
import java.security.KeyPair;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerEndpointsConfiguration;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerSecurityConfiguration;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.CompositeTokenGranter;
import org.springframework.security.oauth2.provider.TokenGranter;
import org.springframework.security.oauth2.provider.TokenRequest;
import org.springframework.security.oauth2.provider.approval.ApprovalStore;
import org.springframework.security.oauth2.provider.approval.ApprovalStoreUserApprovalHandler;
import org.springframework.security.oauth2.provider.approval.TokenApprovalStore;
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenGranter;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter;
import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices;
import org.springframework.security.oauth2.provider.implicit.ImplicitTokenGranter;
import org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter;
import org.springframework.security.oauth2.provider.refresh.RefreshTokenGranter;
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JdbcTokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils;

@Configuration
@Import({AuthorizationServerEndpointsConfiguration.class})
/* loaded from: input_file:com/kcloud/ms/authentication/config/AuthorizationServerConfig.class */
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
    AuthenticationManager authenticationManager;
    KeyPair keyPair;

    @Autowired
    PasswordEncoder passwordEncoder;

    @Autowired
    DataSource dataSource;

    @Autowired
    SessionRegistry sessionRegistry;

    @Autowired
    AuthServerProperties authServerProperties;

    @Autowired
    CaptchaService captchaService;

    @Configuration
    @Order(2)
    /* loaded from: input_file:com/kcloud/ms/authentication/config/AuthorizationServerConfig$JwkSetEndpointConfiguration.class */
    class JwkSetEndpointConfiguration extends AuthorizationServerSecurityConfiguration {
        JwkSetEndpointConfiguration() {
        }

        protected void configure(HttpSecurity httpSecurity) throws Exception {
            super.configure(httpSecurity);
            httpSecurity.requestMatchers().mvcMatchers(new String[]{"/.well-known/*"}).and().authorizeRequests().mvcMatchers(new String[]{"/.well-known/*"}).permitAll();
            if (ObjectUtils.isEmpty(AuthorizationServerConfig.this.authServerProperties.getSession().getMaxSession()) || AuthorizationServerConfig.this.authServerProperties.getSession().getMaxSession().intValue() != 0) {
                httpSecurity.sessionManagement().maximumSessions(AuthorizationServerConfig.this.authServerProperties.getSession().getMaxSession().intValue()).sessionRegistry(AuthorizationServerConfig.this.sessionRegistry);
            } else {
                httpSecurity.sessionManagement().maximumSessions(1).sessionRegistry(AuthorizationServerConfig.this.sessionRegistry);
            }
        }
    }

    /* loaded from: input_file:com/kcloud/ms/authentication/config/AuthorizationServerConfig$SubjectAttributeUserTokenConverter.class */
    class SubjectAttributeUserTokenConverter extends DefaultUserAuthenticationConverter {
        SubjectAttributeUserTokenConverter() {
        }

        public Map<String, ?> convertUserAuthentication(Authentication authentication) {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("sub", authentication.getName());
            if (authentication.getAuthorities() != null && !authentication.getAuthorities().isEmpty()) {
                linkedHashMap.put("authorities", AuthorityUtils.authorityListToSet(authentication.getAuthorities()));
            }
            return linkedHashMap;
        }
    }

    public AuthorizationServerConfig(AuthenticationManager authenticationManager, KeyPair keyPair, @Value("${kcloud.authentication.oauth2.jwt-enabled:true}") boolean z) throws Exception {
        this.authenticationManager = authenticationManager;
        this.keyPair = keyPair;
    }

    public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) {
        authorizationServerEndpointsConfigurer.tokenStore(tokenStore()).reuseRefreshTokens(false).tokenGranter(tokenGranter()).authorizationCodeServices(authorizationCodeServices());
        if (this.authServerProperties.getOauth2().isJwtEnabled()) {
            authorizationServerEndpointsConfigurer.accessTokenConverter(accessTokenConverter());
        }
    }

    @Bean
    public ApprovalStore approvalStore() {
        TokenApprovalStore tokenApprovalStore = new TokenApprovalStore();
        tokenApprovalStore.setTokenStore(tokenStore());
        return tokenApprovalStore;
    }

    @Bean(name = {"clientDetailsService"})
    public JdbcClientDetailsService jdbcClientDetailsService() {
        return new JdbcClientDetailsService(this.dataSource);
    }

    @Bean
    public DefaultOAuth2RequestFactory oAuth2RequestFactory() {
        return new DefaultOAuth2RequestFactory(jdbcClientDetailsService());
    }

    @Bean
    public UserApprovalHandler userApprovalHandler() {
        ApprovalStoreUserApprovalHandler approvalStoreUserApprovalHandler = new ApprovalStoreUserApprovalHandler();
        approvalStoreUserApprovalHandler.setApprovalStore(approvalStore());
        approvalStoreUserApprovalHandler.setClientDetailsService(jdbcClientDetailsService());
        approvalStoreUserApprovalHandler.setRequestFactory(oAuth2RequestFactory());
        return approvalStoreUserApprovalHandler;
    }

    @Bean
    public AuthorizationCodeServices authorizationCodeServices() {
        return new JdbcAuthorizationCodeServices(this.dataSource);
    }

    @Bean
    public TokenStore tokenStore() {
        return this.authServerProperties.getOauth2().isJwtEnabled() ? new JwtTokenStore(accessTokenConverter()) : new JdbcTokenStore(this.dataSource);
    }

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        jwtAccessTokenConverter.setKeyPair(this.keyPair);
        return jwtAccessTokenConverter;
    }

    public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
        clientDetailsServiceConfigurer.jdbc(this.dataSource).passwordEncoder(this.passwordEncoder);
    }

    public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) {
        authorizationServerSecurityConfigurer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()").allowFormAuthenticationForClients();
    }

    private TokenGranter tokenGranter() {
        return new TokenGranter() { // from class: com.kcloud.ms.authentication.config.AuthorizationServerConfig.1
            private CompositeTokenGranter delegate;

            public OAuth2AccessToken grant(String str, TokenRequest tokenRequest) {
                if (this.delegate == null) {
                    this.delegate = new CompositeTokenGranter(AuthorizationServerConfig.this.getDefaultTokenGranters());
                }
                return this.delegate.grant(str, tokenRequest);
            }
        };
    }

    @Bean
    public DefaultTokenServices authorizationServerTokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        defaultTokenServices.setClientDetailsService(jdbcClientDetailsService());
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        jwtAccessTokenConverter.setKeyPair(this.keyPair);
        defaultTokenServices.setTokenEnhancer(jwtAccessTokenConverter);
        return defaultTokenServices;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<TokenGranter> getDefaultTokenGranters() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new AuthorizationCodeTokenGranter(authorizationServerTokenServices(), authorizationCodeServices(), jdbcClientDetailsService(), oAuth2RequestFactory()));
        arrayList.add(new RefreshTokenGranter(authorizationServerTokenServices(), jdbcClientDetailsService(), oAuth2RequestFactory()));
        arrayList.add(new ImplicitTokenGranter(authorizationServerTokenServices(), jdbcClientDetailsService(), oAuth2RequestFactory()));
        arrayList.add(new ClientCredentialsTokenGranter(authorizationServerTokenServices(), jdbcClientDetailsService(), oAuth2RequestFactory()));
        ArrayList initAuthenticationManager = initAuthenticationManager();
        if (initAuthenticationManager.size() > 0) {
            arrayList.add(new ResourceOwnerPasswordTokenGranter(new ProviderManager(initAuthenticationManager), authorizationServerTokenServices(), jdbcClientDetailsService(), oAuth2RequestFactory()));
        }
        return arrayList;
    }

    private ArrayList initAuthenticationManager() {
        Assert.notNull(this.authServerProperties.getAuthenticateAction(), "A AuthenticateAction is required");
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < this.authServerProperties.getAuthenticateAction().size(); i++) {
            arrayList.add(new CustomAuthenticationProvider(this.authServerProperties.getAuthenticateAction().get(i), this.passwordEncoder));
        }
        return arrayList;
    }
}
