package cn.herodotus.engine.oauth2.authorization.customizer;

import cn.herodotus.engine.assistant.core.enums.Target;
import cn.herodotus.engine.oauth2.authorization.converter.HerodotusJwtAuthenticationConverter;
import cn.herodotus.engine.oauth2.authorization.introspector.HerodotusOpaqueTokenIntrospector;
import cn.herodotus.engine.oauth2.core.properties.SecurityProperties;
import cn.herodotus.engine.oauth2.core.response.HerodotusAccessDeniedHandler;
import cn.herodotus.engine.oauth2.core.response.HerodotusAuthenticationEntryPoint;
import cn.herodotus.engine.web.core.properties.EndpointProperties;
import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.oauth2.server.resource.OAuth2ResourceServerConfigurer;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;
import org.springframework.util.Assert;

/* loaded from: input_file:cn/herodotus/engine/oauth2/authorization/customizer/HerodotusStrategyTokenConfigurer.class */
public class HerodotusStrategyTokenConfigurer {

    /* loaded from: input_file:cn/herodotus/engine/oauth2/authorization/customizer/HerodotusStrategyTokenConfigurer$Builder.class */
    public static class Builder {
        private JwtDecoder jwtDecoder;
        private SecurityProperties securityProperties;
        private OAuth2ResourceServerProperties resourceServerProperties;
        private EndpointProperties endpointProperties;
        private Target target = Target.REMOTE;
        private final OAuth2ResourceServerConfigurer<HttpSecurity> configurer;

        public Builder(OAuth2ResourceServerConfigurer<HttpSecurity> oAuth2ResourceServerConfigurer) {
            this.configurer = oAuth2ResourceServerConfigurer;
        }

        public Builder jwtDecoder(JwtDecoder jwtDecoder) {
            this.jwtDecoder = jwtDecoder;
            return this;
        }

        public Builder securityProperties(SecurityProperties securityProperties) {
            this.securityProperties = securityProperties;
            return this;
        }

        public Builder resourceServerProperties(OAuth2ResourceServerProperties oAuth2ResourceServerProperties) {
            this.resourceServerProperties = oAuth2ResourceServerProperties;
            return this;
        }

        public Builder endpointProperties(EndpointProperties endpointProperties) {
            this.endpointProperties = endpointProperties;
            return this;
        }

        public OAuth2ResourceServerConfigurer<HttpSecurity> build() {
            Assert.notNull(this.jwtDecoder, "jwtDecoder must be set");
            Assert.notNull(this.securityProperties, "securityProperties must be set");
            Assert.notNull(this.resourceServerProperties, "resourceServerProperties must be set");
            Assert.notNull(this.endpointProperties, "endpointProperties must be set");
            if (this.securityProperties.getValidate() == Target.REMOTE) {
                this.configurer.opaqueToken(opaqueTokenConfigurer -> {
                    opaqueTokenConfigurer.introspector(new HerodotusOpaqueTokenIntrospector(this.endpointProperties, this.resourceServerProperties));
                }).accessDeniedHandler(new HerodotusAccessDeniedHandler()).authenticationEntryPoint(new HerodotusAuthenticationEntryPoint());
            } else {
                this.configurer.jwt(jwtConfigurer -> {
                    jwtConfigurer.decoder(this.jwtDecoder).jwtAuthenticationConverter(new HerodotusJwtAuthenticationConverter());
                }).bearerTokenResolver(new DefaultBearerTokenResolver()).accessDeniedHandler(new HerodotusAccessDeniedHandler()).authenticationEntryPoint(new HerodotusAuthenticationEntryPoint());
            }
            return this.configurer;
        }
    }

    public static Builder from(OAuth2ResourceServerConfigurer<HttpSecurity> oAuth2ResourceServerConfigurer) {
        return new Builder(oAuth2ResourceServerConfigurer);
    }
}
