package org.activiti.cloud.services.common.security.keycloak.config;

import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.Scopes;
import java.util.function.Function;
import org.activiti.cloud.common.swagger.springdoc.conf.SwaggerAutoConfiguration;
import org.activiti.cloud.services.common.security.jwt.JwtAccessTokenProvider;
import org.activiti.cloud.services.common.security.jwt.JwtAdapter;
import org.activiti.cloud.services.common.security.keycloak.KeycloakJwtAdapter;
import org.activiti.cloud.services.common.security.keycloak.KeycloakResourceJwtAdapter;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.PropertySource;
import org.springframework.security.oauth2.jwt.Jwt;

@AutoConfigureBefore({SwaggerAutoConfiguration.class})
@AutoConfiguration
@ConditionalOnProperty(value = {"activiti.cloud.services.oauth2.iam-name"}, havingValue = "keycloak", matchIfMissing = true)
@PropertySource({"classpath:keycloak-configuration.properties"})
/* loaded from: input_file:org/activiti/cloud/services/common/security/keycloak/config/KeycloakSecurityConfiguration.class */
public class KeycloakSecurityConfiguration {
    @ConditionalOnProperty(name = {"keycloak.use-resource-role-mappings"}, havingValue = "false", matchIfMissing = true)
    @Bean
    public Function<Jwt, JwtAdapter> jwtGlobalAdapter() {
        return jwt -> {
            return new KeycloakJwtAdapter(jwt);
        };
    }

    @ConditionalOnProperty(name = {"keycloak.use-resource-role-mappings"}, havingValue = "true")
    @Bean
    public Function<Jwt, JwtAdapter> jwtResourceResourceAdapter(@Value("${keycloak.resource}") String str) {
        return jwt -> {
            return new KeycloakResourceJwtAdapter(str, jwt);
        };
    }

    @ConditionalOnMissingBean
    @Bean
    public JwtAccessTokenProvider jwtAccessTokenProvider(Function<Jwt, JwtAdapter> function) {
        return new JwtAccessTokenProvider(function);
    }

    @ConditionalOnMissingBean
    @Bean
    public OAuthFlow swaggerOAuthFlow(@Value("${keycloak.auth-server-url}") String str, @Value("${keycloak.realm}") String str2) {
        return new OAuthFlow().authorizationUrl(str + "/realms/" + str2 + "/protocol/openid-connect/auth").scopes(new Scopes());
    }
}
