package com.okta.spring.boot.oauth;

import com.okta.spring.boot.oauth.config.OktaOAuth2Properties;
import java.util.Collection;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.security.ConditionalOnDefaultWebSecurity;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.web.SecurityFilterChain;

@EnableConfigurationProperties({OktaOAuth2Properties.class})
@AutoConfiguration
@ConditionalOnClass({EnableWebSecurity.class, ClientRegistration.class})
@ConditionalOnOktaClientProperties
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
@Import({AuthorityProvidersConfig.class})
/* loaded from: input_file:com/okta/spring/boot/oauth/OktaOAuth2AutoConfig.class */
class OktaOAuth2AutoConfig {

    @ConditionalOnDefaultWebSecurity
    @Configuration
    /* loaded from: input_file:com/okta/spring/boot/oauth/OktaOAuth2AutoConfig$OAuth2SecurityFilterChainConfiguration.class */
    static class OAuth2SecurityFilterChainConfiguration {
        OAuth2SecurityFilterChainConfiguration() {
        }

        @Bean
        SecurityFilterChain oauth2SecurityFilterChain(HttpSecurity httpSecurity, ClientRegistrationRepository clientRegistrationRepository) throws Exception {
            httpSecurity.authorizeRequests(expressionInterceptUrlRegistry -> {
                ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) expressionInterceptUrlRegistry.anyRequest()).authenticated();
            });
            Okta.configureOAuth2WithPkce(httpSecurity, clientRegistrationRepository);
            httpSecurity.oauth2Client();
            httpSecurity.oauth2ResourceServer((v0) -> {
                v0.jwt();
            });
            return (SecurityFilterChain) httpSecurity.build();
        }
    }

    OktaOAuth2AutoConfig() {
    }

    @ConditionalOnProperty(name = {"okta.oauth2.post-logout-redirect-uri"})
    @Bean
    OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler(OktaOAuth2Properties oktaOAuth2Properties, ClientRegistrationRepository clientRegistrationRepository) {
        OidcClientInitiatedLogoutSuccessHandler oidcClientInitiatedLogoutSuccessHandler = new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
        String postLogoutRedirectUri = oktaOAuth2Properties.getPostLogoutRedirectUri();
        oidcClientInitiatedLogoutSuccessHandler.setPostLogoutRedirectUri((postLogoutRedirectUri.startsWith("/") ? "{baseUrl}" : "") + postLogoutRedirectUri);
        return oidcClientInitiatedLogoutSuccessHandler;
    }

    @ConditionalOnMissingBean(name = {"oAuth2UserService"})
    @Bean
    OAuth2UserService<OAuth2UserRequest, OAuth2User> oAuth2UserService(Collection<AuthoritiesProvider> collection) {
        return new OktaOAuth2UserService(collection);
    }

    @ConditionalOnMissingBean(name = {"oidcUserService"})
    @Bean
    OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService(@Qualifier("oAuth2UserService") OAuth2UserService<OAuth2UserRequest, OAuth2User> oAuth2UserService, Collection<AuthoritiesProvider> collection) {
        return new OktaOidcUserService(oAuth2UserService, collection);
    }
}
