package com.okta.spring.boot.oauth;

import com.okta.spring.boot.oauth.config.OktaOAuth2Properties;
import com.okta.spring.boot.oauth.http.UserAgentRequestInterceptor;
import java.util.Arrays;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
import org.springframework.context.ApplicationContext;
import org.springframework.http.converter.FormHttpMessageConverter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.oauth2.client.endpoint.DefaultAuthorizationCodeTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler;
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:com/okta/spring/boot/oauth/OktaOAuth2Configurer.class */
final class OktaOAuth2Configurer extends AbstractHttpConfigurer<OktaOAuth2Configurer, HttpSecurity> {
    OktaOAuth2Configurer() {
    }

    public void init(HttpSecurity httpSecurity) throws Exception {
        ApplicationContext applicationContext = (ApplicationContext) httpSecurity.getSharedObject(ApplicationContext.class);
        if (applicationContext.getBeansOfType(OktaOAuth2Properties.class).isEmpty()) {
            return;
        }
        OktaOAuth2Properties oktaOAuth2Properties = (OktaOAuth2Properties) applicationContext.getBean(OktaOAuth2Properties.class);
        if (!applicationContext.getBeansOfType(OAuth2ClientProperties.class).isEmpty()) {
            configureLogin(httpSecurity, oktaOAuth2Properties);
        }
        if (applicationContext.getBeansOfType(OAuth2ResourceServerProperties.class).isEmpty()) {
            return;
        }
        configureResourceServer(httpSecurity, oktaOAuth2Properties);
    }

    private void configureLogin(HttpSecurity httpSecurity, OktaOAuth2Properties oktaOAuth2Properties) throws Exception {
        httpSecurity.oauth2Login().userInfoEndpoint().userService(new OktaOAuth2UserService(oktaOAuth2Properties.getGroupsClaim())).oidcUserService(new OktaOidcUserService(oktaOAuth2Properties.getGroupsClaim())).and().tokenEndpoint().accessTokenResponseClient(accessTokenResponseClient());
        if (oktaOAuth2Properties.getRedirectUri() != null) {
            httpSecurity.oauth2Login().redirectionEndpoint().baseUri(oktaOAuth2Properties.getRedirectUri());
        }
    }

    private void configureResourceServer(HttpSecurity httpSecurity, OktaOAuth2Properties oktaOAuth2Properties) throws Exception {
        httpSecurity.oauth2ResourceServer().jwt().jwtAuthenticationConverter(new OktaJwtAuthenticationConverter(oktaOAuth2Properties.getGroupsClaim()));
    }

    private OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient() {
        RestTemplate restTemplate = new RestTemplate(Arrays.asList(new FormHttpMessageConverter(), new OAuth2AccessTokenResponseHttpMessageConverter()));
        restTemplate.setErrorHandler(new OAuth2ErrorResponseErrorHandler());
        restTemplate.getInterceptors().add(new UserAgentRequestInterceptor());
        DefaultAuthorizationCodeTokenResponseClient defaultAuthorizationCodeTokenResponseClient = new DefaultAuthorizationCodeTokenResponseClient();
        defaultAuthorizationCodeTokenResponseClient.setRestOperations(restTemplate);
        return defaultAuthorizationCodeTokenResponseClient;
    }
}
