package com.azure.spring.autoconfigure.b2c;

import com.azure.spring.aad.AADIssuerJWSKeySelector;
import com.azure.spring.aad.AADTrustedIssuerRepository;
import com.azure.spring.aad.webapi.validator.AADJwtAudienceValidator;
import com.azure.spring.aad.webapi.validator.AADJwtIssuerValidator;
import com.azure.spring.autoconfigure.b2c.AADB2CConditions;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import com.nimbusds.jwt.proc.JWTClaimsSetAwareJWSKeySelector;
import com.nimbusds.jwt.proc.JWTProcessor;
import java.util.ArrayList;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnResource;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.lang.NonNull;
import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtTimestampValidator;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
import org.springframework.util.StringUtils;

@EnableConfigurationProperties({AADB2CProperties.class})
@Configuration
@ConditionalOnClass({BearerTokenAuthenticationToken.class})
@ConditionalOnResource(resources = {"classpath:aadb2c.enable.config"})
@Conditional({AADB2CConditions.CommonCondition.class})
@Import({AADB2COAuth2ClientConfiguration.class})
/* loaded from: input_file:com/azure/spring/autoconfigure/b2c/AADB2CResourceServerAutoConfiguration.class */
public class AADB2CResourceServerAutoConfiguration {
    private final AADB2CProperties properties;

    public AADB2CResourceServerAutoConfiguration(@NonNull AADB2CProperties aADB2CProperties) {
        this.properties = aADB2CProperties;
    }

    @ConditionalOnMissingBean
    @Bean
    public AADTrustedIssuerRepository trustedIssuerRepository() {
        return new AADB2CTrustedIssuerRepository(this.properties);
    }

    @ConditionalOnMissingBean
    @Bean
    public JWTClaimsSetAwareJWSKeySelector<SecurityContext> aadIssuerJWSKeySelector(AADTrustedIssuerRepository aADTrustedIssuerRepository) {
        return new AADIssuerJWSKeySelector(aADTrustedIssuerRepository, this.properties.getJwtConnectTimeout(), this.properties.getJwtReadTimeout(), this.properties.getJwtSizeLimit());
    }

    @ConditionalOnMissingBean
    @Bean
    public JWTProcessor<SecurityContext> jwtProcessor(JWTClaimsSetAwareJWSKeySelector<SecurityContext> jWTClaimsSetAwareJWSKeySelector) {
        DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
        defaultJWTProcessor.setJWTClaimsSetAwareJWSKeySelector(jWTClaimsSetAwareJWSKeySelector);
        return defaultJWTProcessor;
    }

    @ConditionalOnMissingBean
    @Bean
    public JwtDecoder jwtDecoder(JWTProcessor<SecurityContext> jWTProcessor, AADTrustedIssuerRepository aADTrustedIssuerRepository) {
        NimbusJwtDecoder nimbusJwtDecoder = new NimbusJwtDecoder(jWTProcessor);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (StringUtils.hasText(this.properties.getAppIdUri())) {
            arrayList2.add(this.properties.getAppIdUri());
        }
        if (StringUtils.hasText(this.properties.getClientId())) {
            arrayList2.add(this.properties.getClientId());
        }
        if (!arrayList2.isEmpty()) {
            arrayList.add(new AADJwtAudienceValidator(arrayList2));
        }
        arrayList.add(new AADJwtIssuerValidator(aADTrustedIssuerRepository));
        arrayList.add(new JwtTimestampValidator());
        nimbusJwtDecoder.setJwtValidator(new DelegatingOAuth2TokenValidator(arrayList));
        return nimbusJwtDecoder;
    }
}
