package com.bm.springboot.oidc;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWEAlgorithm;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import org.mitre.jose.keystore.JWKSetKeyStore;
import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService;
import org.mitre.jwt.encryption.service.impl.DefaultJWTEncryptionAndDecryptionService;
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
import org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
import org.springframework.security.crypto.password.StandardPasswordEncoder;
import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;

@Configuration
/* loaded from: input_file:com/bm/springboot/oidc/CryptoConfig.class */
public class CryptoConfig {

    /* loaded from: input_file:com/bm/springboot/oidc/CryptoConfig$BCryptPasswordEncoderConfig.class */
    public static class BCryptPasswordEncoderConfig {
        private int strength = -1;

        public int getStrength() {
            return this.strength;
        }

        public void setStrength(int i) {
            this.strength = i;
        }
    }

    /* loaded from: input_file:com/bm/springboot/oidc/CryptoConfig$PasswordEncoderTypeConfig.class */
    public static class PasswordEncoderTypeConfig {
        private final BCryptPasswordEncoderConfig bcrypt = new BCryptPasswordEncoderConfig();
        private final SCryptPasswordEncoderConfig scrypt = new SCryptPasswordEncoderConfig();
        private final StandardPasswordEncoderConfig standard = new StandardPasswordEncoderConfig();
        private final Pbkdf2PasswordEncoderConfig pbkdf2 = new Pbkdf2PasswordEncoderConfig();

        public BCryptPasswordEncoderConfig getBcrypt() {
            return this.bcrypt;
        }

        public SCryptPasswordEncoderConfig getSCrypt() {
            return this.scrypt;
        }

        public StandardPasswordEncoderConfig getStandard() {
            return this.standard;
        }

        public Pbkdf2PasswordEncoderConfig getPbkdf2() {
            return this.pbkdf2;
        }
    }

    /* loaded from: input_file:com/bm/springboot/oidc/CryptoConfig$Pbkdf2PasswordEncoderConfig.class */
    public static class Pbkdf2PasswordEncoderConfig {
        private String secret = "";

        public String getSecret() {
            return this.secret;
        }

        public void setSecret(String str) {
            this.secret = str;
        }
    }

    /* loaded from: input_file:com/bm/springboot/oidc/CryptoConfig$SCryptPasswordEncoderConfig.class */
    public static class SCryptPasswordEncoderConfig {
        private int cpuCost = 16384;
        private int memoryCost = 8;
        private int parallelization = 1;
        private int keyLength = 32;
        private int saltLength = 64;

        public int getCpuCost() {
            return this.cpuCost;
        }

        public void setCpuCost(int i) {
            this.cpuCost = i;
        }

        public int getMemoryCost() {
            return this.memoryCost;
        }

        public void setMemoryCost(int i) {
            this.memoryCost = i;
        }

        public int getParallelization() {
            return this.parallelization;
        }

        public void setParallelization(int i) {
            this.parallelization = i;
        }

        public int getKeyLength() {
            return this.keyLength;
        }

        public void setKeyLength(int i) {
            this.keyLength = i;
        }

        public int getSaltLength() {
            return this.saltLength;
        }

        public void setSaltLength(int i) {
            this.saltLength = i;
        }
    }

    /* loaded from: input_file:com/bm/springboot/oidc/CryptoConfig$StandardPasswordEncoderConfig.class */
    public static class StandardPasswordEncoderConfig {
        private String secret = "";

        public String getSecret() {
            return this.secret;
        }

        public void setSecret(String str) {
            this.secret = str;
        }
    }

    @ConditionalOnMissingBean({JWKSetKeyStore.class})
    @Bean
    public JWKSetKeyStore defaultKeyStore(@Value("${openid.connect.crypto.keystore.path}") Resource resource) {
        JWKSetKeyStore jWKSetKeyStore = new JWKSetKeyStore();
        jWKSetKeyStore.setLocation(resource);
        return jWKSetKeyStore;
    }

    @ConditionalOnMissingBean({JWTSigningAndValidationService.class})
    @Bean
    public JWTSigningAndValidationService defaultJwtSigningAndValidationService(JWKSetKeyStore jWKSetKeyStore, @Value("${openid.connect.crypto.signing.defaultSignerKeyId}") String str, @Value("${openid.connect.crypto.signing.defaultSigningAlgorithmName}") String str2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        DefaultJWTSigningAndValidationService defaultJWTSigningAndValidationService = new DefaultJWTSigningAndValidationService(jWKSetKeyStore);
        defaultJWTSigningAndValidationService.setDefaultSignerKeyId(str);
        defaultJWTSigningAndValidationService.setDefaultSigningAlgorithmName(str2);
        return defaultJWTSigningAndValidationService;
    }

    @ConditionalOnMissingBean({JWTEncryptionAndDecryptionService.class})
    @Bean
    public JWTEncryptionAndDecryptionService defaultJwtEncryptionAndDecryptionService(JWKSetKeyStore jWKSetKeyStore, @Value("${openid.connect.crypto.encrypt.defaultAlgorithm}") JWEAlgorithm jWEAlgorithm, @Value("${openid.connect.crypto.encrypt.defaultDecryptionKeyId}") String str, @Value("${openid.connect.crypto.encrypt.defaultEncryptionKeyId}") String str2) throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
        DefaultJWTEncryptionAndDecryptionService defaultJWTEncryptionAndDecryptionService = new DefaultJWTEncryptionAndDecryptionService(jWKSetKeyStore);
        defaultJWTEncryptionAndDecryptionService.setDefaultAlgorithm(jWEAlgorithm);
        defaultJWTEncryptionAndDecryptionService.setDefaultDecryptionKeyId(str);
        defaultJWTEncryptionAndDecryptionService.setDefaultEncryptionKeyId(str2);
        return defaultJWTEncryptionAndDecryptionService;
    }

    @ConditionalOnProperty(prefix = "openid.connect.crypto.password-encoder.clients.bcrypt", name = {"enabled"})
    @Bean({"clientPasswordEncoder"})
    public PasswordEncoder clientBCryptPasswordEncoder(@Qualifier("clientPasswordEncoders") PasswordEncoderTypeConfig passwordEncoderTypeConfig) {
        return new BCryptPasswordEncoder(passwordEncoderTypeConfig.getBcrypt().getStrength());
    }

    @ConditionalOnProperty(prefix = "openid.connect.crypto.password-encoder.users.bcrypt", name = {"enabled"})
    @Bean({"userPasswordEncoder"})
    public PasswordEncoder userBCryptPasswordEncoder(@Qualifier("userPasswordEncoders") PasswordEncoderTypeConfig passwordEncoderTypeConfig) {
        return new BCryptPasswordEncoder(passwordEncoderTypeConfig.getBcrypt().getStrength());
    }

    @ConditionalOnProperty(prefix = "openid.connect.crypto.password-encoder.clients.scrypt", name = {"enabled"})
    @Bean({"clientPasswordEncoder"})
    public PasswordEncoder clientSCryptPasswordEncoder(@Qualifier("clientPasswordEncoders") PasswordEncoderTypeConfig passwordEncoderTypeConfig) {
        SCryptPasswordEncoderConfig sCrypt = passwordEncoderTypeConfig.getSCrypt();
        return new SCryptPasswordEncoder(sCrypt.getCpuCost(), sCrypt.getMemoryCost(), sCrypt.getParallelization(), sCrypt.getKeyLength(), sCrypt.getSaltLength());
    }

    @ConditionalOnProperty(prefix = "openid.connect.crypto.password-encoder.users.scrypt", name = {"enabled"})
    @Bean({"userPasswordEncoder"})
    public PasswordEncoder userSCryptPasswordEncoder(@Qualifier("userPasswordEncoders") PasswordEncoderTypeConfig passwordEncoderTypeConfig) {
        SCryptPasswordEncoderConfig sCrypt = passwordEncoderTypeConfig.getSCrypt();
        return new SCryptPasswordEncoder(sCrypt.getCpuCost(), sCrypt.getMemoryCost(), sCrypt.getParallelization(), sCrypt.getKeyLength(), sCrypt.getSaltLength());
    }

    @ConditionalOnProperty(prefix = "openid.connect.crypto.password-encoder.clients.standard", name = {"enabled"})
    @Bean({"clientPasswordEncoder"})
    public PasswordEncoder clientStandardPasswordEncoder(@Qualifier("clientPasswordEncoders") PasswordEncoderTypeConfig passwordEncoderTypeConfig) {
        return new StandardPasswordEncoder(passwordEncoderTypeConfig.getStandard().getSecret());
    }

    @ConditionalOnProperty(prefix = "openid.connect.crypto.password-encoder.users.standard", name = {"enabled"})
    @Bean({"userPasswordEncoder"})
    public PasswordEncoder userStandardPasswordEncoder(@Qualifier("userPasswordEncoders") PasswordEncoderTypeConfig passwordEncoderTypeConfig) {
        return new StandardPasswordEncoder(passwordEncoderTypeConfig.getStandard().getSecret());
    }

    @ConditionalOnProperty(prefix = "openid.connect.crypto.password-encoder.clients.pbkdf2", name = {"enabled"})
    @Bean({"clientPasswordEncoder"})
    public PasswordEncoder clientPbkdf2PasswordEncoder(@Qualifier("clientPasswordEncoders") PasswordEncoderTypeConfig passwordEncoderTypeConfig) {
        return new Pbkdf2PasswordEncoder(passwordEncoderTypeConfig.getPbkdf2().getSecret());
    }

    @ConditionalOnProperty(prefix = "openid.connect.crypto.password-encoder.users.pbkdf2", name = {"enabled"})
    @Bean({"userPasswordEncoder"})
    public PasswordEncoder userPbkdf2PasswordEncoder(@Qualifier("userPasswordEncoders") PasswordEncoderTypeConfig passwordEncoderTypeConfig) {
        return new Pbkdf2PasswordEncoder(passwordEncoderTypeConfig.getPbkdf2().getSecret());
    }

    @ConditionalOnMissingBean(name = {"userPasswordEncoder"})
    @Bean
    public PasswordEncoder userPasswordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }

    @ConditionalOnMissingBean(name = {"clientPasswordEncoder"})
    @Bean
    public PasswordEncoder clientPasswordEncoder() {
        return NoOpPasswordEncoder.getInstance();
    }

    @ConfigurationProperties(prefix = "openid.connect.crypto.password-encoder.users")
    @Bean
    public PasswordEncoderTypeConfig userPasswordEncoders() {
        return new PasswordEncoderTypeConfig();
    }

    @ConfigurationProperties(prefix = "openid.connect.crypto.password-encoder.clients")
    @Bean
    public PasswordEncoderTypeConfig clientPasswordEncoders() {
        return new PasswordEncoderTypeConfig();
    }
}
