package tech.riemann.etp.starter.auth;

import com.nimbusds.jose.jwk.JWK;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.nutz.lang.Files;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import tech.riemann.etp.auth.aop.TokenAuthInterceptor;
import tech.riemann.etp.auth.encode.PasswordMatcher;
import tech.riemann.etp.auth.jwt.JWTDecoder;
import tech.riemann.etp.auth.jwt.JWTEncoder;
import tech.riemann.etp.auth.jwt.Jwks;
import tech.riemann.etp.auth.service.AuthService;
import tech.riemann.etp.auth.service.UserDetailService;
import tech.riemann.etp.auth.service.impl.DefaultAuthService;
import tech.riemann.etp.starter.oidc.OpenIDConnectAutoConfiguration;

@EnableConfigurationProperties({AuthAutoConfigurationPeroperties.class})
@AutoConfiguration
@AutoConfigureAfter({OpenIDConnectAutoConfiguration.class})
/* loaded from: input_file:tech/riemann/etp/starter/auth/AuthAutoConfiguration.class */
public class AuthAutoConfiguration {
    @ConditionalOnBean({AuthService.class})
    @Bean
    TokenAuthInterceptor tokenAuthInterceptor(AuthService authService, AuthAutoConfigurationPeroperties authAutoConfigurationPeroperties) {
        return new TokenAuthInterceptor(authService, authAutoConfigurationPeroperties.getWithoutAuthenticationUrlRegulars());
    }

    @ConditionalOnMissingBean
    @Bean
    PasswordMatcher passwordMatcher() {
        return new PasswordMatcher() { // from class: tech.riemann.etp.starter.auth.AuthAutoConfiguration.1
        };
    }

    @Bean
    JWK jwk(AuthAutoConfigurationPeroperties authAutoConfigurationPeroperties) {
        if (Files.findFile(authAutoConfigurationPeroperties.getJwt().getKeyStorePath()) == null) {
            Jwks.gen(authAutoConfigurationPeroperties.getJwt().getKeyStorePath(), authAutoConfigurationPeroperties.getJwt().getAlgorithm().getJwsAlgorithm(), authAutoConfigurationPeroperties.getJwt().getKeyLenght(), authAutoConfigurationPeroperties.getJwt().getCurve().getOrigin(), authAutoConfigurationPeroperties.getJwt().getKeyID());
        }
        return Jwks.load(authAutoConfigurationPeroperties.getJwt().getKeyStorePath(), authAutoConfigurationPeroperties.getJwt().getKeyID());
    }

    @ConditionalOnMissingBean
    @Bean
    JWTEncoder jwtEncoder(AuthAutoConfigurationPeroperties authAutoConfigurationPeroperties, JWK jwk) {
        return JWTEncoder.builder().algorithm(authAutoConfigurationPeroperties.getJwt().getAlgorithm().getJwsAlgorithm()).unit(authAutoConfigurationPeroperties.getJwt().getUnit()).term(authAutoConfigurationPeroperties.getJwt().getTerm()).issuer(authAutoConfigurationPeroperties.getJwt().getIssuer()).jwk(jwk).keyId(authAutoConfigurationPeroperties.getJwt().getKeyID()).build();
    }

    @ConditionalOnMissingBean
    @Bean
    JWTDecoder jwtDecoder(AuthAutoConfigurationPeroperties authAutoConfigurationPeroperties, JWK jwk) {
        return JWTDecoder.builder().jwk(jwk).keyId(authAutoConfigurationPeroperties.getJwt().getKeyID()).build();
    }

    @ConditionalOnMissingBean
    @ConditionalOnBean({UserDetailService.class})
    @Bean
    AuthService authService(UserDetailService userDetailService, JWTEncoder jWTEncoder, JWTDecoder jWTDecoder, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return new DefaultAuthService(jWTEncoder, jWTDecoder, userDetailService, httpServletRequest, httpServletResponse);
    }
}
