package org.redpill.pdfapilot.promus.config;

import javax.inject.Inject;
import org.redpill.pdfapilot.promus.config.oauth2.MongoDBTokenStore;
import org.redpill.pdfapilot.promus.repository.OAuth2AccessTokenRepository;
import org.redpill.pdfapilot.promus.repository.OAuth2RefreshTokenRepository;
import org.redpill.pdfapilot.promus.security.AjaxLogoutSuccessHandler;
import org.redpill.pdfapilot.promus.security.AuthoritiesConstants;
import org.redpill.pdfapilot.promus.security.Http401UnauthorizedEntryPoint;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.bind.RelaxedPropertyResolver;
import org.springframework.context.EnvironmentAware;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@Configuration
/* loaded from: input_file:WEB-INF/classes/org/redpill/pdfapilot/promus/config/OAuth2ServerConfiguration.class */
public class OAuth2ServerConfiguration {

    @Configuration
    @EnableAuthorizationServer
    /* loaded from: input_file:WEB-INF/classes/org/redpill/pdfapilot/promus/config/OAuth2ServerConfiguration$AuthorizationServerConfiguration.class */
    protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter implements EnvironmentAware {
        private static final String ENV_OAUTH = "authentication.oauth.";
        private static final String PROP_CLIENTID = "clientid";
        private static final String PROP_SECRET = "secret";
        private static final String PROP_TOKEN_VALIDITY_SECONDS = "tokenValidityInSeconds";
        private RelaxedPropertyResolver propertyResolver;

        @Inject
        private OAuth2AccessTokenRepository oAuth2AccessTokenRepository;

        @Inject
        private OAuth2RefreshTokenRepository oAuth2RefreshTokenRepository;

        @Inject
        @Qualifier("authenticationManagerBean")
        private AuthenticationManager authenticationManager;

        protected AuthorizationServerConfiguration() {
        }

        @Bean
        public TokenStore tokenStore() {
            return new MongoDBTokenStore(this.oAuth2AccessTokenRepository, this.oAuth2RefreshTokenRepository);
        }

        @Override // org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
        public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) throws Exception {
            authorizationServerEndpointsConfigurer.tokenStore(tokenStore()).authenticationManager(this.authenticationManager);
        }

        @Override // org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
        public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
            clientDetailsServiceConfigurer.inMemory().withClient(this.propertyResolver.getProperty(PROP_CLIENTID)).scopes("read", "write").authorities(AuthoritiesConstants.ADMIN, AuthoritiesConstants.USER).authorizedGrantTypes("password", OAuth2AccessToken.REFRESH_TOKEN).secret(this.propertyResolver.getProperty(PROP_SECRET)).accessTokenValiditySeconds(((Integer) this.propertyResolver.getProperty(PROP_TOKEN_VALIDITY_SECONDS, Integer.class, 1800)).intValue());
        }

        @Override // org.springframework.context.EnvironmentAware
        public void setEnvironment(Environment environment) {
            this.propertyResolver = new RelaxedPropertyResolver(environment, ENV_OAUTH);
        }
    }

    @EnableResourceServer
    @Configuration
    /* loaded from: input_file:WEB-INF/classes/org/redpill/pdfapilot/promus/config/OAuth2ServerConfiguration$ResourceServerConfiguration.class */
    protected static class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

        @Inject
        private Http401UnauthorizedEntryPoint authenticationEntryPoint;

        @Inject
        private AjaxLogoutSuccessHandler ajaxLogoutSuccessHandler;

        protected ResourceServerConfiguration() {
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter, org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer
        public void configure(HttpSecurity httpSecurity) throws Exception {
            ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) ((HttpSecurity) httpSecurity.exceptionHandling().authenticationEntryPoint(this.authenticationEntryPoint).and()).logout().logoutUrl("/api/logout").logoutSuccessHandler(this.ajaxLogoutSuccessHandler).and()).csrf().requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")).disable()).headers().frameOptions().disable().and()).authorizeRequests().antMatchers("/api/authenticate").permitAll().antMatchers("/api/register").permitAll().antMatchers("/api/logs/**").hasAnyAuthority(AuthoritiesConstants.ADMIN).antMatchers("/api/**").authenticated().antMatchers("/websocket/tracker").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/websocket/**").permitAll().antMatchers("/metrics/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/health/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/trace/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/dump/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/shutdown/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/beans/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/configprops/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/info/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/autoconfig/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/env/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/trace/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/api-docs/**").hasAuthority(AuthoritiesConstants.ADMIN).antMatchers("/protected/**").authenticated();
        }
    }
}
