package com.bm.springboot.oidc;

import com.bm.springboot.oidc.annotation.EnableOpenIDConnectServer;
import javax.servlet.Filter;
import org.mitre.jwt.assertion.AssertionValidator;
import org.mitre.jwt.assertion.impl.NullAssertionValidator;
import org.mitre.jwt.assertion.impl.WhitelistedIssuerAssertionValidator;
import org.mitre.jwt.signer.service.impl.ClientKeyCacheService;
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
import org.mitre.jwt.signer.service.impl.SymmetricKeyJWTValidatorCacheService;
import org.mitre.oauth2.assertion.AssertionOAuth2RequestFactory;
import org.mitre.oauth2.assertion.impl.DirectCopyRequestFactory;
import org.mitre.oauth2.repository.AuthenticationHolderRepository;
import org.mitre.oauth2.repository.AuthorizationCodeRepository;
import org.mitre.oauth2.repository.OAuth2ClientRepository;
import org.mitre.oauth2.repository.OAuth2TokenRepository;
import org.mitre.oauth2.repository.SystemScopeRepository;
import org.mitre.oauth2.repository.impl.JpaAuthenticationHolderRepository;
import org.mitre.oauth2.repository.impl.JpaAuthorizationCodeRepository;
import org.mitre.oauth2.repository.impl.JpaOAuth2ClientRepository;
import org.mitre.oauth2.repository.impl.JpaOAuth2TokenRepository;
import org.mitre.oauth2.repository.impl.JpaSystemScopeRepository;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.IntrospectionResultAssembler;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.mitre.oauth2.service.SystemScopeService;
import org.mitre.oauth2.service.impl.BlacklistAwareRedirectResolver;
import org.mitre.oauth2.service.impl.DefaultClientUserDetailsService;
import org.mitre.oauth2.service.impl.DefaultIntrospectionResultAssembler;
import org.mitre.oauth2.service.impl.DefaultOAuth2AuthorizationCodeService;
import org.mitre.oauth2.service.impl.DefaultOAuth2ClientDetailsEntityService;
import org.mitre.oauth2.service.impl.DefaultOAuth2ProviderTokenService;
import org.mitre.oauth2.service.impl.DefaultSystemScopeService;
import org.mitre.oauth2.service.impl.UriEncodedClientUserDetailsService;
import org.mitre.oauth2.token.ChainedTokenGranter;
import org.mitre.oauth2.token.JWTAssertionTokenGranter;
import org.mitre.oauth2.token.ScopeServiceAwareOAuth2RequestValidator;
import org.mitre.oauth2.web.CorsFilter;
import org.mitre.oauth2.web.OAuthConfirmationController;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.openid.connect.filter.AuthorizationRequestFilter;
import org.mitre.openid.connect.repository.AddressRepository;
import org.mitre.openid.connect.repository.ApprovedSiteRepository;
import org.mitre.openid.connect.repository.BlacklistedSiteRepository;
import org.mitre.openid.connect.repository.PairwiseIdentifierRepository;
import org.mitre.openid.connect.repository.UserInfoRepository;
import org.mitre.openid.connect.repository.WhitelistedSiteRepository;
import org.mitre.openid.connect.repository.impl.JpaAddressRepository;
import org.mitre.openid.connect.repository.impl.JpaApprovedSiteRepository;
import org.mitre.openid.connect.repository.impl.JpaBlacklistedSiteRepository;
import org.mitre.openid.connect.repository.impl.JpaPairwiseIdentifierRepository;
import org.mitre.openid.connect.repository.impl.JpaUserInfoRepository;
import org.mitre.openid.connect.repository.impl.JpaWhitelistedSiteRepository;
import org.mitre.openid.connect.request.ConnectOAuth2RequestFactory;
import org.mitre.openid.connect.service.ApprovedSiteService;
import org.mitre.openid.connect.service.BlacklistedSiteService;
import org.mitre.openid.connect.service.ClientLogoLoadingService;
import org.mitre.openid.connect.service.OIDCTokenService;
import org.mitre.openid.connect.service.PairwiseIdentiferService;
import org.mitre.openid.connect.service.ScopeClaimTranslationService;
import org.mitre.openid.connect.service.StatsService;
import org.mitre.openid.connect.service.UserInfoService;
import org.mitre.openid.connect.service.WhitelistedSiteService;
import org.mitre.openid.connect.service.impl.DefaultApprovedSiteService;
import org.mitre.openid.connect.service.impl.DefaultBlacklistedSiteService;
import org.mitre.openid.connect.service.impl.DefaultOIDCTokenService;
import org.mitre.openid.connect.service.impl.DefaultScopeClaimTranslationService;
import org.mitre.openid.connect.service.impl.DefaultStatsService;
import org.mitre.openid.connect.service.impl.DefaultUserInfoService;
import org.mitre.openid.connect.service.impl.DefaultWhitelistedSiteService;
import org.mitre.openid.connect.service.impl.DummyResourceSetService;
import org.mitre.openid.connect.service.impl.InMemoryClientLogoLoadingService;
import org.mitre.openid.connect.service.impl.UUIDPairwiseIdentiferService;
import org.mitre.openid.connect.token.ConnectTokenEnhancer;
import org.mitre.openid.connect.token.TofuUserApprovalHandler;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonEntityView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.mitre.openid.connect.web.AuthenticationTimeStamper;
import org.mitre.uma.service.ResourceSetService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.Primary;
import org.springframework.core.annotation.Order;
import org.springframework.security.access.expression.method.MethodSecurityExpressionHandler;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.method.configuration.GlobalMethodSecurityConfiguration;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.security.oauth2.provider.OAuth2RequestValidator;
import org.springframework.security.oauth2.provider.TokenGranter;
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator;
import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
import org.springframework.security.oauth2.provider.expression.OAuth2MethodSecurityExpressionHandler;
import org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.web.authentication.Http403ForbiddenEntryPoint;
import org.springframework.web.servlet.view.BeanNameViewResolver;

@EnableConfigurationProperties
@EnableWebSecurity
@ComponentScan(basePackages = {"com.bm.springboot.oidc"})
@EnableGlobalMethodSecurity(prePostEnabled = true, proxyTargetClass = true, securedEnabled = true)
@ConditionalOnClass({EnableOpenIDConnectServer.class})
@Configuration
@EnableAuthorizationServer
@EnableResourceServer
@Order(10)
/* loaded from: input_file:com/bm/springboot/oidc/OpenIDConnectServerConfig.class */
public class OpenIDConnectServerConfig extends GlobalMethodSecurityConfiguration {

    @Configuration
    @Import({ClientKeyCacheService.class, JWKSetCacheService.class, SymmetricKeyJWTValidatorCacheService.class})
    /* loaded from: input_file:com/bm/springboot/oidc/OpenIDConnectServerConfig$JwtSignerServiceConfiguration.class */
    public static class JwtSignerServiceConfiguration {
    }

    @Configuration
    @Import({OAuthConfirmationController.class})
    /* loaded from: input_file:com/bm/springboot/oidc/OpenIDConnectServerConfig$OAuthConfirmationControllerConfiguration.class */
    public static class OAuthConfirmationControllerConfiguration {
    }

    @Configuration
    @Import({HttpCodeView.class, JsonEntityView.class, JsonErrorView.class})
    /* loaded from: input_file:com/bm/springboot/oidc/OpenIDConnectServerConfig$OpenIDConnectCommonViewConfiguration.class */
    public static class OpenIDConnectCommonViewConfiguration {
    }

    @Configuration
    @Import({AuthenticationTimeStamper.class})
    /* loaded from: input_file:com/bm/springboot/oidc/OpenIDConnectServerConfig$WebEndpointConfiguration.class */
    public static class WebEndpointConfiguration {
    }

    protected MethodSecurityExpressionHandler createExpressionHandler() {
        return new OAuth2MethodSecurityExpressionHandler();
    }

    @ConfigurationProperties(prefix = "openid.connect.server")
    @ConditionalOnMissingBean({ConfigurationPropertiesBean.class})
    @Bean(name = {"config"})
    public ConfigurationPropertiesBean configurationPropertiesBean() {
        return new ConfigurationPropertiesBean();
    }

    @Bean
    public Http403ForbiddenEntryPoint http403ForbiddenEntryPoint() {
        return new Http403ForbiddenEntryPoint();
    }

    @Bean
    public WebResponseExceptionTranslator defaultWebResponseExceptionTranslator() {
        return new DefaultWebResponseExceptionTranslator();
    }

    @Bean
    public OAuth2AuthenticationEntryPoint oauth2AuthenticationEntryPoint() {
        OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
        oAuth2AuthenticationEntryPoint.setRealmName("openidconnect");
        return oAuth2AuthenticationEntryPoint;
    }

    @Bean
    public OAuth2WebSecurityExpressionHandler oauthWebExpressionHandler() {
        return new OAuth2WebSecurityExpressionHandler();
    }

    @Bean
    public BeanNameViewResolver beanViewResolver() {
        BeanNameViewResolver beanNameViewResolver = new BeanNameViewResolver();
        beanNameViewResolver.setOrder(0);
        return beanNameViewResolver;
    }

    @ConditionalOnMissingBean({OAuth2AccessDeniedHandler.class})
    @Bean
    protected OAuth2AccessDeniedHandler oAuth2AccessDeniedHandler() {
        return new OAuth2AccessDeniedHandler();
    }

    @ConditionalOnMissingBean({AuthenticationHolderRepository.class})
    @Bean
    public AuthenticationHolderRepository jpaAuthenticationHolderRepository() {
        return new JpaAuthenticationHolderRepository();
    }

    @ConditionalOnMissingBean({AuthorizationCodeRepository.class})
    @Bean
    public AuthorizationCodeRepository jpaAuthorizationCodeRepository() {
        return new JpaAuthorizationCodeRepository();
    }

    @ConditionalOnMissingBean({OAuth2ClientRepository.class})
    @Bean
    public OAuth2ClientRepository jpaOAuth2ClientRepository() {
        return new JpaOAuth2ClientRepository();
    }

    @ConditionalOnMissingBean({OAuth2TokenRepository.class})
    @Bean
    public OAuth2TokenRepository jpaOAuth2TokenRepository() {
        return new JpaOAuth2TokenRepository();
    }

    @ConditionalOnMissingBean({SystemScopeRepository.class})
    @Bean
    public SystemScopeRepository jpaSystemScopeRepository() {
        return new JpaSystemScopeRepository();
    }

    @ConditionalOnMissingBean({BlacklistAwareRedirectResolver.class})
    @Bean
    public BlacklistAwareRedirectResolver blacklistAwareRedirectResolver() {
        return new BlacklistAwareRedirectResolver();
    }

    @ConditionalOnMissingBean({IntrospectionResultAssembler.class})
    @Bean
    public IntrospectionResultAssembler defaultIntrospectionResultAssembler() {
        return new DefaultIntrospectionResultAssembler();
    }

    @ConditionalOnMissingBean({AuthorizationCodeServices.class})
    @Bean
    public AuthorizationCodeServices defaultOAuth2AuthorizationCodeService() {
        return new DefaultOAuth2AuthorizationCodeService();
    }

    @ConditionalOnMissingBean({ClientDetailsEntityService.class})
    @Bean
    public ClientDetailsEntityService defaultOAuth2ClientDetailsEntityService() {
        return new DefaultOAuth2ClientDetailsEntityService();
    }

    @ConditionalOnMissingBean({OAuth2TokenEntityService.class})
    @Bean
    @Primary
    public OAuth2TokenEntityService defaultOAuth2ProviderTokenService() {
        return new DefaultOAuth2ProviderTokenService();
    }

    @ConditionalOnMissingBean({SystemScopeService.class})
    @Bean
    public SystemScopeService defaultSystemScopeService() {
        return new DefaultSystemScopeService();
    }

    @ConditionalOnMissingBean(name = {"clientUserDetailsService"})
    @Bean
    public UserDetailsService clientUserDetailsService() {
        return new DefaultClientUserDetailsService();
    }

    @ConditionalOnMissingBean(name = {"uriEncodedClientUserDetailsService"})
    @Bean
    public UserDetailsService uriEncodedClientUserDetailsService() {
        return new UriEncodedClientUserDetailsService();
    }

    @ConditionalOnMissingBean(name = {"clientLogoLoadingService"})
    @Bean
    public ClientLogoLoadingService clientLogoLoadingService() {
        return new InMemoryClientLogoLoadingService();
    }

    @ConditionalOnMissingBean(name = {"chainedTokenGranter"})
    @Bean
    public TokenGranter chainedTokenGranter(OAuth2TokenEntityService oAuth2TokenEntityService, ClientDetailsEntityService clientDetailsEntityService, OAuth2RequestFactory oAuth2RequestFactory) {
        return new ChainedTokenGranter(oAuth2TokenEntityService, clientDetailsEntityService, oAuth2RequestFactory);
    }

    @ConditionalOnMissingBean(name = {"jwtAssertionValidator"})
    @Bean
    public AssertionValidator jwtAssertionValidator() {
        return new NullAssertionValidator();
    }

    @ConditionalOnMissingBean(name = {"jwtAssertionTokenFactory"})
    @Bean
    public AssertionOAuth2RequestFactory jwtAssertionTokenFactory() {
        return new DirectCopyRequestFactory();
    }

    @ConditionalOnMissingBean(name = {"clientAssertionValidator"})
    @ConfigurationProperties(prefix = "openid.connect.endpoints.assertion.issuer")
    @Bean
    public AssertionValidator clientAssertionValidator() {
        return new WhitelistedIssuerAssertionValidator();
    }

    @ConditionalOnMissingBean(name = {"jwtAssertionTokenGranter"})
    @Autowired
    @Bean
    public TokenGranter jwtAssertionTokenGranter(OAuth2TokenEntityService oAuth2TokenEntityService, ClientDetailsEntityService clientDetailsEntityService, OAuth2RequestFactory oAuth2RequestFactory) {
        return new JWTAssertionTokenGranter(oAuth2TokenEntityService, clientDetailsEntityService, oAuth2RequestFactory);
    }

    @ConditionalOnMissingBean({OAuth2RequestValidator.class})
    @Bean
    protected OAuth2RequestValidator requestValidator() {
        return new ScopeServiceAwareOAuth2RequestValidator();
    }

    @ConditionalOnMissingBean(name = {"corsFilter"})
    @Bean
    public Filter corsFilter() {
        return new CorsFilter();
    }

    @ConditionalOnMissingBean(name = {"authRequestFilter"})
    @Bean
    public Filter authRequestFilter() {
        return new AuthorizationRequestFilter();
    }

    @ConditionalOnMissingBean({AddressRepository.class})
    @Bean
    public AddressRepository jpaAddressRepository() {
        return new JpaAddressRepository();
    }

    @ConditionalOnMissingBean({ApprovedSiteRepository.class})
    @Bean
    public ApprovedSiteRepository jpaApprovedSiteRepository() {
        return new JpaApprovedSiteRepository();
    }

    @ConditionalOnMissingBean({BlacklistedSiteRepository.class})
    @Bean
    public BlacklistedSiteRepository jpaBlacklistedSiteRepository() {
        return new JpaBlacklistedSiteRepository();
    }

    @ConditionalOnMissingBean({PairwiseIdentifierRepository.class})
    @Bean
    public PairwiseIdentifierRepository jpaPairwiseIdentifierRepository() {
        return new JpaPairwiseIdentifierRepository();
    }

    @ConditionalOnMissingBean({UserInfoRepository.class})
    @Bean
    public UserInfoRepository jpaUserInfoRepository() {
        return new JpaUserInfoRepository();
    }

    @ConditionalOnMissingBean({WhitelistedSiteRepository.class})
    @Bean
    public WhitelistedSiteRepository jpaWhitelistedSiteRepository() {
        return new JpaWhitelistedSiteRepository();
    }

    @ConditionalOnMissingBean(name = {"connectOAuth2RequestFactory"})
    @Autowired
    @Bean
    public OAuth2RequestFactory connectOAuth2RequestFactory(ClientDetailsEntityService clientDetailsEntityService) {
        return new ConnectOAuth2RequestFactory(clientDetailsEntityService);
    }

    @ConditionalOnMissingBean({ApprovedSiteService.class})
    @Bean
    public ApprovedSiteService defaultApprovedSiteService() {
        return new DefaultApprovedSiteService();
    }

    @ConditionalOnMissingBean({BlacklistedSiteService.class})
    @Bean
    public BlacklistedSiteService defaultBlacklistedSiteService() {
        return new DefaultBlacklistedSiteService();
    }

    @ConditionalOnMissingBean({OIDCTokenService.class})
    @Bean
    public OIDCTokenService defaultOIDCTokenService() {
        return new DefaultOIDCTokenService();
    }

    @ConditionalOnMissingBean({ScopeClaimTranslationService.class})
    @Bean
    public ScopeClaimTranslationService scopeClaimTranslator() {
        return new DefaultScopeClaimTranslationService();
    }

    @ConditionalOnMissingBean({StatsService.class})
    @Bean
    public StatsService defaultStatsService() {
        return new DefaultStatsService();
    }

    @ConditionalOnMissingBean({UserInfoService.class})
    @Bean
    public UserInfoService defaultUserInfoService() {
        return new DefaultUserInfoService();
    }

    @ConditionalOnMissingBean({WhitelistedSiteService.class})
    @Bean
    public WhitelistedSiteService defaultWhitelistedSiteService() {
        return new DefaultWhitelistedSiteService();
    }

    @ConditionalOnMissingBean({ResourceSetService.class})
    @Bean
    public ResourceSetService dummyResourceSetService() {
        return new DummyResourceSetService();
    }

    @ConditionalOnMissingBean({PairwiseIdentiferService.class})
    @Bean
    public PairwiseIdentiferService uuidPairwiseIdentiferService() {
        return new UUIDPairwiseIdentiferService();
    }

    @ConditionalOnMissingBean({TokenEnhancer.class})
    @Bean
    public TokenEnhancer connectTokenEnhancer() {
        return new ConnectTokenEnhancer();
    }

    @ConditionalOnMissingBean({UserApprovalHandler.class})
    @Bean
    public UserApprovalHandler tofuUserApprovalHandler() {
        return new TofuUserApprovalHandler();
    }
}
