package cn.herodotus.engine.oauth2.management.definition;

import cn.herodotus.engine.oauth2.core.enums.AllJwsAlgorithm;
import cn.herodotus.engine.oauth2.core.enums.SignatureJwsAlgorithm;
import cn.herodotus.engine.oauth2.data.jpa.definition.converter.RegisteredClientConverter;
import cn.herodotus.engine.oauth2.management.definition.AbstractOAuth2RegisteredClient;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang3.ObjectUtils;
import org.springframework.security.oauth2.jose.jws.JwsAlgorithm;
import org.springframework.security.oauth2.jose.jws.MacAlgorithm;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
import org.springframework.util.StringUtils;

/* loaded from: input_file:cn/herodotus/engine/oauth2/management/definition/AbstractOAuth2RegisteredClientConverter.class */
public abstract class AbstractOAuth2RegisteredClientConverter<T extends AbstractOAuth2RegisteredClient> implements RegisteredClientConverter<T> {
    public Set<String> getScopes(T t) {
        return (Set) t.getScopes().stream().map((v0) -> {
            return v0.getScopeCode();
        }).collect(Collectors.toSet());
    }

    public ClientSettings getClientSettings(T t) {
        ClientSettings.Builder builder = ClientSettings.builder();
        builder.requireAuthorizationConsent(t.getRequireAuthorizationConsent().booleanValue());
        builder.requireProofKey(t.getRequireProofKey().booleanValue());
        if (StringUtils.hasText(t.getJwkSetUrl())) {
            builder.jwkSetUrl(t.getJwkSetUrl());
        }
        JwsAlgorithm jwsAlgorithm = toJwsAlgorithm(t.getAuthenticationSigningAlgorithm());
        if (ObjectUtils.isNotEmpty(jwsAlgorithm)) {
            builder.tokenEndpointAuthenticationSigningAlgorithm(jwsAlgorithm);
        }
        return builder.build();
    }

    public TokenSettings getTokenSettings(T t) {
        TokenSettings.Builder builder = TokenSettings.builder();
        builder.authorizationCodeTimeToLive(t.getAuthorizationCodeValidity());
        builder.accessTokenTimeToLive(t.getAccessTokenValidity());
        builder.accessTokenFormat(new OAuth2TokenFormat(t.getAccessTokenFormat().getFormat()));
        builder.deviceCodeTimeToLive(t.getDeviceCodeValidity());
        builder.reuseRefreshTokens(t.getReuseRefreshTokens().booleanValue());
        builder.refreshTokenTimeToLive(t.getRefreshTokenValidity());
        SignatureAlgorithm signatureAlgorithm = toSignatureAlgorithm(t.getIdTokenSignatureAlgorithm());
        if (ObjectUtils.isNotEmpty(signatureAlgorithm)) {
            builder.idTokenSignatureAlgorithm(signatureAlgorithm);
        }
        return builder.build();
    }

    private JwsAlgorithm toJwsAlgorithm(AllJwsAlgorithm allJwsAlgorithm) {
        if (ObjectUtils.isNotEmpty(allJwsAlgorithm)) {
            return allJwsAlgorithm.getValue().intValue() < AllJwsAlgorithm.HS256.getValue().intValue() ? SignatureAlgorithm.from(allJwsAlgorithm.name()) : MacAlgorithm.from(allJwsAlgorithm.name());
        }
        return null;
    }

    private SignatureAlgorithm toSignatureAlgorithm(SignatureJwsAlgorithm signatureJwsAlgorithm) {
        if (ObjectUtils.isNotEmpty(signatureJwsAlgorithm)) {
            return SignatureAlgorithm.from(signatureJwsAlgorithm.name());
        }
        return null;
    }
}
