package com.okta.spring.boot.oauth;

import com.okta.spring.boot.oauth.config.OktaOAuth2Properties;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter;

@EnableConfigurationProperties({OktaOAuth2Properties.class, OAuth2ResourceServerProperties.class})
@Configuration
@ConditionalOnClass({EnableWebFluxSecurity.class, BearerTokenAuthenticationToken.class, ReactiveJwtDecoder.class})
@AutoConfigureAfter({ReactiveOktaOAuth2ResourceServerAutoConfig.class})
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.REACTIVE)
/* loaded from: input_file:com/okta/spring/boot/oauth/ReactiveOktaOAuth2ResourceServerHttpServerAutoConfig.class */
class ReactiveOktaOAuth2ResourceServerHttpServerAutoConfig {

    /* loaded from: input_file:com/okta/spring/boot/oauth/ReactiveOktaOAuth2ResourceServerHttpServerAutoConfig$OktaOAuth2ResourceServerBeanPostProcessor.class */
    static class OktaOAuth2ResourceServerBeanPostProcessor implements BeanPostProcessor {
        private final OktaOAuth2Properties oktaOAuth2Properties;

        OktaOAuth2ResourceServerBeanPostProcessor(OktaOAuth2Properties oktaOAuth2Properties) {
            this.oktaOAuth2Properties = oktaOAuth2Properties;
        }

        public Object postProcessAfterInitialization(Object obj, String str) {
            if (obj instanceof ServerHttpSecurity) {
                ((ServerHttpSecurity) obj).oauth2ResourceServer().jwt().jwtAuthenticationConverter(new ReactiveJwtAuthenticationConverterAdapter(new OktaJwtAuthenticationConverter(this.oktaOAuth2Properties.getGroupsClaim())));
            }
            return obj;
        }
    }

    ReactiveOktaOAuth2ResourceServerHttpServerAutoConfig() {
    }

    @Bean
    BeanPostProcessor oktaOAuth2ResourceServerBeanPostProcessor(OktaOAuth2Properties oktaOAuth2Properties) {
        return new OktaOAuth2ResourceServerBeanPostProcessor(oktaOAuth2Properties);
    }
}
