package am.ik.home;

import am.ik.home.app.AppClientDetails;
import am.ik.home.app.AppRepository;
import am.ik.home.member.Member;
import am.ik.home.member.MemberRepository;
import am.ik.home.member.MemberUserDetails;
import java.util.Arrays;
import java.util.concurrent.TimeUnit;
import javax.sql.DataSource;
import org.apache.catalina.filters.RequestDumperFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.autoconfigure.security.oauth2.authserver.AuthorizationServerProperties;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.core.annotation.Order;
import org.springframework.data.rest.core.config.RepositoryRestConfiguration;
import org.springframework.data.rest.webmvc.config.RepositoryRestConfigurerAdapter;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

@SpringBootApplication
/* loaded from: input_file:BOOT-INF/classes/am/ik/home/UaaApplication.class */
public class UaaApplication {

    @Autowired
    MemberRepository memberRepository;

    @Configuration
    @EnableGlobalMethodSecurity(prePostEnabled = true)
    @Order(-20)
    /* loaded from: input_file:BOOT-INF/classes/am/ik/home/UaaApplication$LoginConfig.class */
    static class LoginConfig extends WebSecurityConfigurerAdapter {

        @Autowired
        DataSource dataSource;

        @Autowired
        UserDetailsService userDetailsService;

        LoginConfig() {
        }

        @Bean
        PersistentTokenRepository persistentTokenRepository() {
            JdbcTokenRepositoryImpl jdbcTokenRepositoryImpl = new JdbcTokenRepositoryImpl();
            jdbcTokenRepositoryImpl.setDataSource(this.dataSource);
            return jdbcTokenRepositoryImpl;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
        protected void configure(HttpSecurity httpSecurity) throws Exception {
            ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.formLogin().loginPage("/login").permitAll().and()).requestMatchers().antMatchers("/", "/apps", "/login", "/logout", "/oauth/authorize", "/oauth/confirm_access").and().authorizeRequests().antMatchers("/login**").permitAll().antMatchers("/apps**").access("hasRole('ADMIN')").anyRequest().authenticated().and()).rememberMe().tokenRepository(persistentTokenRepository()).userDetailsService(this.userDetailsService).tokenValiditySeconds((int) TimeUnit.DAYS.toSeconds(7L)).and()).logout().deleteCookies("JSESSIONID", "remember-me").permitAll().and()).csrf().ignoringAntMatchers("/oauth/**");
        }
    }

    @EnableConfigurationProperties({AuthorizationServerProperties.class})
    @Configuration
    @EnableAuthorizationServer
    /* loaded from: input_file:BOOT-INF/classes/am/ik/home/UaaApplication$OAuth2AuthorizationConfig.class */
    static class OAuth2AuthorizationConfig extends AuthorizationServerConfigurerAdapter {

        @Autowired
        AuthenticationManager authenticationManager;

        @Autowired
        AppRepository appRepository;

        @Autowired
        TokenEnhancer tokenEnhancer;

        @Autowired
        AuthorizationServerProperties props;

        OAuth2AuthorizationConfig() {
        }

        @Override // org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
        public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
            clientDetailsServiceConfigurer.withClientDetails(str -> {
                return (AppClientDetails) this.appRepository.findByAppId(str).map(AppClientDetails::new).orElseThrow(() -> {
                    return new ClientRegistrationException("The given client is invalid");
                });
            });
        }

        @Override // org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
        public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) throws Exception {
            TokenEnhancerChain tokenEnhancerChain = new TokenEnhancerChain();
            tokenEnhancerChain.setTokenEnhancers(Arrays.asList(this.tokenEnhancer, jwtAccessTokenConverter()));
            authorizationServerEndpointsConfigurer.authenticationManager(this.authenticationManager).tokenEnhancer(tokenEnhancerChain).pathMapping("/oauth/token_key", "/token_key").pathMapping("/oauth/check_token", "/check_token");
        }

        @Override // org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
        public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) throws Exception {
            authorizationServerSecurityConfigurer.tokenKeyAccess(this.props.getTokenKeyAccess());
            authorizationServerSecurityConfigurer.checkTokenAccess(this.props.getCheckTokenAccess());
        }

        @ConfigurationProperties("jwt")
        @Bean
        JwtAccessTokenConverter jwtAccessTokenConverter() {
            return new JwtAccessTokenConverter();
        }
    }

    @EnableResourceServer
    @Configuration
    /* loaded from: input_file:BOOT-INF/classes/am/ik/home/UaaApplication$OAuth2ResourceConfig.class */
    static class OAuth2ResourceConfig extends ResourceServerConfigurerAdapter {
        OAuth2ResourceConfig() {
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer
        public void configure(HttpSecurity httpSecurity) throws Exception {
            ((HttpSecurity) httpSecurity.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()).authorizeRequests().mvcMatchers2("/userinfo").access("#oauth2.hasScope('openid')").antMatchers(HttpMethod.GET, "/v1/members/**").access("#oauth2.clientHasRole('ROLE_TRUSTED_CLIENT') and (#oauth2.hasScope('member.read') or #oauth2.hasScope('admin.read'))").antMatchers(HttpMethod.POST, "/v1/members/**").access("#oauth2.clientHasRole('ROLE_TRUSTED_CLIENT') and (#oauth2.hasScope('member.write') or #oauth2.hasScope('admin.write'))");
        }
    }

    @Configuration
    /* loaded from: input_file:BOOT-INF/classes/am/ik/home/UaaApplication$RestMvcConfig.class */
    static class RestMvcConfig extends RepositoryRestConfigurerAdapter {
        RestMvcConfig() {
        }

        @Override // org.springframework.data.rest.webmvc.config.RepositoryRestConfigurerAdapter, org.springframework.data.rest.webmvc.config.RepositoryRestConfigurer
        public void configureRepositoryRestConfiguration(RepositoryRestConfiguration repositoryRestConfiguration) {
            repositoryRestConfiguration.exposeIdsFor(Member.class);
        }
    }

    public static void main(String[] strArr) {
        SpringApplication.run(UaaApplication.class, strArr);
    }

    @Bean
    UserDetailsService userDetailsService(MemberRepository memberRepository) {
        return str -> {
            return (MemberUserDetails) memberRepository.findByEmail(str).map(MemberUserDetails::new).orElseThrow(() -> {
                return new UsernameNotFoundException("not found");
            });
        };
    }

    @Bean
    PasswordEncoder passwordEncoder() {
        return new Pbkdf2PasswordEncoder();
    }

    @Profile({"!cloud"})
    @Bean
    RequestDumperFilter requestDumperFilter() {
        return new RequestDumperFilter();
    }
}
