package com.homihq.db2rest.auth;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.homihq.db2rest.auth.apikey.ApiKeyAuthProvider;
import com.homihq.db2rest.auth.basic.BasicAuthProvider;
import com.homihq.db2rest.auth.common.AbstractAuthProvider;
import com.homihq.db2rest.auth.common.AuthDataProvider;
import com.homihq.db2rest.auth.data.ApiAuthDataProvider;
import com.homihq.db2rest.auth.data.AuthDataProperties;
import com.homihq.db2rest.auth.data.FileAuthDataProvider;
import com.homihq.db2rest.auth.data.NoAuthdataProvider;
import com.homihq.db2rest.auth.jwt.JwtAuthProvider;
import com.homihq.db2rest.auth.jwt.JwtProperties;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.jwk.source.ImmutableSecret;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.jwk.source.JWKSourceBuilder;
import com.nimbusds.jose.proc.DefaultJOSEObjectTypeVerifier;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import java.net.MalformedURLException;
import java.net.URL;
import lombok.Generated;
import org.apache.tomcat.websocket.BasicAuthenticator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.AntPathMatcher;

@Configuration
@ConditionalOnProperty(prefix = "db2rest.auth", name = {"enabled"}, havingValue = "true")
/* loaded from: input_file:BOOT-INF/lib/auth-1.6.0.jar:com/homihq/db2rest/auth/AuthConfiguration.class */
public class AuthConfiguration {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AuthConfiguration.class);

    @Bean({"authAntPathMatcher"})
    public AntPathMatcher authAntPathMatcher() {
        return new AntPathMatcher();
    }

    @Bean
    public AuthFilter authFilter(AbstractAuthProvider abstractAuthProvider, ObjectMapper objectMapper) {
        log.info("** Auth enabled. Initializing auth components.");
        return new AuthFilter(abstractAuthProvider, objectMapper);
    }

    @ConditionalOnProperty(prefix = "db2rest.auth", name = {"provider"}, havingValue = "apiKey")
    @Bean
    public AbstractAuthProvider apiKeyAuthProvider(AuthDataProperties authDataProperties) {
        return new ApiKeyAuthProvider(authDataProvider(authDataProperties), authAntPathMatcher());
    }

    @ConditionalOnProperty(prefix = "db2rest.auth", name = {"provider"}, havingValue = BasicAuthenticator.schemeName)
    @Bean
    public AbstractAuthProvider basicAuthProvider(AuthDataProperties authDataProperties) {
        return new BasicAuthProvider(authDataProvider(authDataProperties), authAntPathMatcher());
    }

    @ConditionalOnProperty(prefix = "db2rest.auth", name = {"provider"}, havingValue = "jwt")
    @Bean
    public AbstractAuthProvider jwtAuthProvider(ConfigurableJWTProcessor<SecurityContext> configurableJWTProcessor, AuthDataProperties authDataProperties) {
        return new JwtAuthProvider(authDataProvider(authDataProperties), authAntPathMatcher(), configurableJWTProcessor);
    }

    @ConditionalOnProperty(prefix = "db2rest.auth", name = {"provider"}, havingValue = "jwt")
    @Bean
    public ConfigurableJWTProcessor<SecurityContext> jwtProcessor(JwtProperties jwtProperties) throws MalformedURLException {
        JWKSource immutableSecret = jwtProperties.getKey() != null ? new ImmutableSecret(jwtProperties.getKey()) : JWKSourceBuilder.create(new URL(jwtProperties.getJwksUrl())).retrying(true).build();
        DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
        defaultJWTProcessor.setJWSTypeVerifier(new DefaultJOSEObjectTypeVerifier(new JOSEObjectType("at+jwt")));
        defaultJWTProcessor.setJWSKeySelector(new JWSVerificationKeySelector(jwtProperties.getAlgorithm(), immutableSecret));
        return defaultJWTProcessor;
    }

    @Bean
    public AuthDataProvider authDataProvider(AuthDataProperties authDataProperties) {
        if (authDataProperties.isFileProvider()) {
            log.info("Initializing file auth data provider");
            return new FileAuthDataProvider(authDataProperties.getSource());
        }
        if (authDataProperties.isApiDataProvider()) {
            log.info("Initializing API auth data provider");
            return new ApiAuthDataProvider(authDataProperties.getApiEndpoint(), authDataProperties.getApiKey());
        }
        log.info("No auth data provider");
        return new NoAuthdataProvider();
    }

    @Generated
    public AuthConfiguration() {
    }
}
