package org.activiti.cloud.services.common.security.config;

import org.activiti.cloud.services.common.security.jwt.JwtAccessTokenProvider;
import org.activiti.cloud.services.common.security.jwt.JwtUserInfoUriAuthenticationConverter;
import org.activiti.cloud.services.common.security.keycloak.KeycloakJwtGrantedAuthorityConverter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.jwt.Jwt;

@Configuration
/* loaded from: input_file:org/activiti/cloud/services/common/security/config/CommonJwtAuthenticationConverterConfiguration.class */
public class CommonJwtAuthenticationConverterConfiguration {
    private final OAuth2UserService oAuth2UserService = new DefaultOAuth2UserService();
    private final ClientRegistrationRepository clientRegistrationRepository;

    @Value("${keycloak.resource}")
    private String resource;

    @Value("${keycloak.use-resource-role-mappings:false}")
    private boolean useResourceRoleMapping;

    @Value("${activiti.cloud.services.oauth2.iam-name")
    private String iamName;

    @Autowired
    public CommonJwtAuthenticationConverterConfiguration(ClientRegistrationRepository clientRegistrationRepository) {
        this.clientRegistrationRepository = clientRegistrationRepository;
    }

    @ConditionalOnMissingBean
    @Bean
    public JwtAccessTokenProvider jwtAccessTokenProvider() {
        return new JwtAccessTokenProvider(this.resource, this.useResourceRoleMapping);
    }

    @Bean({"commonJwtAuthenticationConverter"})
    @Order(Integer.MIN_VALUE)
    public Converter<Jwt, AbstractAuthenticationToken> jwtAuthenticationConverter() {
        return new JwtUserInfoUriAuthenticationConverter(new KeycloakJwtGrantedAuthorityConverter(jwtAccessTokenProvider()), this.clientRegistrationRepository.findByRegistrationId(this.iamName), this.oAuth2UserService);
    }

    public void setIamName(String str) {
        this.iamName = str;
    }

    public void setResource(String str) {
        this.resource = str;
    }

    public void setUseResourceRoleMapping(boolean z) {
        this.useResourceRoleMapping = z;
    }
}
