package top.dcenter.ums.security.jwt.config;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.serializer.RedisSerializer;
import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtClaimValidator;
import org.springframework.security.oauth2.jwt.MappedJwtClaimSetConverter;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import top.dcenter.ums.security.common.api.jackson2.SimpleModuleHolder;
import top.dcenter.ums.security.common.api.userdetails.converter.AuthenticationToUserDetailsConverter;
import top.dcenter.ums.security.jwt.advice.JwtControllerAdvice;
import top.dcenter.ums.security.jwt.api.cache.service.JwtCacheTransformService;
import top.dcenter.ums.security.jwt.api.claims.service.CustomClaimsSetService;
import top.dcenter.ums.security.jwt.api.id.service.JwtIdService;
import top.dcenter.ums.security.jwt.api.supplier.JwtClaimTypeConverterSupplier;
import top.dcenter.ums.security.jwt.api.supplier.JwtGrantedAuthoritiesConverterSupplier;
import top.dcenter.ums.security.jwt.api.validator.service.CustomClaimValidateService;
import top.dcenter.ums.security.jwt.api.validator.service.ReAuthService;
import top.dcenter.ums.security.jwt.cache.service.UmsJwtCacheTransformServiceImpl;
import top.dcenter.ums.security.jwt.claims.service.GenerateClaimsSetService;
import top.dcenter.ums.security.jwt.claims.service.impl.UmsAuthoritiesClaimsSetServiceImpl;
import top.dcenter.ums.security.jwt.claims.service.impl.UmsGenerateClaimsSetServiceImpl;
import top.dcenter.ums.security.jwt.id.service.impl.UuidJwtIdServiceImpl;
import top.dcenter.ums.security.jwt.jackson2.JwtJackson2ModuleHolder;
import top.dcenter.ums.security.jwt.properties.BearerTokenProperties;
import top.dcenter.ums.security.jwt.properties.JwtProperties;
import top.dcenter.ums.security.jwt.resolver.UmsBearerTokenResolver;
import top.dcenter.ums.security.jwt.supplier.UmsJwtClaimTypeConverterSupplier;
import top.dcenter.ums.security.jwt.supplier.UmsJwtGrantedAuthoritiesConverterSupplier;
import top.dcenter.ums.security.jwt.userdetails.converter.Oauth2TokenAuthenticationTokenToUserConverter;
import top.dcenter.ums.security.jwt.validator.JwtNotBeforeValidator;
import top.dcenter.ums.security.jwt.validator.UmsReAuthServiceImpl;

@Configuration
@ConditionalOnProperty(prefix = "ums.jwt", name = {"enable"}, havingValue = "true")
@AutoConfigureAfter({RedisSerializerAutoConfiguration.class})
/* loaded from: input_file:top/dcenter/ums/security/jwt/config/JwtServiceAutoConfiguration.class */
public class JwtServiceAutoConfiguration {
    private static final Logger log = LoggerFactory.getLogger(JwtServiceAutoConfiguration.class);

    @Bean
    public SimpleModuleHolder jwtJackson2ModuleHolder() {
        return new JwtJackson2ModuleHolder();
    }

    @ConditionalOnMissingBean(type = {"top.dcenter.ums.security.common.api.userdetails.converter.AuthenticationToUserDetailsConverter"})
    @Bean
    public AuthenticationToUserDetailsConverter authenticationToUserDetailsConverter() {
        return new Oauth2TokenAuthenticationTokenToUserConverter();
    }

    @ConditionalOnMissingBean(type = {"top.dcenter.ums.security.jwt.api.id.service.JwtIdService"})
    @Bean
    public JwtIdService jwtIdService() {
        return new UuidJwtIdServiceImpl();
    }

    @ConditionalOnMissingBean(type = {"top.dcenter.ums.security.jwt.api.cache.service.JwtCacheTransformService"})
    @Bean
    public JwtCacheTransformService<?> jwtCacheTransformService(RedisSerializer<JwtAuthenticationToken> redisSerializer) {
        return new UmsJwtCacheTransformServiceImpl(redisSerializer);
    }

    @ConditionalOnMissingBean(type = {"top.dcenter.ums.security.jwt.api.claims.service.CustomClaimsSetService"})
    @Bean
    public CustomClaimsSetService customClaimsSetService() {
        return new UmsAuthoritiesClaimsSetServiceImpl();
    }

    @ConditionalOnMissingBean(type = {"top.dcenter.ums.security.jwt.api.validator.service.ReAuthService"})
    @Bean
    public ReAuthService reAuthService(JwtProperties jwtProperties) {
        return new UmsReAuthServiceImpl(jwtProperties);
    }

    @ConditionalOnMissingBean(type = {"top.dcenter.ums.security.jwt.advice.JwtControllerAdvice"})
    @Bean
    public JwtControllerAdvice jwtControllerAdvice() {
        return new JwtControllerAdvice();
    }

    @Bean
    public BearerTokenResolver bearerTokenResolver(JwtProperties jwtProperties) {
        BearerTokenProperties bearer = jwtProperties.getBearer();
        String bearerTokenParameterName = bearer.getBearerTokenParameterName();
        String bearerTokenHeaderName = bearer.getBearerTokenHeaderName();
        Boolean allowFormEncodedBodyParameter = bearer.getAllowFormEncodedBodyParameter();
        Boolean allowUriQueryParameter = bearer.getAllowUriQueryParameter();
        if (allowFormEncodedBodyParameter.booleanValue() && allowUriQueryParameter.booleanValue()) {
            throw new RuntimeException("属性 allowFormEncodedBodyParameter, allowUriQueryParameter 不能同时为 true.");
        }
        if (!StringUtils.hasText(bearerTokenHeaderName) && !StringUtils.hasText(bearerTokenParameterName)) {
            throw new RuntimeException("属性 bearerTokenHeaderName 或 bearerTokenParameterName 不能是 null 或 空字符串.");
        }
        UmsBearerTokenResolver umsBearerTokenResolver = new UmsBearerTokenResolver(bearerTokenParameterName, jwtProperties.getJwtByRefreshTokenUri());
        umsBearerTokenResolver.setBearerTokenHeaderName(bearerTokenHeaderName);
        umsBearerTokenResolver.setAllowFormEncodedBodyParameter(allowFormEncodedBodyParameter.booleanValue());
        umsBearerTokenResolver.setAllowUriQueryParameter(allowUriQueryParameter.booleanValue());
        return umsBearerTokenResolver;
    }

    @ConditionalOnMissingBean(type = {"top.dcenter.ums.security.jwt.api.supplier.JwtGrantedAuthoritiesConverterSupplier"})
    @Bean
    public JwtGrantedAuthoritiesConverterSupplier jwtGrantedAuthoritiesConverterSupplier() {
        return new UmsJwtGrantedAuthoritiesConverterSupplier();
    }

    @ConditionalOnMissingBean(type = {"org.springframework.security.oauth2.server.resource.authentication.JwtBearerTokenAuthenticationConverter"})
    @Bean
    public JwtAuthenticationConverter jwtAuthenticationConverter(JwtProperties jwtProperties, JwtGrantedAuthoritiesConverterSupplier jwtGrantedAuthoritiesConverterSupplier) {
        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
        try {
            jwtAuthenticationConverter.getClass().getDeclaredField(JwtAutoConfiguration.PRINCIPAL_CLAIM_NAME);
            jwtAuthenticationConverter.setPrincipalClaimName(jwtProperties.getPrincipalClaimName());
        } catch (NoSuchFieldException e) {
            log.info("ums.jwt.principalClaimName must be sub");
        }
        if (Objects.nonNull(jwtGrantedAuthoritiesConverterSupplier)) {
            jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(jwtGrantedAuthoritiesConverterSupplier.getConverter());
        }
        return jwtAuthenticationConverter;
    }

    @ConditionalOnMissingBean(type = {"top.dcenter.ums.security.jwt.api.supplier.JwtClaimTypeConverterSupplier"})
    @Bean
    public JwtClaimTypeConverterSupplier jwtClaimTypeConverterSupplier() {
        return new UmsJwtClaimTypeConverterSupplier();
    }

    @ConditionalOnMissingBean(type = {"top.dcenter.ums.security.jwt.claims.service.GenerateClaimsSetService"})
    @Bean
    public GenerateClaimsSetService generateClaimsSetService(JwtProperties jwtProperties, JwtAuthenticationConverter jwtAuthenticationConverter) {
        return new UmsGenerateClaimsSetServiceImpl(jwtProperties.getTimeout().getSeconds(), jwtProperties.getIss(), jwtProperties.getPrincipalClaimName(), jwtAuthenticationConverter);
    }

    @ConditionalOnMissingBean(type = {"org.springframework.security.oauth2.jwt.MappedJwtClaimSetConverter"})
    @Bean
    public MappedJwtClaimSetConverter mappedJwtClaimSetConverter(JwtClaimTypeConverterSupplier jwtClaimTypeConverterSupplier) {
        return Objects.isNull(jwtClaimTypeConverterSupplier) ? MappedJwtClaimSetConverter.withDefaults(Collections.emptyMap()) : MappedJwtClaimSetConverter.withDefaults(jwtClaimTypeConverterSupplier.getConverter());
    }

    @ConditionalOnMissingBean(type = {"org.springframework.security.oauth2.core.OAuth2TokenValidator"})
    @Bean
    public OAuth2TokenValidator<Jwt> oAuth2TokenValidator(JwtProperties jwtProperties, @Autowired(required = false) Map<String, CustomClaimValidateService> map) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JwtNotBeforeValidator(jwtProperties.getClockSkew()));
        if (!CollectionUtils.isEmpty(map)) {
            map.values().forEach(customClaimValidateService -> {
                String claimName = customClaimValidateService.getClaimName();
                customClaimValidateService.getClass();
                arrayList.add(new JwtClaimValidator(claimName, customClaimValidateService::validate));
            });
        }
        return new DelegatingOAuth2TokenValidator(arrayList);
    }
}
