package org.springframework.security.oauth2.config.annotation.web.configurers;

import java.util.Collections;
import javax.servlet.Filter;
import org.springframework.http.MediaType;
import org.springframework.security.access.expression.SecurityExpressionHandler;
import org.springframework.security.authentication.AuthenticationEventPublisher;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationManager;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter;
import org.springframework.security.oauth2.provider.authentication.TokenExtractor;
import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.security.oauth2.provider.expression.OAuth2WebSecurityExpressionHandler;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.InMemoryTokenStore;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.accept.ContentNegotiationStrategy;
import org.springframework.web.accept.HeaderContentNegotiationStrategy;

/* loaded from: input_file:WEB-INF/lib/spring-security-oauth2-2.0.17.RELEASE.jar:org/springframework/security/oauth2/config/annotation/web/configurers/ResourceServerSecurityConfigurer.class */
public final class ResourceServerSecurityConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
    private OAuth2AuthenticationProcessingFilter resourcesServerFilter;
    private AuthenticationManager authenticationManager;
    private ResourceServerTokenServices resourceTokenServices;
    private TokenExtractor tokenExtractor;
    private AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
    private AccessDeniedHandler accessDeniedHandler = new OAuth2AccessDeniedHandler();
    private AuthenticationEventPublisher eventPublisher = null;
    private TokenStore tokenStore = new InMemoryTokenStore();
    private String resourceId = "oauth2-resource";
    private SecurityExpressionHandler<FilterInvocation> expressionHandler = new OAuth2WebSecurityExpressionHandler();
    private boolean stateless = true;

    public ResourceServerSecurityConfigurer() {
        resourceId(this.resourceId);
    }

    private ClientDetailsService clientDetails() {
        return (ClientDetailsService) getBuilder().getSharedObject(ClientDetailsService.class);
    }

    public TokenStore getTokenStore() {
        return this.tokenStore;
    }

    public ResourceServerSecurityConfigurer stateless(boolean z) {
        this.stateless = z;
        return this;
    }

    public ResourceServerSecurityConfigurer authenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
        this.authenticationEntryPoint = authenticationEntryPoint;
        return this;
    }

    public ResourceServerSecurityConfigurer accessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
        this.accessDeniedHandler = accessDeniedHandler;
        return this;
    }

    public ResourceServerSecurityConfigurer tokenStore(TokenStore tokenStore) {
        Assert.state(tokenStore != null, "TokenStore cannot be null");
        this.tokenStore = tokenStore;
        return this;
    }

    public ResourceServerSecurityConfigurer eventPublisher(AuthenticationEventPublisher authenticationEventPublisher) {
        Assert.state(authenticationEventPublisher != null, "AuthenticationEventPublisher cannot be null");
        this.eventPublisher = authenticationEventPublisher;
        return this;
    }

    public ResourceServerSecurityConfigurer expressionHandler(SecurityExpressionHandler<FilterInvocation> securityExpressionHandler) {
        Assert.state(securityExpressionHandler != null, "SecurityExpressionHandler cannot be null");
        this.expressionHandler = securityExpressionHandler;
        return this;
    }

    public ResourceServerSecurityConfigurer tokenExtractor(TokenExtractor tokenExtractor) {
        Assert.state(tokenExtractor != null, "TokenExtractor cannot be null");
        this.tokenExtractor = tokenExtractor;
        return this;
    }

    public ResourceServerSecurityConfigurer authenticationManager(AuthenticationManager authenticationManager) {
        Assert.state(authenticationManager != null, "AuthenticationManager cannot be null");
        this.authenticationManager = authenticationManager;
        return this;
    }

    public ResourceServerSecurityConfigurer tokenServices(ResourceServerTokenServices resourceServerTokenServices) {
        Assert.state(resourceServerTokenServices != null, "ResourceServerTokenServices cannot be null");
        this.resourceTokenServices = resourceServerTokenServices;
        return this;
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void init(HttpSecurity httpSecurity) throws Exception {
        registerDefaultAuthenticationEntryPoint(httpSecurity);
    }

    private void registerDefaultAuthenticationEntryPoint(HttpSecurity httpSecurity) {
        ExceptionHandlingConfigurer exceptionHandlingConfigurer = (ExceptionHandlingConfigurer) httpSecurity.getConfigurer(ExceptionHandlingConfigurer.class);
        if (exceptionHandlingConfigurer == null) {
            return;
        }
        ContentNegotiationStrategy contentNegotiationStrategy = (ContentNegotiationStrategy) httpSecurity.getSharedObject(ContentNegotiationStrategy.class);
        if (contentNegotiationStrategy == null) {
            contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
        }
        MediaTypeRequestMatcher mediaTypeRequestMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_ATOM_XML, MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON, MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML, MediaType.MULTIPART_FORM_DATA, MediaType.TEXT_XML);
        mediaTypeRequestMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
        exceptionHandlingConfigurer.defaultAuthenticationEntryPointFor((AuthenticationEntryPoint) postProcess(this.authenticationEntryPoint), mediaTypeRequestMatcher);
    }

    public ResourceServerSecurityConfigurer resourceId(String str) {
        this.resourceId = str;
        if (this.authenticationEntryPoint instanceof OAuth2AuthenticationEntryPoint) {
            ((OAuth2AuthenticationEntryPoint) this.authenticationEntryPoint).setRealmName(str);
        }
        return this;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(HttpSecurity httpSecurity) throws Exception {
        AuthenticationManager oauthAuthenticationManager = oauthAuthenticationManager(httpSecurity);
        this.resourcesServerFilter = new OAuth2AuthenticationProcessingFilter();
        this.resourcesServerFilter.setAuthenticationEntryPoint(this.authenticationEntryPoint);
        this.resourcesServerFilter.setAuthenticationManager(oauthAuthenticationManager);
        if (this.eventPublisher != null) {
            this.resourcesServerFilter.setAuthenticationEventPublisher(this.eventPublisher);
        }
        if (this.tokenExtractor != null) {
            this.resourcesServerFilter.setTokenExtractor(this.tokenExtractor);
        }
        this.resourcesServerFilter = (OAuth2AuthenticationProcessingFilter) postProcess(this.resourcesServerFilter);
        this.resourcesServerFilter.setStateless(this.stateless);
        ((HttpSecurity) httpSecurity.authorizeRequests().expressionHandler(this.expressionHandler).and()).addFilterBefore((Filter) this.resourcesServerFilter, AbstractPreAuthenticatedProcessingFilter.class).exceptionHandling().accessDeniedHandler(this.accessDeniedHandler).authenticationEntryPoint(this.authenticationEntryPoint);
    }

    private AuthenticationManager oauthAuthenticationManager(HttpSecurity httpSecurity) {
        OAuth2AuthenticationManager oAuth2AuthenticationManager = new OAuth2AuthenticationManager();
        if (this.authenticationManager != null) {
            if (!(this.authenticationManager instanceof OAuth2AuthenticationManager)) {
                return this.authenticationManager;
            }
            oAuth2AuthenticationManager = (OAuth2AuthenticationManager) this.authenticationManager;
        }
        oAuth2AuthenticationManager.setResourceId(this.resourceId);
        oAuth2AuthenticationManager.setTokenServices(resourceTokenServices(httpSecurity));
        oAuth2AuthenticationManager.setClientDetailsService(clientDetails());
        return oAuth2AuthenticationManager;
    }

    private ResourceServerTokenServices resourceTokenServices(HttpSecurity httpSecurity) {
        tokenServices(httpSecurity);
        return this.resourceTokenServices;
    }

    private ResourceServerTokenServices tokenServices(HttpSecurity httpSecurity) {
        if (this.resourceTokenServices != null) {
            return this.resourceTokenServices;
        }
        DefaultTokenServices defaultTokenServices = new DefaultTokenServices();
        defaultTokenServices.setTokenStore(tokenStore());
        defaultTokenServices.setSupportRefreshToken(true);
        defaultTokenServices.setClientDetailsService(clientDetails());
        this.resourceTokenServices = defaultTokenServices;
        return defaultTokenServices;
    }

    private TokenStore tokenStore() {
        Assert.state(this.tokenStore != null, "TokenStore cannot be null");
        return this.tokenStore;
    }

    public AccessDeniedHandler getAccessDeniedHandler() {
        return this.accessDeniedHandler;
    }
}
