package com.ejianc.framework.openidclient.config;

import com.ejianc.framework.openidclient.filter.OIDCAuthenticationFilter;
import com.nimbusds.jose.JWSAlgorithm;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.RegisteredClient;
import org.mitre.openid.connect.client.OIDCAuthenticationProvider;
import org.mitre.openid.connect.client.service.AuthRequestOptionsService;
import org.mitre.openid.connect.client.service.ClientConfigurationService;
import org.mitre.openid.connect.client.service.IssuerService;
import org.mitre.openid.connect.client.service.impl.DynamicServerConfigurationService;
import org.mitre.openid.connect.client.service.impl.HybridClientConfigurationService;
import org.mitre.openid.connect.client.service.impl.HybridIssuerService;
import org.mitre.openid.connect.client.service.impl.PlainAuthRequestUrlBuilder;
import org.mitre.openid.connect.client.service.impl.StaticAuthRequestOptionsService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;

@EnableConfigurationProperties({OpenIDClientConfig.class, MyOpenIdServerConfiguration.class})
@Configuration
@EnableWebSecurity
/* loaded from: input_file:com/ejianc/framework/openidclient/config/EjcAppConfiguration.class */
public class EjcAppConfiguration extends WebSecurityConfigurerAdapter {
    protected static final String roleUser = "USER";
    protected static final String roleAdmin = "ADMIN";

    @Autowired(required = false)
    private OpenIDClientConfig openIDClientConfig;

    @Autowired
    private MyOpenIdServerConfiguration myOpenIdServerConfiguration;

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.csrf().disable();
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).permitAll();
    }

    @Bean
    public OIDCAuthenticationFilter oidcAuthenticationFilter(AuthenticationManager authenticationManager) {
        OIDCAuthenticationFilter oIDCAuthenticationFilter = new OIDCAuthenticationFilter(this.openIDClientConfig.getFilterProcessURL());
        oIDCAuthenticationFilter.setAuthenticationManager(authenticationManager);
        oIDCAuthenticationFilter.setIssuerService(issuerService());
        oIDCAuthenticationFilter.setServerConfigurationService(new DynamicServerConfigurationService());
        oIDCAuthenticationFilter.setClientConfigurationService(clientConfigurationService());
        oIDCAuthenticationFilter.setAuthRequestOptionsService(authRequestOptionsService());
        oIDCAuthenticationFilter.setAuthRequestUrlBuilder(new PlainAuthRequestUrlBuilder());
        return oIDCAuthenticationFilter;
    }

    protected IssuerService issuerService() {
        HybridIssuerService hybridIssuerService = new HybridIssuerService();
        hybridIssuerService.setLoginPageUrl(this.openIDClientConfig.getLoginPageUrl());
        hybridIssuerService.setForceHttps(false);
        return hybridIssuerService;
    }

    protected ClientConfigurationService clientConfigurationService() {
        RegisteredClient registeredClient = new RegisteredClient();
        registeredClient.setClientName(this.openIDClientConfig.getOpenidClientName());
        registeredClient.setRedirectUris(Collections.singleton(this.openIDClientConfig.getOpenidRedirectUri()));
        registeredClient.setJwksUri(this.openIDClientConfig.getOpenidJwksUri());
        registeredClient.setClientId(this.openIDClientConfig.getOpenidClientId());
        registeredClient.setClientSecret(this.openIDClientConfig.getOpenidClientSecret());
        registeredClient.setScope((Set) Stream.of((Object[]) new String[]{"openid", "profile"}).collect(Collectors.toSet()));
        registeredClient.setResponseTypes((Set) Stream.of((Object[]) new String[]{"code", "token"}).collect(Collectors.toSet()));
        registeredClient.setSubjectType(ClientDetailsEntity.SubjectType.PUBLIC);
        registeredClient.setRequestObjectSigningAlg(JWSAlgorithm.RS256);
        registeredClient.setTokenEndpointAuthMethod(ClientDetailsEntity.AuthMethod.SECRET_BASIC);
        registeredClient.setPostLogoutRedirectUris(Collections.singleton(this.openIDClientConfig.getOpenidLogoutSuccessUrl()));
        HybridClientConfigurationService hybridClientConfigurationService = new HybridClientConfigurationService();
        HashMap hashMap = new HashMap();
        hashMap.put(this.openIDClientConfig.getIssuer(), registeredClient);
        hybridClientConfigurationService.setClients(hashMap);
        return hybridClientConfigurationService;
    }

    protected AuthRequestOptionsService authRequestOptionsService() {
        HashMap hashMap = new HashMap();
        StaticAuthRequestOptionsService staticAuthRequestOptionsService = new StaticAuthRequestOptionsService();
        staticAuthRequestOptionsService.setOptions(hashMap);
        return staticAuthRequestOptionsService;
    }

    @Bean
    public AuthenticationProvider authenticationProvider() {
        return new OIDCAuthenticationProvider();
    }

    @Bean
    public AuthenticationManager authenticationManager(AuthenticationProvider authenticationProvider) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(authenticationProvider);
        return new ProviderManager(arrayList);
    }
}
