package com.azure.spring.cloud.autoconfigure.aad.configuration;

import com.azure.spring.cloud.autoconfigure.aad.AadClientRegistrationRepository;
import com.azure.spring.cloud.autoconfigure.aad.implementation.conditions.ClientCertificatePropertiesCondition;
import com.azure.spring.cloud.autoconfigure.aad.implementation.conditions.ClientRegistrationCondition;
import com.azure.spring.cloud.autoconfigure.aad.implementation.jwt.AadJwtClientAuthenticationParametersConverter;
import com.azure.spring.cloud.autoconfigure.aad.implementation.oauth2.AadOAuth2ClientAuthenticationJwkResolver;
import com.azure.spring.cloud.autoconfigure.aad.implementation.oauth2.JacksonHttpSessionOAuth2AuthorizedClientRepository;
import com.azure.spring.cloud.autoconfigure.aad.implementation.oauth2.OAuth2ClientAuthenticationJwkResolver;
import com.azure.spring.cloud.autoconfigure.aad.implementation.webapi.AadJwtBearerGrantRequestEntityConverter;
import com.azure.spring.cloud.autoconfigure.aad.implementation.webapp.AadAzureDelegatedOAuth2AuthorizedClientProvider;
import com.azure.spring.cloud.autoconfigure.aad.properties.AadAuthenticationProperties;
import java.util.Objects;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
import org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.DefaultJwtBearerTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequestEntityConverter;
import org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequestEntityConverter;
import org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequestEntityConverter;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;

@Configuration(proxyBeanMethods = false)
@Conditional({ClientRegistrationCondition.class})
/* loaded from: input_file:com/azure/spring/cloud/autoconfigure/aad/configuration/AadOAuth2ClientConfiguration.class */
public class AadOAuth2ClientConfiguration {
    @ConditionalOnMissingBean
    @Bean
    public ClientRegistrationRepository clientRegistrationRepository(AadAuthenticationProperties aadAuthenticationProperties) {
        return new AadClientRegistrationRepository(aadAuthenticationProperties);
    }

    @ConditionalOnMissingBean
    @Bean
    public OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository() {
        return new JacksonHttpSessionOAuth2AuthorizedClientRepository();
    }

    @ConditionalOnMissingBean
    @Conditional({ClientCertificatePropertiesCondition.class})
    @Bean
    OAuth2ClientAuthenticationJwkResolver oAuth2ClientAuthenticationJwkResolver(AadAuthenticationProperties aadAuthenticationProperties) {
        return new AadOAuth2ClientAuthenticationJwkResolver(aadAuthenticationProperties.getCredential().getClientCertificatePath(), aadAuthenticationProperties.getCredential().getClientCertificatePassword());
    }

    @ConditionalOnMissingBean
    @Bean
    OAuth2AuthorizedClientManager authorizedClientManager(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository, RefreshTokenOAuth2AuthorizedClientProvider refreshTokenOAuth2AuthorizedClientProvider, JwtBearerOAuth2AuthorizedClientProvider jwtBearerOAuth2AuthorizedClientProvider, ObjectProvider<OAuth2ClientAuthenticationJwkResolver> objectProvider) {
        DefaultOAuth2AuthorizedClientManager defaultOAuth2AuthorizedClientManager = new DefaultOAuth2AuthorizedClientManager(clientRegistrationRepository, oAuth2AuthorizedClientRepository);
        OAuth2ClientAuthenticationJwkResolver oAuth2ClientAuthenticationJwkResolver = (OAuth2ClientAuthenticationJwkResolver) objectProvider.getIfUnique();
        defaultOAuth2AuthorizedClientManager.setAuthorizedClientProvider(OAuth2AuthorizedClientProviderBuilder.builder().authorizationCode().clientCredentials(clientCredentialsGrantBuilder -> {
            clientCredentialsGrantBuilderAccessTokenResponseClientCustomizer(clientCredentialsGrantBuilder, oAuth2ClientAuthenticationJwkResolver);
        }).password(passwordGrantBuilder -> {
            passwordGrantBuilderAccessTokenResponseClientCustomizer(passwordGrantBuilder, oAuth2ClientAuthenticationJwkResolver);
        }).provider(refreshTokenOAuth2AuthorizedClientProvider).provider(jwtBearerOAuth2AuthorizedClientProvider).provider(azureDelegatedOAuth2AuthorizedClientProvider(refreshTokenOAuth2AuthorizedClientProvider, oAuth2AuthorizedClientRepository)).build());
        return defaultOAuth2AuthorizedClientManager;
    }

    @ConditionalOnMissingBean
    @Bean
    JwtBearerOAuth2AuthorizedClientProvider azureAdJwtBearerProvider(ObjectProvider<OAuth2ClientAuthenticationJwkResolver> objectProvider) {
        JwtBearerOAuth2AuthorizedClientProvider jwtBearerOAuth2AuthorizedClientProvider = new JwtBearerOAuth2AuthorizedClientProvider();
        OAuth2ClientAuthenticationJwkResolver oAuth2ClientAuthenticationJwkResolver = (OAuth2ClientAuthenticationJwkResolver) objectProvider.getIfUnique();
        if (oAuth2ClientAuthenticationJwkResolver != null) {
            AadJwtBearerGrantRequestEntityConverter aadJwtBearerGrantRequestEntityConverter = new AadJwtBearerGrantRequestEntityConverter();
            Objects.requireNonNull(oAuth2ClientAuthenticationJwkResolver);
            aadJwtBearerGrantRequestEntityConverter.addParametersConverter(new AadJwtClientAuthenticationParametersConverter(oAuth2ClientAuthenticationJwkResolver::resolve));
            DefaultJwtBearerTokenResponseClient defaultJwtBearerTokenResponseClient = new DefaultJwtBearerTokenResponseClient();
            defaultJwtBearerTokenResponseClient.setRequestEntityConverter(aadJwtBearerGrantRequestEntityConverter);
            jwtBearerOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(defaultJwtBearerTokenResponseClient);
        }
        return jwtBearerOAuth2AuthorizedClientProvider;
    }

    @ConditionalOnMissingBean
    @Bean
    RefreshTokenOAuth2AuthorizedClientProvider azureRefreshTokenProvider(ObjectProvider<OAuth2ClientAuthenticationJwkResolver> objectProvider) {
        RefreshTokenOAuth2AuthorizedClientProvider refreshTokenOAuth2AuthorizedClientProvider = new RefreshTokenOAuth2AuthorizedClientProvider();
        OAuth2ClientAuthenticationJwkResolver oAuth2ClientAuthenticationJwkResolver = (OAuth2ClientAuthenticationJwkResolver) objectProvider.getIfUnique();
        if (oAuth2ClientAuthenticationJwkResolver != null) {
            OAuth2RefreshTokenGrantRequestEntityConverter oAuth2RefreshTokenGrantRequestEntityConverter = new OAuth2RefreshTokenGrantRequestEntityConverter();
            Objects.requireNonNull(oAuth2ClientAuthenticationJwkResolver);
            oAuth2RefreshTokenGrantRequestEntityConverter.addParametersConverter(new AadJwtClientAuthenticationParametersConverter(oAuth2ClientAuthenticationJwkResolver::resolve));
            DefaultRefreshTokenTokenResponseClient defaultRefreshTokenTokenResponseClient = new DefaultRefreshTokenTokenResponseClient();
            defaultRefreshTokenTokenResponseClient.setRequestEntityConverter(oAuth2RefreshTokenGrantRequestEntityConverter);
            refreshTokenOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(defaultRefreshTokenTokenResponseClient);
        }
        return refreshTokenOAuth2AuthorizedClientProvider;
    }

    private void passwordGrantBuilderAccessTokenResponseClientCustomizer(OAuth2AuthorizedClientProviderBuilder.PasswordGrantBuilder passwordGrantBuilder, OAuth2ClientAuthenticationJwkResolver oAuth2ClientAuthenticationJwkResolver) {
        if (oAuth2ClientAuthenticationJwkResolver != null) {
            OAuth2PasswordGrantRequestEntityConverter oAuth2PasswordGrantRequestEntityConverter = new OAuth2PasswordGrantRequestEntityConverter();
            Objects.requireNonNull(oAuth2ClientAuthenticationJwkResolver);
            oAuth2PasswordGrantRequestEntityConverter.addParametersConverter(new AadJwtClientAuthenticationParametersConverter(oAuth2ClientAuthenticationJwkResolver::resolve));
            DefaultPasswordTokenResponseClient defaultPasswordTokenResponseClient = new DefaultPasswordTokenResponseClient();
            defaultPasswordTokenResponseClient.setRequestEntityConverter(oAuth2PasswordGrantRequestEntityConverter);
            passwordGrantBuilder.accessTokenResponseClient(defaultPasswordTokenResponseClient);
        }
    }

    private void clientCredentialsGrantBuilderAccessTokenResponseClientCustomizer(OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder clientCredentialsGrantBuilder, OAuth2ClientAuthenticationJwkResolver oAuth2ClientAuthenticationJwkResolver) {
        if (oAuth2ClientAuthenticationJwkResolver != null) {
            OAuth2ClientCredentialsGrantRequestEntityConverter oAuth2ClientCredentialsGrantRequestEntityConverter = new OAuth2ClientCredentialsGrantRequestEntityConverter();
            Objects.requireNonNull(oAuth2ClientAuthenticationJwkResolver);
            oAuth2ClientCredentialsGrantRequestEntityConverter.addParametersConverter(new AadJwtClientAuthenticationParametersConverter(oAuth2ClientAuthenticationJwkResolver::resolve));
            DefaultClientCredentialsTokenResponseClient defaultClientCredentialsTokenResponseClient = new DefaultClientCredentialsTokenResponseClient();
            defaultClientCredentialsTokenResponseClient.setRequestEntityConverter(oAuth2ClientCredentialsGrantRequestEntityConverter);
            clientCredentialsGrantBuilder.accessTokenResponseClient(defaultClientCredentialsTokenResponseClient);
        }
    }

    private AadAzureDelegatedOAuth2AuthorizedClientProvider azureDelegatedOAuth2AuthorizedClientProvider(RefreshTokenOAuth2AuthorizedClientProvider refreshTokenOAuth2AuthorizedClientProvider, OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository) {
        return new AadAzureDelegatedOAuth2AuthorizedClientProvider(refreshTokenOAuth2AuthorizedClientProvider, oAuth2AuthorizedClientRepository);
    }
}
