package yakworks.security.spring;

import com.nimbusds.jose.jwk.Curve;
import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.jwk.source.ImmutableJWKSet;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import com.nimbusds.jwt.proc.JWTClaimsSetAwareJWSKeySelector;
import com.nimbusds.jwt.proc.JWTProcessor;
import java.security.KeyPair;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Collection;
import java.util.Collections;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
import org.springframework.security.oauth2.core.OAuth2Token;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtEncoder;
import org.springframework.security.oauth2.jwt.JwtValidators;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtEncoder;
import yakworks.security.spring.token.JwtProperties;
import yakworks.security.spring.token.TokenController;
import yakworks.security.spring.token.generator.JwtTokenExchanger;
import yakworks.security.spring.token.generator.JwtTokenGenerator;

@EnableConfigurationProperties({JwtProperties.class})
@Configuration
@ConditionalOnClass({OAuth2Token.class})
@Lazy
/* loaded from: input_file:yakworks/security/spring/JwtConfiguration.class */
public class JwtConfiguration {
    @ConditionalOnMissingBean
    @Bean
    public TokenController tokenController() {
        return new TokenController();
    }

    @ConditionalOnMissingBean
    @Bean
    JWTClaimsSetAwareJWSKeySelector claimsSetKeySelector(JwtProperties jwtProperties) {
        return (jWSHeader, jWTClaimsSet, securityContext) -> {
            Collection<JwtProperties.Issuer> values = jwtProperties.getIssuers().values();
            String issuer = jWTClaimsSet.getIssuer();
            return issuer != null ? Collections.singletonList(values.stream().filter(issuer2 -> {
                return issuer.equals(issuer2.getIss());
            }).findAny().orElse(null).getKeyPair().getPublic()) : Collections.singletonList(jwtProperties.getDefaultIssuer().getKeyPair().getPublic());
        };
    }

    @Bean
    JWTProcessor jwtProcessor(JWTClaimsSetAwareJWSKeySelector jWTClaimsSetAwareJWSKeySelector) {
        DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
        defaultJWTProcessor.setJWTClaimsSetAwareJWSKeySelector(jWTClaimsSetAwareJWSKeySelector);
        return defaultJWTProcessor;
    }

    @Bean
    JwtDecoder jwtDecoder(JWTProcessor jWTProcessor) {
        NimbusJwtDecoder nimbusJwtDecoder = new NimbusJwtDecoder(jWTProcessor);
        nimbusJwtDecoder.setJwtValidator(new DelegatingOAuth2TokenValidator(new OAuth2TokenValidator[]{JwtValidators.createDefault()}));
        return nimbusJwtDecoder;
    }

    @ConditionalOnMissingBean
    @Bean
    public JwtEncoder jwtEncoder(JwtProperties jwtProperties) {
        JwtProperties.Issuer defaultIssuer = jwtProperties.getDefaultIssuer();
        KeyPair keyPair = defaultIssuer.getKeyPair();
        return new NimbusJwtEncoder(new ImmutableJWKSet(new JWKSet(defaultIssuer.isEC() ? new ECKey.Builder(Curve.P_256, (ECPublicKey) keyPair.getPublic()).privateKey(keyPair.getPrivate()).build() : new RSAKey.Builder((RSAPublicKey) keyPair.getPublic()).privateKey((RSAPrivateKey) keyPair.getPrivate()).build())));
    }

    @ConditionalOnMissingBean
    @Bean
    public JwtTokenGenerator tokenGenerator() {
        return new JwtTokenGenerator();
    }

    @ConditionalOnMissingBean
    @Bean
    public JwtTokenExchanger jwtTokenExchanger() {
        return new JwtTokenExchanger();
    }
}
