package com.azure.spring.cloud.autoconfigure.implementation.aad.configuration;

import com.azure.spring.cloud.autoconfigure.implementation.aad.configuration.conditions.WebApplicationCondition;
import com.azure.spring.cloud.autoconfigure.implementation.aad.configuration.properties.AadAuthenticationProperties;
import com.azure.spring.cloud.autoconfigure.implementation.aad.security.AadOAuth2UserService;
import com.azure.spring.cloud.autoconfigure.implementation.aad.security.AadWebApplicationHttpSecurityConfigurer;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.security.ConditionalOnDefaultWebSecurity;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.web.SecurityFilterChain;

@Configuration(proxyBeanMethods = false)
@Conditional({WebApplicationCondition.class})
/* loaded from: input_file:com/azure/spring/cloud/autoconfigure/implementation/aad/configuration/AadWebApplicationConfiguration.class */
class AadWebApplicationConfiguration {
    private final RestTemplateBuilder restTemplateBuilder;

    @EnableWebSecurity
    @EnableMethodSecurity
    @ConditionalOnDefaultWebSecurity
    @ConditionalOnExpression("!'${spring.cloud.azure.active-directory.application-type}'.equalsIgnoreCase('web_application_and_resource_server')")
    /* loaded from: input_file:com/azure/spring/cloud/autoconfigure/implementation/aad/configuration/AadWebApplicationConfiguration$DefaultAadWebSecurityConfiguration.class */
    static class DefaultAadWebSecurityConfiguration {
        DefaultAadWebSecurityConfiguration() {
        }

        @Bean
        SecurityFilterChain defaultAadWebApplicationFilterChain(HttpSecurity httpSecurity) throws Exception {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) httpSecurity.apply(AadWebApplicationHttpSecurityConfigurer.aadWebApplication()).and().authorizeHttpRequests().requestMatchers(new String[]{"/login"})).permitAll().anyRequest()).authenticated();
            return (SecurityFilterChain) httpSecurity.build();
        }
    }

    AadWebApplicationConfiguration(RestTemplateBuilder restTemplateBuilder) {
        this.restTemplateBuilder = restTemplateBuilder;
    }

    @ConditionalOnMissingBean
    @Bean
    OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService(AadAuthenticationProperties aadAuthenticationProperties) {
        return new AadOAuth2UserService(aadAuthenticationProperties, this.restTemplateBuilder);
    }
}
