package org.springframework.boot.autoconfigure.security.oauth2.authserver;

import java.util.Optional;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionMessage;
import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ConditionContext;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.core.type.AnnotatedTypeMetadata;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

@Configuration
/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-autoconfigure-2.3.3.RELEASE.jar:org/springframework/boot/autoconfigure/security/oauth2/authserver/AuthorizationServerTokenServicesConfiguration.class */
public class AuthorizationServerTokenServicesConfiguration {

    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-autoconfigure-2.3.3.RELEASE.jar:org/springframework/boot/autoconfigure/security/oauth2/authserver/AuthorizationServerTokenServicesConfiguration$JwtKeyStoreCondition.class */
    private static class JwtKeyStoreCondition extends SpringBootCondition {
        private JwtKeyStoreCondition() {
        }

        @Override // org.springframework.boot.autoconfigure.condition.SpringBootCondition
        public ConditionOutcome getMatchOutcome(ConditionContext conditionContext, AnnotatedTypeMetadata annotatedTypeMetadata) {
            ConditionMessage.Builder forCondition = ConditionMessage.forCondition("OAuth JWT KeyStore Condition", new Object[0]);
            return StringUtils.hasText(conditionContext.getEnvironment().getProperty("security.oauth2.authorization.jwt.key-store")) ? ConditionOutcome.match(forCondition.foundExactly("provided key store location")) : ConditionOutcome.noMatch(forCondition.didNotFind("provided key store location").atAll());
        }
    }

    @Configuration
    @Conditional({JwtKeyStoreCondition.class})
    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-autoconfigure-2.3.3.RELEASE.jar:org/springframework/boot/autoconfigure/security/oauth2/authserver/AuthorizationServerTokenServicesConfiguration$JwtKeyStoreConfiguration.class */
    protected class JwtKeyStoreConfiguration implements ApplicationContextAware {
        private final AuthorizationServerProperties authorization;
        private ApplicationContext context;

        @Autowired
        public JwtKeyStoreConfiguration(AuthorizationServerProperties authorizationServerProperties) {
            this.authorization = authorizationServerProperties;
        }

        @Override // org.springframework.context.ApplicationContextAware
        public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
            this.context = applicationContext;
        }

        @ConditionalOnMissingBean({AuthorizationServerTokenServices.class})
        @Bean
        public DefaultTokenServices jwtTokenServices(TokenStore tokenStore) {
            DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
            defaultTokenServices.setTokenStore(tokenStore);
            return defaultTokenServices;
        }

        @ConditionalOnMissingBean({TokenStore.class})
        @Bean
        public TokenStore tokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) {
            return new JwtTokenStore(jwtAccessTokenConverter);
        }

        @ConditionalOnMissingBean({JwtAccessTokenConverter.class})
        @Bean
        public JwtAccessTokenConverter accessTokenConverter() {
            Assert.notNull(this.authorization.getJwt().getKeyStore(), "keyStore cannot be null");
            Assert.notNull(this.authorization.getJwt().getKeyStorePassword(), "keyStorePassword cannot be null");
            Assert.notNull(this.authorization.getJwt().getKeyAlias(), "keyAlias cannot be null");
            JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
            Resource resource = this.context.getResource(this.authorization.getJwt().getKeyStore());
            char[] charArray = this.authorization.getJwt().getKeyStorePassword().toCharArray();
            jwtAccessTokenConverter.setKeyPair(new KeyStoreKeyFactory(resource, charArray).getKeyPair(this.authorization.getJwt().getKeyAlias(), (char[]) Optional.ofNullable(this.authorization.getJwt().getKeyPassword()).map((v0) -> {
                return v0.toCharArray();
            }).orElse(charArray)));
            return jwtAccessTokenConverter;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-autoconfigure-2.3.3.RELEASE.jar:org/springframework/boot/autoconfigure/security/oauth2/authserver/AuthorizationServerTokenServicesConfiguration$JwtTokenCondition.class */
    private static class JwtTokenCondition extends SpringBootCondition {
        private JwtTokenCondition() {
        }

        @Override // org.springframework.boot.autoconfigure.condition.SpringBootCondition
        public ConditionOutcome getMatchOutcome(ConditionContext conditionContext, AnnotatedTypeMetadata annotatedTypeMetadata) {
            ConditionMessage.Builder forCondition = ConditionMessage.forCondition("OAuth JWT Condition", new Object[0]);
            return StringUtils.hasText(conditionContext.getEnvironment().getProperty("security.oauth2.authorization.jwt.key-value")) ? ConditionOutcome.match(forCondition.foundExactly("provided private or symmetric key")) : ConditionOutcome.noMatch(forCondition.didNotFind("provided private or symmetric key").atAll());
        }
    }

    @Configuration
    @Conditional({JwtTokenCondition.class})
    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-autoconfigure-2.3.3.RELEASE.jar:org/springframework/boot/autoconfigure/security/oauth2/authserver/AuthorizationServerTokenServicesConfiguration$JwtTokenServicesConfiguration.class */
    protected static class JwtTokenServicesConfiguration {
        private final AuthorizationServerProperties authorization;

        public JwtTokenServicesConfiguration(AuthorizationServerProperties authorizationServerProperties) {
            this.authorization = authorizationServerProperties;
        }

        @ConditionalOnMissingBean({AuthorizationServerTokenServices.class})
        @Bean
        public DefaultTokenServices jwtTokenServices(TokenStore tokenStore) {
            DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
            defaultTokenServices.setTokenStore(tokenStore);
            return defaultTokenServices;
        }

        @ConditionalOnMissingBean({TokenStore.class})
        @Bean
        public TokenStore jwtTokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) {
            return new JwtTokenStore(jwtAccessTokenConverter);
        }

        @ConditionalOnMissingBean({JwtAccessTokenConverter.class})
        @Bean
        public JwtAccessTokenConverter jwtTokenEnhancer() {
            String keyValue = this.authorization.getJwt().getKeyValue();
            Assert.notNull(this.authorization.getJwt().getKeyValue(), "keyValue cannot be null");
            JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
            if (!keyValue.startsWith("-----BEGIN")) {
                jwtAccessTokenConverter.setVerifierKey(keyValue);
            }
            jwtAccessTokenConverter.setSigningKey(keyValue);
            return jwtAccessTokenConverter;
        }
    }
}
