package org.springframework.security.config.annotation.web.configurers.oauth2.server.authorization;

import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.servlet.Filter;
import org.springframework.beans.factory.BeanFactoryUtils;
import org.springframework.beans.factory.ListableBeanFactory;
import org.springframework.beans.factory.NoUniqueBeanDefinitionException;
import org.springframework.context.ApplicationContext;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
import org.springframework.security.crypto.keys.KeyManager;
import org.springframework.security.oauth2.jose.jws.NimbusJwsEncoder;
import org.springframework.security.oauth2.server.authorization.InMemoryOAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationProvider;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationProvider;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientCredentialsAuthenticationProvider;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.web.JwkSetEndpointFilter;
import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter;
import org.springframework.security.oauth2.server.authorization.web.OAuth2ClientAuthenticationFilter;
import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/config/annotation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.class */
public final class OAuth2AuthorizationServerConfigurer<B extends HttpSecurityBuilder<B>> extends AbstractHttpConfigurer<OAuth2AuthorizationServerConfigurer<B>, B> {
    private final RequestMatcher authorizationEndpointMatcher = new AntPathRequestMatcher(OAuth2AuthorizationEndpointFilter.DEFAULT_AUTHORIZATION_ENDPOINT_URI, HttpMethod.GET.name());
    private final RequestMatcher tokenEndpointMatcher = new AntPathRequestMatcher(OAuth2TokenEndpointFilter.DEFAULT_TOKEN_ENDPOINT_URI, HttpMethod.POST.name());
    private final RequestMatcher jwkSetEndpointMatcher = new AntPathRequestMatcher(JwkSetEndpointFilter.DEFAULT_JWK_SET_ENDPOINT_URI, HttpMethod.GET.name());

    public OAuth2AuthorizationServerConfigurer<B> registeredClientRepository(RegisteredClientRepository registeredClientRepository) {
        Assert.notNull(registeredClientRepository, "registeredClientRepository cannot be null");
        getBuilder().setSharedObject(RegisteredClientRepository.class, registeredClientRepository);
        return this;
    }

    public OAuth2AuthorizationServerConfigurer<B> authorizationService(OAuth2AuthorizationService oAuth2AuthorizationService) {
        Assert.notNull(oAuth2AuthorizationService, "authorizationService cannot be null");
        getBuilder().setSharedObject(OAuth2AuthorizationService.class, oAuth2AuthorizationService);
        return this;
    }

    public OAuth2AuthorizationServerConfigurer<B> keyManager(KeyManager keyManager) {
        Assert.notNull(keyManager, "keyManager cannot be null");
        getBuilder().setSharedObject(KeyManager.class, keyManager);
        return this;
    }

    public List<RequestMatcher> getEndpointMatchers() {
        return Arrays.asList(this.authorizationEndpointMatcher, this.tokenEndpointMatcher, this.jwkSetEndpointMatcher);
    }

    public void init(B b) {
        b.authenticationProvider((AuthenticationProvider) postProcess(new OAuth2ClientAuthenticationProvider(getRegisteredClientRepository(b))));
        NimbusJwsEncoder nimbusJwsEncoder = new NimbusJwsEncoder(getKeyManager(b));
        b.authenticationProvider((AuthenticationProvider) postProcess(new OAuth2AuthorizationCodeAuthenticationProvider(getRegisteredClientRepository(b), getAuthorizationService(b), nimbusJwsEncoder)));
        b.authenticationProvider((AuthenticationProvider) postProcess(new OAuth2ClientCredentialsAuthenticationProvider(getAuthorizationService(b), nimbusJwsEncoder)));
        ExceptionHandlingConfigurer configurer = b.getConfigurer(ExceptionHandlingConfigurer.class);
        if (configurer != null) {
            configurer.defaultAuthenticationEntryPointFor(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED), this.tokenEndpointMatcher);
        }
    }

    public void configure(B b) {
        b.addFilterBefore((Filter) postProcess(new JwkSetEndpointFilter(getKeyManager(b))), AbstractPreAuthenticatedProcessingFilter.class);
        AuthenticationManager authenticationManager = (AuthenticationManager) b.getSharedObject(AuthenticationManager.class);
        b.addFilterAfter((Filter) postProcess(new OAuth2ClientAuthenticationFilter(authenticationManager, this.tokenEndpointMatcher)), AbstractPreAuthenticatedProcessingFilter.class);
        b.addFilterBefore((Filter) postProcess(new OAuth2AuthorizationEndpointFilter(getRegisteredClientRepository(b), getAuthorizationService(b))), AbstractPreAuthenticatedProcessingFilter.class);
        b.addFilterAfter((Filter) postProcess(new OAuth2TokenEndpointFilter(authenticationManager, getAuthorizationService(b))), FilterSecurityInterceptor.class);
    }

    private static <B extends HttpSecurityBuilder<B>> RegisteredClientRepository getRegisteredClientRepository(B b) {
        RegisteredClientRepository registeredClientRepository = (RegisteredClientRepository) b.getSharedObject(RegisteredClientRepository.class);
        if (registeredClientRepository == null) {
            registeredClientRepository = getRegisteredClientRepositoryBean(b);
            b.setSharedObject(RegisteredClientRepository.class, registeredClientRepository);
        }
        return registeredClientRepository;
    }

    private static <B extends HttpSecurityBuilder<B>> RegisteredClientRepository getRegisteredClientRepositoryBean(B b) {
        return (RegisteredClientRepository) ((ApplicationContext) b.getSharedObject(ApplicationContext.class)).getBean(RegisteredClientRepository.class);
    }

    private static <B extends HttpSecurityBuilder<B>> OAuth2AuthorizationService getAuthorizationService(B b) {
        OAuth2AuthorizationService oAuth2AuthorizationService = (OAuth2AuthorizationService) b.getSharedObject(OAuth2AuthorizationService.class);
        if (oAuth2AuthorizationService == null) {
            oAuth2AuthorizationService = getAuthorizationServiceBean(b);
            if (oAuth2AuthorizationService == null) {
                oAuth2AuthorizationService = new InMemoryOAuth2AuthorizationService();
            }
            b.setSharedObject(OAuth2AuthorizationService.class, oAuth2AuthorizationService);
        }
        return oAuth2AuthorizationService;
    }

    private static <B extends HttpSecurityBuilder<B>> OAuth2AuthorizationService getAuthorizationServiceBean(B b) {
        Map beansOfTypeIncludingAncestors = BeanFactoryUtils.beansOfTypeIncludingAncestors((ListableBeanFactory) b.getSharedObject(ApplicationContext.class), OAuth2AuthorizationService.class);
        if (beansOfTypeIncludingAncestors.size() > 1) {
            throw new NoUniqueBeanDefinitionException(OAuth2AuthorizationService.class, beansOfTypeIncludingAncestors.size(), "Expected single matching bean of type '" + OAuth2AuthorizationService.class.getName() + "' but found " + beansOfTypeIncludingAncestors.size() + ": " + StringUtils.collectionToCommaDelimitedString(beansOfTypeIncludingAncestors.keySet()));
        }
        if (beansOfTypeIncludingAncestors.isEmpty()) {
            return null;
        }
        return (OAuth2AuthorizationService) beansOfTypeIncludingAncestors.values().iterator().next();
    }

    private static <B extends HttpSecurityBuilder<B>> KeyManager getKeyManager(B b) {
        KeyManager keyManager = (KeyManager) b.getSharedObject(KeyManager.class);
        if (keyManager == null) {
            keyManager = getKeyManagerBean(b);
            b.setSharedObject(KeyManager.class, keyManager);
        }
        return keyManager;
    }

    private static <B extends HttpSecurityBuilder<B>> KeyManager getKeyManagerBean(B b) {
        return (KeyManager) ((ApplicationContext) b.getSharedObject(ApplicationContext.class)).getBean(KeyManager.class);
    }
}
