package org.springframework.cloud.skipper.server.local.security.support.oauth2testserver;

import java.util.HashSet;
import java.util.Iterator;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.config.annotation.builders.ClientDetailsServiceBuilder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;

@Configuration
@EnableAuthorizationServer
/* loaded from: input_file:org/springframework/cloud/skipper/server/local/security/support/oauth2testserver/AuthServerConfig.class */
public class AuthServerConfig extends AuthorizationServerConfigurerAdapter {

    @Autowired
    private BaseClientDetails details;
    private AuthenticationManager authenticationManagerBean;

    @Autowired
    public void setAuthenticationManagerBean(AuthenticationManager authenticationManager) {
        this.authenticationManagerBean = authenticationManager;
    }

    public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) throws Exception {
        authorizationServerSecurityConfigurer.tokenKeyAccess("permitAll()").checkTokenAccess("isAuthenticated()");
    }

    public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
        ClientDetailsServiceBuilder.ClientBuilder withClient = clientDetailsServiceConfigurer.inMemory().withClient(this.details.getClientId());
        withClient.secret(this.details.getClientSecret()).resourceIds((String[]) this.details.getResourceIds().toArray(new String[0])).authorizedGrantTypes((String[]) this.details.getAuthorizedGrantTypes().toArray(new String[0])).authorities((String[]) AuthorityUtils.authorityListToSet(this.details.getAuthorities()).toArray(new String[0])).scopes((String[]) this.details.getScope().toArray(new String[0]));
        if (this.details.getAutoApproveScopes() != null) {
            withClient.autoApprove((String[]) this.details.getAutoApproveScopes().toArray(new String[0]));
        }
        if (this.details.getAccessTokenValiditySeconds() != null) {
            withClient.accessTokenValiditySeconds(this.details.getAccessTokenValiditySeconds().intValue());
        }
        if (this.details.getRefreshTokenValiditySeconds() != null) {
            withClient.refreshTokenValiditySeconds(this.details.getRefreshTokenValiditySeconds().intValue());
        }
        if (this.details.getRegisteredRedirectUri() != null) {
            withClient.redirectUris((String[]) this.details.getRegisteredRedirectUri().toArray(new String[0]));
        }
    }

    public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) throws Exception {
        super.configure(authorizationServerEndpointsConfigurer);
        authorizationServerEndpointsConfigurer.authenticationManager(this.authenticationManagerBean);
        authorizationServerEndpointsConfigurer.tokenStore(tokenStore());
        authorizationServerEndpointsConfigurer.tokenEnhancer(new TokenEnhancer() { // from class: org.springframework.cloud.skipper.server.local.security.support.oauth2testserver.AuthServerConfig.1
            public OAuth2AccessToken enhance(OAuth2AccessToken oAuth2AccessToken, OAuth2Authentication oAuth2Authentication) {
                if (oAuth2Authentication.getPrincipal() instanceof User) {
                    User user = (User) oAuth2Authentication.getPrincipal();
                    HashSet hashSet = new HashSet();
                    Iterator it = user.getAuthorities().iterator();
                    while (it.hasNext()) {
                        String authority = ((GrantedAuthority) it.next()).getAuthority();
                        if (authority.startsWith("ROLE_")) {
                            hashSet.add(authority.substring(5).toLowerCase());
                        } else {
                            hashSet.add(authority.toLowerCase());
                        }
                    }
                    ((DefaultOAuth2AccessToken) oAuth2AccessToken).setScope(hashSet);
                }
                return oAuth2AccessToken;
            }
        });
    }

    @Bean
    public TokenStore tokenStore() {
        return new InMemoryTokenStore();
    }

    @ConfigurationProperties(prefix = "security.oauth2.client")
    @Bean
    public BaseClientDetails oauth2ClientDetails() {
        return new BaseClientDetails();
    }
}
