package cn.gtmap.ias.basic.oauth2;

import cn.gtmap.ias.basic.domain.dto.ClientDto;
import cn.gtmap.ias.basic.exception.InvalidClientConfigException;
import cn.gtmap.ias.basic.property.ClientProperties;
import cn.gtmap.ias.basic.security.GtmapRedisTokenStore;
import cn.gtmap.ias.basic.service.UserService;
import cn.gtmap.ias.basic.utils.GtmapStringUtils;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.connection.RedisConnectionFactory;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.builders.ClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.builders.InMemoryClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.util.CollectionUtils;

@Configuration
@EnableAuthorizationServer
/* loaded from: input_file:BOOT-INF/classes/cn/gtmap/ias/basic/oauth2/GtmapAuthorizationServerConfig.class */
public class GtmapAuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private RedisConnectionFactory redisConnectionFactory;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    private ClientProperties clientProperties;

    @Autowired
    private UserService userService;

    @Override // org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
    public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
        List<ClientDto> clients = this.clientProperties.getClients();
        if (CollectionUtils.isEmpty(clients)) {
            throw new InvalidClientConfigException("application-client.yml clients is required");
        }
        InMemoryClientDetailsServiceBuilder inMemory = clientDetailsServiceConfigurer.inMemory();
        clients.stream().forEach(clientDto -> {
            try {
                ClientDetailsServiceBuilder<B>.ClientBuilder withClient = inMemory.withClient(clientDto.getClientId());
                if (clientDto.getRedirectUris() == null) {
                    throw new InvalidClientConfigException("application-client.yml redirectUris is required");
                }
                withClient.redirectUris(clientDto.getRedirectUris().split(","));
                withClient.secret(clientDto.getClientSecret()).authorizedGrantTypes(GtmapStringUtils.trimAll(clientDto.getAuthorizedGrantTypes()).split(",")).scopes(GtmapStringUtils.trimAll(clientDto.getScopes()).split(",")).autoApprove(true).and();
            } catch (Exception e) {
                throw new InvalidClientConfigException("client " + clientDto.getClientId() + " config error");
            }
        });
    }

    @Override // org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
    public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) throws Exception {
        authorizationServerEndpointsConfigurer.allowedTokenEndpointRequestMethods(HttpMethod.GET, HttpMethod.POST).tokenStore(new GtmapRedisTokenStore(this.redisConnectionFactory)).authenticationManager(this.authenticationManager).userDetailsService(this.userService);
    }

    @Override // org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
    public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) throws Exception {
        authorizationServerSecurityConfigurer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()").allowFormAuthenticationForClients();
    }
}
