package cn.nxtools.jwt.autoconfigure;

import cn.nxtools.common.StringUtil;
import cn.nxtools.common.base.Preconditions;
import cn.nxtools.jwt.JwtUtil;
import cn.nxtools.jwt.config.AuthenticationAccessDeniedHandler;
import cn.nxtools.jwt.config.JwtAuthenticationEntryPoint;
import cn.nxtools.jwt.config.JwtAuthenticationTokenFilter;
import cn.nxtools.jwt.config.JwtSecretKey;
import cn.nxtools.jwt.config.WebSecurityConfig;
import cn.nxtools.jwt.service.CustomUserDetailService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@EnableConfigurationProperties({JwtServerProperties.class, SecurityServerProperties.class})
@Configuration
@ConditionalOnProperty(name = {"nxtools.jwt.enabled"}, matchIfMissing = true)
@EnableGlobalMethodSecurity(prePostEnabled = true)
/* loaded from: input_file:cn/nxtools/jwt/autoconfigure/JwtAutoConfiguration.class */
public class JwtAutoConfiguration {

    @Autowired
    private JwtServerProperties jwtServerProperties;

    @Autowired(required = false)
    private JwtSecretKey jwtSecretKey;

    @Bean
    public JwtAuthenticationEntryPoint jwtAuthenticationEntryPoint() {
        return new JwtAuthenticationEntryPoint();
    }

    @Bean
    public JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter() {
        return new JwtAuthenticationTokenFilter();
    }

    @Bean
    public WebSecurityConfig webSecurityConfig() {
        return new WebSecurityConfig();
    }

    @Bean
    public JwtUtil jwtUtil() {
        if (this.jwtServerProperties.getSignatureAlgorithm().isHmac()) {
            Preconditions.checkState(StringUtil.isNotEmpty(this.jwtServerProperties.getSecret()) && this.jwtServerProperties.getSecret().length() >= 4, String.format("使用%s签名,需配置[nxtools.jwt.secret]不能为空或长度小于4", this.jwtServerProperties.getSignatureAlgorithm()));
        } else if (!this.jwtServerProperties.getSignatureAlgorithm().isNone()) {
            Preconditions.checkState(this.jwtSecretKey != null, String.format("使用%s签名,需配置公私钥。实现JwtSecretKey接口并注入容器中", this.jwtServerProperties.getSignatureAlgorithm()));
        }
        return new JwtUtil();
    }

    @Bean
    public CustomUserDetailService customUserDetailService() {
        return new CustomUserDetailService();
    }

    @ConditionalOnMissingBean
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public AuthenticationAccessDeniedHandler authenticationAccessDeniedHandler() {
        return new AuthenticationAccessDeniedHandler();
    }
}
