package org.springframework.boot.autoconfigure.security.oauth2.resource;

import org.springframework.beans.BeanUtils;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.boot.autoconfigure.condition.ConditionMessage;
import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.condition.SpringBootCondition;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.bind.RelaxedPropertyResolver;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Condition;
import org.springframework.context.annotation.ConditionContext;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ConfigurationCondition;
import org.springframework.context.annotation.Import;
import org.springframework.core.annotation.AnnotationUtils;
import org.springframework.core.env.Environment;
import org.springframework.core.type.AnnotatedTypeMetadata;
import org.springframework.core.type.StandardAnnotationMetadata;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerEndpointsConfiguration;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.util.ClassUtils;
import org.springframework.util.StringUtils;

@Configuration
@ConditionalOnClass({EnableResourceServer.class, SecurityProperties.class})
@Conditional({ResourceServerCondition.class})
@ConditionalOnBean({ResourceServerConfiguration.class})
@ConditionalOnWebApplication
@Import({ResourceServerTokenServicesConfiguration.class})
/* loaded from: input_file:WEB-INF/lib/spring-boot-autoconfigure-1.5.1.RELEASE.jar:org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerConfiguration.class */
public class OAuth2ResourceServerConfiguration {
    private final ResourceServerProperties resource;

    @ConditionalOnBean({AuthorizationServerEndpointsConfiguration.class})
    /* loaded from: input_file:WEB-INF/lib/spring-boot-autoconfigure-1.5.1.RELEASE.jar:org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerConfiguration$AuthorizationServerEndpointsConfigurationBeanCondition.class */
    private static class AuthorizationServerEndpointsConfigurationBeanCondition {
        private AuthorizationServerEndpointsConfigurationBeanCondition() {
        }

        public static boolean matches(ConditionContext conditionContext) {
            Conditional conditional = (Conditional) AnnotationUtils.findAnnotation((Class<?>) AuthorizationServerEndpointsConfigurationBeanCondition.class, Conditional.class);
            StandardAnnotationMetadata standardAnnotationMetadata = new StandardAnnotationMetadata(AuthorizationServerEndpointsConfigurationBeanCondition.class);
            for (Class<? extends Condition> cls : conditional.value()) {
                if (((Condition) BeanUtils.instantiateClass(cls)).matches(conditionContext, standardAnnotationMetadata)) {
                    return true;
                }
            }
            return false;
        }
    }

    /* loaded from: input_file:WEB-INF/lib/spring-boot-autoconfigure-1.5.1.RELEASE.jar:org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerConfiguration$ResourceSecurityConfigurer.class */
    protected static class ResourceSecurityConfigurer extends ResourceServerConfigurerAdapter {
        private ResourceServerProperties resource;

        public ResourceSecurityConfigurer(ResourceServerProperties resourceServerProperties) {
            this.resource = resourceServerProperties;
        }

        public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) throws Exception {
            resourceServerSecurityConfigurer.resourceId(this.resource.getResourceId());
        }

        public void configure(HttpSecurity httpSecurity) throws Exception {
            httpSecurity.authorizeRequests().anyRequest().authenticated();
        }
    }

    /* loaded from: input_file:WEB-INF/lib/spring-boot-autoconfigure-1.5.1.RELEASE.jar:org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerConfiguration$ResourceServerCondition.class */
    protected static class ResourceServerCondition extends SpringBootCondition implements ConfigurationCondition {
        private static final String AUTHORIZATION_ANNOTATION = "org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerEndpointsConfiguration";

        protected ResourceServerCondition() {
        }

        @Override // org.springframework.context.annotation.ConfigurationCondition
        public ConfigurationCondition.ConfigurationPhase getConfigurationPhase() {
            return ConfigurationCondition.ConfigurationPhase.REGISTER_BEAN;
        }

        @Override // org.springframework.boot.autoconfigure.condition.SpringBootCondition
        public ConditionOutcome getMatchOutcome(ConditionContext conditionContext, AnnotatedTypeMetadata annotatedTypeMetadata) {
            ConditionMessage.Builder forCondition = ConditionMessage.forCondition("OAuth ResourceServer Condition", new Object[0]);
            Environment environment = conditionContext.getEnvironment();
            RelaxedPropertyResolver relaxedPropertyResolver = new RelaxedPropertyResolver(environment, "security.oauth2.resource.");
            return hasOAuthClientId(environment) ? ConditionOutcome.match(forCondition.foundExactly("client-id property")) : !relaxedPropertyResolver.getSubProperties("jwt").isEmpty() ? ConditionOutcome.match(forCondition.foundExactly("JWT resource configuration")) : StringUtils.hasText(relaxedPropertyResolver.getProperty("user-info-uri")) ? ConditionOutcome.match(forCondition.foundExactly("user-info-uri property")) : (ClassUtils.isPresent(AUTHORIZATION_ANNOTATION, null) && AuthorizationServerEndpointsConfigurationBeanCondition.matches(conditionContext)) ? ConditionOutcome.match(forCondition.found("class").items(AUTHORIZATION_ANNOTATION)) : ConditionOutcome.noMatch(forCondition.didNotFind("client id, JWT resource or authorization server").atAll());
        }

        private boolean hasOAuthClientId(Environment environment) {
            return StringUtils.hasLength(new RelaxedPropertyResolver(environment, "security.oauth2.client.").getProperty("client-id", ""));
        }
    }

    /* loaded from: input_file:WEB-INF/lib/spring-boot-autoconfigure-1.5.1.RELEASE.jar:org/springframework/boot/autoconfigure/security/oauth2/resource/OAuth2ResourceServerConfiguration$ResourceServerFilterChainOrderProcessor.class */
    private static final class ResourceServerFilterChainOrderProcessor implements BeanPostProcessor {
        private final ResourceServerProperties properties;

        private ResourceServerFilterChainOrderProcessor(ResourceServerProperties resourceServerProperties) {
            this.properties = resourceServerProperties;
        }

        @Override // org.springframework.beans.factory.config.BeanPostProcessor
        public Object postProcessBeforeInitialization(Object obj, String str) throws BeansException {
            return obj;
        }

        @Override // org.springframework.beans.factory.config.BeanPostProcessor
        public Object postProcessAfterInitialization(Object obj, String str) throws BeansException {
            if (obj instanceof ResourceServerConfiguration) {
                ((ResourceServerConfiguration) obj).setOrder(this.properties.getFilterOrder());
            }
            return obj;
        }
    }

    public OAuth2ResourceServerConfiguration(ResourceServerProperties resourceServerProperties) {
        this.resource = resourceServerProperties;
    }

    @ConditionalOnMissingBean({ResourceServerConfigurer.class})
    @Bean
    public ResourceServerConfigurer resourceServer() {
        return new ResourceSecurityConfigurer(this.resource);
    }

    @Bean
    public static ResourceServerFilterChainOrderProcessor resourceServerFilterChainOrderProcessor(ResourceServerProperties resourceServerProperties) {
        return new ResourceServerFilterChainOrderProcessor(resourceServerProperties);
    }
}
