package de.otto.edison.oauth.configuration;

import de.otto.edison.oauth.KeyExchangeJwtAccessTokenConverter;
import javax.annotation.Resource;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

@EnableResourceServer
@Configuration
/* loaded from: input_file:de/otto/edison/oauth/configuration/ResourceServerConfiguration.class */
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    @Resource
    private KeyExchangeJwtAccessTokenConverter keyExchangeJwtAccessTokenConverter;

    @Value("${edison.oauth.jwt.audience}")
    private String audience;

    @Value("${edison.oauth.authorization.resource.patterns:/oauth2/**}")
    private String[] resourceServerUrlPatterns;

    public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) {
        resourceServerSecurityConfigurer.tokenServices(tokenServices()).resourceId(this.audience);
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.headers().disable().csrf().disable().authorizeRequests().antMatchers(this.resourceServerUrlPatterns)).authenticated();
    }

    private JwtAccessTokenConverter accessTokenConverter() {
        return this.keyExchangeJwtAccessTokenConverter;
    }

    private TokenStore tokenStore() {
        return new JwtTokenStore(accessTokenConverter());
    }

    private DefaultTokenServices tokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        return defaultTokenServices;
    }
}
