package org.trustedanalytics.usermanagement.security.config;

import java.util.Map;
import org.cryptacular.util.PemUtil;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.security.oauth2.resource.ResourceServerProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.core.annotation.Order;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.util.StringUtils;
import org.springframework.web.client.ResourceAccessException;
import org.springframework.web.client.RestTemplate;
import org.trustedanalytics.usermanagement.security.ScopeAuthoritiesTokenConverter;

@Configuration
@Lazy
/* loaded from: input_file:org/trustedanalytics/usermanagement/security/config/SecurityConfig.class */
public class SecurityConfig {

    @Autowired
    private ResourceServerProperties resource;

    @Order(1)
    @Bean
    public ResourceServerTokenServices jwtTokenServices() {
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        return defaultTokenServices;
    }

    @Bean
    public TokenStore tokenStore() {
        return new JwtTokenStore(myjwtTokenEnhancer());
    }

    @Bean
    public JwtAccessTokenConverter myjwtTokenEnhancer() {
        JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
        DefaultAccessTokenConverter defaultAccessTokenConverter = new DefaultAccessTokenConverter();
        defaultAccessTokenConverter.setUserTokenConverter(new ScopeAuthoritiesTokenConverter());
        jwtAccessTokenConverter.setAccessTokenConverter(defaultAccessTokenConverter);
        String keyValue = this.resource.getJwt().getKeyValue();
        if (!StringUtils.hasText(keyValue)) {
            try {
                keyValue = (String) ((Map) new RestTemplate().getForObject(this.resource.getJwt().getKeyUri(), Map.class, new Object[0])).get("value");
            } catch (ResourceAccessException e) {
                throw new TokenFetchException("Failed to fetch token key from " + this.resource.getJwt().getKeyUri(), e);
            }
        } else if (StringUtils.hasText(keyValue) && !keyValue.startsWith(PemUtil.HEADER_BEGIN)) {
            jwtAccessTokenConverter.setSigningKey(keyValue);
        }
        jwtAccessTokenConverter.setVerifierKey(keyValue);
        return jwtAccessTokenConverter;
    }
}
