package com.vaadin.connect.auth.server;

import com.vaadin.connect.VaadinConnectProperties;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Import;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.stereotype.Component;
import org.springframework.util.Base64Utils;
import org.springframework.web.filter.OncePerRequestFilter;

@Component
@Import({VaadinConnectProperties.class})
/* loaded from: input_file:com/vaadin/connect/auth/server/VaadinConnectOAuthConfigurer.class */
public class VaadinConnectOAuthConfigurer extends AuthorizationServerConfigurerAdapter {
    private static final String[] SCOPES = {"read", "write"};
    private static final String[] GRANT_TYPES = {"password", "refresh_token"};
    private static final String CLIENT_ID = "vaadin-connect-client";
    private static final String CLIENT_SECRET = "*";
    private final PasswordEncoder encoder;
    private final TokenStore tokenStore;
    private final JwtAccessTokenConverter accessTokenConverter;
    private final AuthenticationManager authenticationManager;
    private final UserDetailsService userDetails;

    /* loaded from: input_file:com/vaadin/connect/auth/server/VaadinConnectOAuthConfigurer$PreBasicHttpFilter.class */
    private static class PreBasicHttpFilter extends OncePerRequestFilter {
        private final String basic;

        PreBasicHttpFilter(String str, String str2) {
            this.basic = "Basic " + Base64Utils.encodeToString((str + ":" + str2).getBytes(StandardCharsets.UTF_8));
        }

        protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
            filterChain.doFilter(new HttpServletRequestWrapper(httpServletRequest) { // from class: com.vaadin.connect.auth.server.VaadinConnectOAuthConfigurer.PreBasicHttpFilter.1
                public String getHeader(String str) {
                    if ("Authorization".equals(str)) {
                        return PreBasicHttpFilter.this.basic;
                    }
                    return null;
                }
            }, httpServletResponse);
        }
    }

    public VaadinConnectOAuthConfigurer(PasswordEncoder passwordEncoder, TokenStore tokenStore, JwtAccessTokenConverter jwtAccessTokenConverter, AuthenticationConfiguration authenticationConfiguration, @Autowired(required = false) UserDetailsService userDetailsService, @Autowired(required = false) AuthenticationManager authenticationManager) throws Exception {
        this.encoder = passwordEncoder;
        this.tokenStore = tokenStore;
        this.accessTokenConverter = jwtAccessTokenConverter;
        this.userDetails = userDetailsService;
        this.authenticationManager = authenticationManager != null ? authenticationManager : authenticationConfiguration.getAuthenticationManager();
    }

    public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) {
        authorizationServerEndpointsConfigurer.userDetailsService(this.userDetails).authenticationManager(this.authenticationManager).tokenStore(this.tokenStore).accessTokenConverter(this.accessTokenConverter);
    }

    public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
        clientDetailsServiceConfigurer.inMemory().withClient(CLIENT_ID).secret(this.encoder.encode(CLIENT_SECRET)).scopes(SCOPES).authorizedGrantTypes(GRANT_TYPES);
    }

    public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) throws Exception {
        authorizationServerSecurityConfigurer.addTokenEndpointAuthenticationFilter(new PreBasicHttpFilter(CLIENT_ID, CLIENT_SECRET));
    }
}
