package org.bremersee.security.authentication;

import org.bremersee.context.MessageSourceProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.context.event.ApplicationReadyEvent;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.event.EventListener;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.util.Assert;
import org.springframework.util.ClassUtils;

@EnableConfigurationProperties({AuthProperties.class, MessageSourceProperties.class})
@ConditionalOnClass({RestTemplateBuilder.class, JsonPathJwtConverter.class, RestTemplateAccessTokenRetriever.class})
@Configuration
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
/* loaded from: input_file:org/bremersee/security/authentication/JwtSupportAutoConfiguration.class */
public class JwtSupportAutoConfiguration {
    private static final Logger log = LoggerFactory.getLogger(JwtSupportAutoConfiguration.class);
    private final AuthProperties properties;

    public JwtSupportAutoConfiguration(AuthProperties authProperties) {
        this.properties = authProperties;
    }

    @EventListener({ApplicationReadyEvent.class})
    public void init() {
        log.info("\n*********************************************************************************\n* {}\n*********************************************************************************\n* rolesJsonPath = {}\n* rolesValueList = {}\n* rolesValueSeparator = {}\n* rolePrefix = {}\n* nameJsonPath = {}\n*********************************************************************************", new Object[]{ClassUtils.getUserClass(getClass()).getSimpleName(), this.properties.getRolesJsonPath(), Boolean.valueOf(this.properties.isRolesValueList()), this.properties.getRolesValueSeparator(), this.properties.getRolePrefix(), this.properties.getNameJsonPath()});
    }

    @ConditionalOnMissingBean
    @Bean
    public AuthenticationDetails authenticationDetails(MessageSourceProperties messageSourceProperties) {
        return new JsonPathJwtAuthenticationDetails(messageSourceProperties.defaultLocale(), messageSourceProperties.defaultTimeZone(), this.properties.getPreferredLanguageJsonPath(), this.properties.getPreferredTimeZoneJsonPath());
    }

    @ConditionalOnMissingBean
    @ConditionalOnProperty(prefix = "spring.security.oauth2.resourceserver.jwt", name = {"jwk-set-uri"})
    @Bean
    public JsonPathJwtConverter jsonPathJwtConverter() {
        log.info("Creating application {} ...", JsonPathJwtConverter.class.getSimpleName());
        JsonPathJwtConverter jsonPathJwtConverter = new JsonPathJwtConverter();
        jsonPathJwtConverter.setNameJsonPath(this.properties.getNameJsonPath());
        jsonPathJwtConverter.setRolePrefix(this.properties.getRolePrefix());
        jsonPathJwtConverter.setRolesJsonPath(this.properties.getRolesJsonPath());
        jsonPathJwtConverter.setRolesValueList(this.properties.isRolesValueList());
        jsonPathJwtConverter.setRolesValueSeparator(this.properties.getRolesValueSeparator());
        return jsonPathJwtConverter;
    }

    @ConditionalOnMissingBean
    @Conditional({JwtSupportCondition.class})
    @Bean
    public RestTemplateAccessTokenRetriever restTemplateAccessTokenRetriever(ObjectProvider<RestTemplateBuilder> objectProvider, ObjectProvider<AccessTokenCache> objectProvider2) {
        AccessTokenCache accessTokenCache = (AccessTokenCache) objectProvider2.getIfAvailable();
        log.info("Creating common {} with cache {} ...", RestTemplateAccessTokenRetriever.class.getSimpleName(), accessTokenCache);
        Assert.notNull(objectProvider.getIfAvailable(), "Rest template builder must be present.");
        return new RestTemplateAccessTokenRetriever(((RestTemplateBuilder) objectProvider.getIfAvailable()).build(), accessTokenCache);
    }

    @ConditionalOnMissingBean({PasswordFlowAuthenticationManager.class})
    @ConditionalOnProperty(prefix = "bremersee.auth.password-flow", name = {"token-endpoint", "client-id", "client-secret"})
    @ConditionalOnBean({JsonPathJwtConverter.class})
    @Bean
    public PasswordFlowAuthenticationManager passwordFlowAuthenticationManager(ObjectProvider<JwtDecoder> objectProvider, JsonPathJwtConverter jsonPathJwtConverter, RestTemplateAccessTokenRetriever restTemplateAccessTokenRetriever) {
        log.info("Creating application {} ...", PasswordFlowAuthenticationManager.class.getSimpleName());
        Assert.notNull(objectProvider.getIfAvailable(), "Jwt decoder must be present.");
        return new PasswordFlowAuthenticationManager(this.properties.getPasswordFlow(), (JwtDecoder) objectProvider.getIfAvailable(), jsonPathJwtConverter, restTemplateAccessTokenRetriever);
    }
}
