package com.vaadin.connect.oauth;

import com.vaadin.connect.VaadinConnectProperties;
import java.util.Arrays;
import java.util.List;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtClaimsSetVerifier;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

@Configuration
@Import({VaadinConnectOAuthConfigurer.class})
/* loaded from: input_file:com/vaadin/connect/oauth/VaadinConnectOAuthConfiguration.class */
public class VaadinConnectOAuthConfiguration extends AuthorizationServerConfigurerAdapter {
    private static final List<String> REQUIRED_CLAIMS = Arrays.asList("jti", "exp", "user_name", "authorities");
    private VaadinConnectProperties vaadinConnectProperties;

    @ConditionalOnMissingBean({PasswordEncoder.class})
    @Configuration
    /* loaded from: input_file:com/vaadin/connect/oauth/VaadinConnectOAuthConfiguration$PasswordEncoderConfiguration.class */
    protected static class PasswordEncoderConfiguration {
        protected PasswordEncoderConfiguration() {
        }

        @Bean
        public PasswordEncoder passwordEncoder() {
            return new BCryptPasswordEncoder();
        }
    }

    public VaadinConnectOAuthConfiguration(VaadinConnectProperties vaadinConnectProperties) {
        this.vaadinConnectProperties = vaadinConnectProperties;
    }

    @Bean
    public JwtAccessTokenConverter accessTokenConverter() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        String vaadinConnectTokenSigningKey = this.vaadinConnectProperties.getVaadinConnectTokenSigningKey();
        if (!vaadinConnectTokenSigningKey.isEmpty()) {
            jwtAccessTokenConverter.setSigningKey(vaadinConnectTokenSigningKey);
        }
        jwtAccessTokenConverter.setJwtClaimsSetVerifier(getJwtClaimsSetVerifier());
        return jwtAccessTokenConverter;
    }

    private JwtClaimsSetVerifier getJwtClaimsSetVerifier() {
        return map -> {
            for (String str : REQUIRED_CLAIMS) {
                if (map.get(str) == null) {
                    throw new InvalidTokenException("token does not contain the required claim: " + str);
                }
            }
        };
    }

    @Bean
    public TokenStore tokenStore() {
        return new JwtTokenStore(accessTokenConverter());
    }

    @ConditionalOnMissingBean({ResourceServerConfigurer.class})
    @Bean
    public ResourceServerConfigurer resourceServer() {
        return new ResourceServerConfigurerAdapter() { // from class: com.vaadin.connect.oauth.VaadinConnectOAuthConfiguration.1
            public void configure(HttpSecurity httpSecurity) throws Exception {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).permitAll();
            }
        };
    }
}
