package org.springframework.security.config.annotation.web.configurers.oauth2.client;

import java.net.URI;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import org.springframework.context.ApplicationContext;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationProvider;
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticationToken;
import org.springframework.security.oauth2.client.authentication.AuthorizationCodeAuthenticator;
import org.springframework.security.oauth2.client.authentication.AuthorizationGrantAuthenticator;
import org.springframework.security.oauth2.client.authentication.DelegatingAuthorizationGrantAuthenticator;
import org.springframework.security.oauth2.client.authentication.OAuth2UserAuthenticationProvider;
import org.springframework.security.oauth2.client.authentication.jwt.JwtDecoderRegistry;
import org.springframework.security.oauth2.client.authentication.jwt.nimbus.NimbusJwtDecoderRegistry;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
import org.springframework.security.oauth2.client.user.CustomUserTypesOAuth2UserService;
import org.springframework.security.oauth2.client.user.DefaultOAuth2UserService;
import org.springframework.security.oauth2.client.user.DelegatingOAuth2UserService;
import org.springframework.security.oauth2.client.user.OAuth2UserService;
import org.springframework.security.oauth2.client.web.AuthorizationCodeAuthenticationFilter;
import org.springframework.security.oauth2.client.web.AuthorizationCodeRequestRedirectFilter;
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
import org.springframework.security.oauth2.client.web.AuthorizationRequestRepository;
import org.springframework.security.oauth2.client.web.AuthorizationRequestUriBuilder;
import org.springframework.security.oauth2.client.web.nimbus.NimbusAuthorizationCodeTokenExchanger;
import org.springframework.security.oauth2.core.AccessToken;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.oidc.client.authentication.OidcAuthorizationCodeAuthenticator;
import org.springframework.security.oauth2.oidc.client.user.OidcUserService;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/config/annotation/web/configurers/oauth2/client/AuthorizationCodeGrantConfigurer.class */
public class AuthorizationCodeGrantConfigurer<B extends HttpSecurityBuilder<B>> extends AbstractHttpConfigurer<AuthorizationCodeGrantConfigurer<B>, B> {
    private AuthorizationCodeRequestRedirectFilter authorizationRequestFilter;
    private String authorizationRequestBaseUri;
    private AuthorizationRequestUriBuilder authorizationRequestBuilder;
    private AuthorizationRequestRepository authorizationRequestRepository;
    private AuthorizationCodeAuthenticationFilter authorizationResponseFilter;
    private String authorizationResponseBaseUri;
    private AuthorizationGrantAuthenticator<AuthorizationCodeAuthenticationToken> authorizationCodeAuthenticator;
    private AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger;
    private SecurityTokenRepository<AccessToken> accessTokenRepository;
    private JwtDecoderRegistry jwtDecoderRegistry;
    private OAuth2UserService userService;
    private Map<URI, Class<? extends OAuth2User>> customUserTypes = new HashMap();
    private GrantedAuthoritiesMapper userAuthoritiesMapper;

    public AuthorizationCodeGrantConfigurer<B> authorizationRequestBaseUri(String str) {
        Assert.hasText(str, "authorizationRequestBaseUri cannot be empty");
        this.authorizationRequestBaseUri = str;
        return this;
    }

    public AuthorizationCodeGrantConfigurer<B> authorizationRequestBuilder(AuthorizationRequestUriBuilder authorizationRequestUriBuilder) {
        Assert.notNull(authorizationRequestUriBuilder, "authorizationRequestBuilder cannot be null");
        this.authorizationRequestBuilder = authorizationRequestUriBuilder;
        return this;
    }

    public AuthorizationCodeGrantConfigurer<B> authorizationRequestRepository(AuthorizationRequestRepository authorizationRequestRepository) {
        Assert.notNull(authorizationRequestRepository, "authorizationRequestRepository cannot be null");
        this.authorizationRequestRepository = authorizationRequestRepository;
        return this;
    }

    public AuthorizationCodeGrantConfigurer<B> authorizationResponseBaseUri(String str) {
        Assert.hasText(str, "authorizationResponseBaseUri cannot be empty");
        this.authorizationResponseBaseUri = str;
        return this;
    }

    public AuthorizationCodeGrantConfigurer<B> authorizationCodeAuthenticator(AuthorizationGrantAuthenticator<AuthorizationCodeAuthenticationToken> authorizationGrantAuthenticator) {
        Assert.notNull(authorizationGrantAuthenticator, "authorizationCodeAuthenticator cannot be null");
        this.authorizationCodeAuthenticator = authorizationGrantAuthenticator;
        return this;
    }

    public AuthorizationCodeGrantConfigurer<B> authorizationCodeTokenExchanger(AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationGrantTokenExchanger) {
        Assert.notNull(authorizationGrantTokenExchanger, "authorizationCodeTokenExchanger cannot be null");
        this.authorizationCodeTokenExchanger = authorizationGrantTokenExchanger;
        return this;
    }

    public AuthorizationCodeGrantConfigurer<B> accessTokenRepository(SecurityTokenRepository<AccessToken> securityTokenRepository) {
        Assert.notNull(securityTokenRepository, "accessTokenRepository cannot be null");
        this.accessTokenRepository = securityTokenRepository;
        return this;
    }

    public AuthorizationCodeGrantConfigurer<B> jwtDecoderRegistry(JwtDecoderRegistry jwtDecoderRegistry) {
        Assert.notNull(jwtDecoderRegistry, "jwtDecoderRegistry cannot be null");
        this.jwtDecoderRegistry = jwtDecoderRegistry;
        return this;
    }

    public AuthorizationCodeGrantConfigurer<B> userService(OAuth2UserService oAuth2UserService) {
        Assert.notNull(oAuth2UserService, "userService cannot be null");
        this.userService = oAuth2UserService;
        return this;
    }

    public AuthorizationCodeGrantConfigurer<B> customUserType(Class<? extends OAuth2User> cls, URI uri) {
        Assert.notNull(cls, "customUserType cannot be null");
        Assert.notNull(uri, "userInfoUri cannot be null");
        this.customUserTypes.put(uri, cls);
        return this;
    }

    public AuthorizationCodeGrantConfigurer<B> userAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
        Assert.notNull(grantedAuthoritiesMapper, "userAuthoritiesMapper cannot be null");
        this.userAuthoritiesMapper = grantedAuthoritiesMapper;
        return this;
    }

    public AuthorizationCodeGrantConfigurer<B> clientRegistrationRepository(ClientRegistrationRepository clientRegistrationRepository) {
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        ((HttpSecurityBuilder) getBuilder()).setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository);
        return this;
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public final void init(B b) throws Exception {
        AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider = new AuthorizationCodeAuthenticationProvider(getAuthorizationCodeAuthenticator());
        if (this.accessTokenRepository != null) {
            authorizationCodeAuthenticationProvider.setAccessTokenRepository(this.accessTokenRepository);
        }
        b.authenticationProvider((AuthenticationProvider) postProcess(authorizationCodeAuthenticationProvider));
        OAuth2UserAuthenticationProvider oAuth2UserAuthenticationProvider = new OAuth2UserAuthenticationProvider(getUserService());
        if (this.userAuthoritiesMapper != null) {
            oAuth2UserAuthenticationProvider.setAuthoritiesMapper(this.userAuthoritiesMapper);
        }
        b.authenticationProvider((AuthenticationProvider) postProcess(oAuth2UserAuthenticationProvider));
        this.authorizationRequestFilter = new AuthorizationCodeRequestRedirectFilter(getAuthorizationRequestBaseUri(), getClientRegistrationRepository());
        if (this.authorizationRequestBuilder != null) {
            this.authorizationRequestFilter.setAuthorizationUriBuilder(this.authorizationRequestBuilder);
        }
        if (this.authorizationRequestRepository != null) {
            this.authorizationRequestFilter.setAuthorizationRequestRepository(this.authorizationRequestRepository);
        }
        this.authorizationResponseFilter = new AuthorizationCodeAuthenticationFilter(getAuthorizationResponseBaseUri());
        this.authorizationResponseFilter.setClientRegistrationRepository(getClientRegistrationRepository());
        if (this.authorizationRequestRepository != null) {
            this.authorizationResponseFilter.setAuthorizationRequestRepository(this.authorizationRequestRepository);
        }
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(B b) throws Exception {
        b.addFilter((Filter) postProcess(this.authorizationRequestFilter));
        this.authorizationResponseFilter.setAuthenticationManager((AuthenticationManager) b.getSharedObject(AuthenticationManager.class));
        SessionAuthenticationStrategy sessionAuthenticationStrategy = (SessionAuthenticationStrategy) b.getSharedObject(SessionAuthenticationStrategy.class);
        if (sessionAuthenticationStrategy != null) {
            this.authorizationResponseFilter.setSessionAuthenticationStrategy(sessionAuthenticationStrategy);
        }
        b.addFilter((Filter) postProcess(this.authorizationResponseFilter));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizationCodeRequestRedirectFilter getAuthorizationRequestFilter() {
        return this.authorizationRequestFilter;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getAuthorizationRequestBaseUri() {
        return this.authorizationRequestBaseUri != null ? this.authorizationRequestBaseUri : "/oauth2/authorization/code";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getAuthorizationResponseBaseUri() {
        return this.authorizationResponseBaseUri != null ? this.authorizationResponseBaseUri : "/oauth2/authorize/code";
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthorizationRequestRepository getAuthorizationRequestRepository() {
        return this.authorizationRequestRepository;
    }

    private AuthorizationGrantAuthenticator<AuthorizationCodeAuthenticationToken> getAuthorizationCodeAuthenticator() {
        if (this.authorizationCodeAuthenticator == null) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new AuthorizationCodeAuthenticator(getAuthorizationCodeTokenExchanger()));
            arrayList.add(new OidcAuthorizationCodeAuthenticator(getAuthorizationCodeTokenExchanger(), getJwtDecoderRegistry()));
            this.authorizationCodeAuthenticator = new DelegatingAuthorizationGrantAuthenticator(arrayList);
        }
        return this.authorizationCodeAuthenticator;
    }

    private AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> getAuthorizationCodeTokenExchanger() {
        if (this.authorizationCodeTokenExchanger == null) {
            this.authorizationCodeTokenExchanger = new NimbusAuthorizationCodeTokenExchanger();
        }
        return this.authorizationCodeTokenExchanger;
    }

    private JwtDecoderRegistry getJwtDecoderRegistry() {
        if (this.jwtDecoderRegistry == null) {
            this.jwtDecoderRegistry = new NimbusJwtDecoderRegistry();
        }
        return this.jwtDecoderRegistry;
    }

    private OAuth2UserService getUserService() {
        if (this.userService == null) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new DefaultOAuth2UserService());
            arrayList.add(new OidcUserService());
            if (!this.customUserTypes.isEmpty()) {
                arrayList.add(new CustomUserTypesOAuth2UserService(this.customUserTypes));
            }
            this.userService = new DelegatingOAuth2UserService(arrayList);
        }
        return this.userService;
    }

    private ClientRegistrationRepository getClientRegistrationRepository() {
        ClientRegistrationRepository clientRegistrationRepository = (ClientRegistrationRepository) ((HttpSecurityBuilder) getBuilder()).getSharedObject(ClientRegistrationRepository.class);
        if (clientRegistrationRepository == null) {
            clientRegistrationRepository = getClientRegistrationRepositoryBean();
            ((HttpSecurityBuilder) getBuilder()).setSharedObject(ClientRegistrationRepository.class, clientRegistrationRepository);
        }
        return clientRegistrationRepository;
    }

    private ClientRegistrationRepository getClientRegistrationRepositoryBean() {
        return (ClientRegistrationRepository) ((ApplicationContext) ((HttpSecurityBuilder) getBuilder()).getSharedObject(ApplicationContext.class)).getBean(ClientRegistrationRepository.class);
    }
}
