package com.azure.spring.aad.webapi;

import com.azure.spring.aad.AADAuthorizationServerEndpoints;
import com.azure.spring.aad.webapi.validator.AADJwtAudienceValidator;
import com.azure.spring.aad.webapi.validator.AADJwtIssuerValidator;
import com.azure.spring.autoconfigure.aad.AADAuthenticationProperties;
import java.util.ArrayList;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnResource;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtTimestampValidator;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
import org.springframework.util.StringUtils;

@EnableConfigurationProperties({AADAuthenticationProperties.class})
@Configuration(proxyBeanMethods = false)
@ConditionalOnClass({BearerTokenAuthenticationToken.class})
@ConditionalOnResource(resources = {"classpath:aad.enable.config"})
/* loaded from: input_file:com/azure/spring/aad/webapi/AADResourceServerConfiguration.class */
public class AADResourceServerConfiguration {

    @Autowired
    private AADAuthenticationProperties aadAuthenticationProperties;

    @ConditionalOnMissingBean({WebSecurityConfigurerAdapter.class})
    @Configuration
    @EnableWebSecurity
    /* loaded from: input_file:com/azure/spring/aad/webapi/AADResourceServerConfiguration$DefaultAADResourceServerWebSecurityConfigurerAdapter.class */
    public static class DefaultAADResourceServerWebSecurityConfigurerAdapter extends AADResourceServerWebSecurityConfigurerAdapter {
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.azure.spring.aad.webapi.AADResourceServerWebSecurityConfigurerAdapter
        public void configure(HttpSecurity httpSecurity) throws Exception {
            super.configure(httpSecurity);
        }
    }

    @ConditionalOnMissingBean({JwtDecoder.class})
    @Bean
    public JwtDecoder jwtDecoder() {
        NimbusJwtDecoder build = NimbusJwtDecoder.withJwkSetUri(new AADAuthorizationServerEndpoints(this.aadAuthenticationProperties.getBaseUri(), this.aadAuthenticationProperties.getTenantId()).jwkSetEndpoint()).build();
        build.setJwtValidator(new DelegatingOAuth2TokenValidator(createDefaultValidator()));
        return build;
    }

    public List<OAuth2TokenValidator<Jwt>> createDefaultValidator() {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (StringUtils.hasText(this.aadAuthenticationProperties.getAppIdUri())) {
            arrayList2.add(this.aadAuthenticationProperties.getAppIdUri());
        }
        if (StringUtils.hasText(this.aadAuthenticationProperties.getClientId())) {
            arrayList2.add(this.aadAuthenticationProperties.getClientId());
        }
        if (!arrayList2.isEmpty()) {
            arrayList.add(new AADJwtAudienceValidator(arrayList2));
        }
        arrayList.add(new AADJwtIssuerValidator());
        arrayList.add(new JwtTimestampValidator());
        return arrayList;
    }
}
