package com.azure.spring.cloud.autoconfigure.implementation.aad.security;

import com.azure.spring.cloud.autoconfigure.implementation.aad.configuration.properties.AadAuthenticationProperties;
import com.azure.spring.cloud.autoconfigure.implementation.aad.utils.AadRestTemplateCreator;
import jakarta.servlet.Filter;
import java.util.Objects;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.ApplicationContext;
import org.springframework.core.ResolvableType;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestRedirectFilter;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/azure/spring/cloud/autoconfigure/implementation/aad/security/AadWebApplicationHttpSecurityConfigurer.class */
public class AadWebApplicationHttpSecurityConfigurer extends AbstractHttpConfigurer<AadWebApplicationHttpSecurityConfigurer, HttpSecurity> {
    protected ClientRegistrationRepository repo;
    protected RestTemplateBuilder restTemplateBuilder;
    protected OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService;
    protected AadAuthenticationProperties properties;
    protected ObjectProvider<OAuth2ClientAuthenticationJwkResolver> jwkResolvers;
    private Filter conditionalAccessFilter;

    public void init(HttpSecurity httpSecurity) throws Exception {
        super.init(httpSecurity);
        ApplicationContext applicationContext = (ApplicationContext) httpSecurity.getSharedObject(ApplicationContext.class);
        this.repo = (ClientRegistrationRepository) applicationContext.getBean(ClientRegistrationRepository.class);
        this.properties = (AadAuthenticationProperties) applicationContext.getBean(AadAuthenticationProperties.class);
        this.restTemplateBuilder = (RestTemplateBuilder) applicationContext.getBean(RestTemplateBuilder.class);
        this.oidcUserService = (OAuth2UserService) applicationContext.getBeanProvider(ResolvableType.forClassWithGenerics(OAuth2UserService.class, new Class[]{OidcUserRequest.class, OidcUser.class})).getIfUnique();
        this.jwkResolvers = applicationContext.getBeanProvider(OAuth2ClientAuthenticationJwkResolver.class);
        httpSecurity.oauth2Login().authorizationEndpoint().authorizationRequestResolver(requestResolver()).and().tokenEndpoint().accessTokenResponseClient(accessTokenResponseClient()).and().userInfoEndpoint().oidcUserService(this.oidcUserService).and().and().logout().logoutSuccessHandler(oidcLogoutSuccessHandler());
    }

    public void configure(HttpSecurity httpSecurity) throws Exception {
        if (this.conditionalAccessFilter != null) {
            httpSecurity.addFilterAfter(this.conditionalAccessFilter, OAuth2AuthorizationRequestRedirectFilter.class);
        }
    }

    public static AadWebApplicationHttpSecurityConfigurer aadWebApplication() {
        return new AadWebApplicationHttpSecurityConfigurer();
    }

    public AadWebApplicationHttpSecurityConfigurer conditionalAccessFilter(Filter filter) {
        this.conditionalAccessFilter = filter;
        return this;
    }

    protected LogoutSuccessHandler oidcLogoutSuccessHandler() {
        OidcClientInitiatedLogoutSuccessHandler oidcClientInitiatedLogoutSuccessHandler = new OidcClientInitiatedLogoutSuccessHandler(this.repo);
        String postLogoutRedirectUri = this.properties.getPostLogoutRedirectUri();
        if (StringUtils.hasText(postLogoutRedirectUri)) {
            oidcClientInitiatedLogoutSuccessHandler.setPostLogoutRedirectUri(postLogoutRedirectUri);
        }
        return oidcClientInitiatedLogoutSuccessHandler;
    }

    protected OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient() {
        DefaultAuthorizationCodeTokenResponseClient defaultAuthorizationCodeTokenResponseClient = new DefaultAuthorizationCodeTokenResponseClient();
        defaultAuthorizationCodeTokenResponseClient.setRestOperations(AadRestTemplateCreator.createOAuth2AccessTokenResponseClientRestTemplate(this.restTemplateBuilder));
        if (this.repo instanceof AadClientRegistrationRepository) {
            AadOAuth2AuthorizationCodeGrantRequestEntityConverter aadOAuth2AuthorizationCodeGrantRequestEntityConverter = new AadOAuth2AuthorizationCodeGrantRequestEntityConverter(((AadClientRegistrationRepository) this.repo).getAzureClientAccessTokenScopes());
            OAuth2ClientAuthenticationJwkResolver oAuth2ClientAuthenticationJwkResolver = (OAuth2ClientAuthenticationJwkResolver) this.jwkResolvers.getIfUnique();
            if (oAuth2ClientAuthenticationJwkResolver != null) {
                Objects.requireNonNull(oAuth2ClientAuthenticationJwkResolver);
                aadOAuth2AuthorizationCodeGrantRequestEntityConverter.addParametersConverter(new AadJwtClientAuthenticationParametersConverter(oAuth2ClientAuthenticationJwkResolver::resolve));
            }
            defaultAuthorizationCodeTokenResponseClient.setRequestEntityConverter(aadOAuth2AuthorizationCodeGrantRequestEntityConverter);
        }
        return defaultAuthorizationCodeTokenResponseClient;
    }

    protected OAuth2AuthorizationRequestResolver requestResolver() {
        return new AadOAuth2AuthorizationRequestResolver(this.repo, this.properties);
    }
}
