package com.ella.user.configure;

import com.ella.user.constant.OAuth2Constants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.approval.ApprovalStore;
import org.springframework.security.oauth2.provider.approval.TokenApprovalStore;
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;

@Configuration
@EnableAuthorizationServer
/* loaded from: input_file:BOOT-INF/classes/com/ella/user/configure/OAuth2Configuration.class */
public class OAuth2Configuration implements AuthorizationServerConfigurer {

    @Autowired
    AuthenticationManager authenticationManager;

    @Autowired
    private StringRedisTemplate redisTemplate;

    @Autowired
    private SecurityProperties securityProperties;

    @Override // org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
    public void configure(AuthorizationServerSecurityConfigurer authorizationServerSecurityConfigurer) throws Exception {
        authorizationServerSecurityConfigurer.allowFormAuthenticationForClients();
        authorizationServerSecurityConfigurer.tokenKeyAccess("permitAll()");
        authorizationServerSecurityConfigurer.checkTokenAccess("isAuthenticated()");
    }

    @Override // org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
    public void configure(ClientDetailsServiceConfigurer clientDetailsServiceConfigurer) throws Exception {
        clientDetailsServiceConfigurer.inMemory().withClient(OAuth2Constants.CLIENT_APP_ID).secret(OAuth2Constants.CLIENT_APP_SECRET).authorizedGrantTypes("password", OAuth2AccessToken.REFRESH_TOKEN).authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT").scopes("read", "write", "trust").accessTokenValiditySeconds(this.securityProperties.getAppTokenExpired()).and().withClient(OAuth2Constants.CLIENT_OTS_ID).secret(OAuth2Constants.CLIENT_OTS_SECRET).authorizedGrantTypes("password", OAuth2AccessToken.REFRESH_TOKEN).authorities("ROLE_CLIENT", "ROLE_TRUSTED_CLIENT").scopes("read", "write", "trust").accessTokenValiditySeconds(this.securityProperties.getOtsTokenExpired());
    }

    @Override // org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurer
    public void configure(AuthorizationServerEndpointsConfigurer authorizationServerEndpointsConfigurer) throws Exception {
        authorizationServerEndpointsConfigurer.tokenStore(tokenStore()).authenticationManager(this.authenticationManager);
    }

    @Bean
    public TokenStore tokenStore() {
        return new RedisTokenStore(this.redisTemplate.getConnectionFactory());
    }

    @Bean
    public ApprovalStore approvalStore(TokenStore tokenStore) throws Exception {
        TokenApprovalStore tokenApprovalStore = new TokenApprovalStore();
        tokenApprovalStore.setTokenStore(tokenStore);
        return tokenApprovalStore;
    }

    @Bean
    public UserApprovalHandler userApprovalHandler(ApprovalStore approvalStore, ClientDetailsService clientDetailsService) {
        UserApprovalHandlerExt userApprovalHandlerExt = new UserApprovalHandlerExt();
        userApprovalHandlerExt.setApprovalStore(approvalStore);
        userApprovalHandlerExt.setRequestFactory(new DefaultOAuth2RequestFactory(clientDetailsService));
        userApprovalHandlerExt.setClientDetailsService(clientDetailsService);
        userApprovalHandlerExt.setUseApprovalStore(true);
        return userApprovalHandlerExt;
    }
}
