package no.nav.security.token.support.client.spring.oauth2;

import java.util.Optional;
import no.nav.security.token.support.client.core.OAuth2CacheFactory;
import no.nav.security.token.support.client.core.context.JwtBearerTokenResolver;
import no.nav.security.token.support.client.core.http.OAuth2HttpClient;
import no.nav.security.token.support.client.core.oauth2.ClientCredentialsTokenClient;
import no.nav.security.token.support.client.core.oauth2.OAuth2AccessTokenService;
import no.nav.security.token.support.client.core.oauth2.OnBehalfOfTokenClient;
import no.nav.security.token.support.client.core.oauth2.TokenExchangeClient;
import no.nav.security.token.support.client.spring.ClientConfigurationProperties;
import no.nav.security.token.support.core.context.TokenValidationContextHolder;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportAware;
import org.springframework.core.annotation.AnnotationAttributes;
import org.springframework.core.type.AnnotationMetadata;

@EnableConfigurationProperties({ClientConfigurationProperties.class})
@Configuration
/* loaded from: input_file:no/nav/security/token/support/client/spring/oauth2/OAuth2ClientConfiguration.class */
public class OAuth2ClientConfiguration implements ImportAware {
    private AnnotationAttributes enableOAuth2ClientAttributes;

    public void setImportMetadata(AnnotationMetadata annotationMetadata) {
        this.enableOAuth2ClientAttributes = AnnotationAttributes.fromMap(annotationMetadata.getAnnotationAttributes(EnableOAuth2Client.class.getName(), false));
        if (this.enableOAuth2ClientAttributes == null) {
            throw new IllegalArgumentException("@EnableOAuth2Client is not present on importing class " + annotationMetadata.getClassName());
        }
    }

    @Bean
    OAuth2AccessTokenService oAuth2AccessTokenService(JwtBearerTokenResolver jwtBearerTokenResolver, OAuth2HttpClient oAuth2HttpClient) {
        OAuth2AccessTokenService oAuth2AccessTokenService = new OAuth2AccessTokenService(jwtBearerTokenResolver, new OnBehalfOfTokenClient(oAuth2HttpClient), new ClientCredentialsTokenClient(oAuth2HttpClient), new TokenExchangeClient(oAuth2HttpClient));
        if (this.enableOAuth2ClientAttributes != null && this.enableOAuth2ClientAttributes.getBoolean("cacheEnabled")) {
            long longValue = ((Long) this.enableOAuth2ClientAttributes.getNumber("cacheMaximumSize")).longValue();
            long longValue2 = ((Long) this.enableOAuth2ClientAttributes.getNumber("cacheEvictSkew")).longValue();
            oAuth2AccessTokenService.setClientCredentialsGrantCache(OAuth2CacheFactory.accessTokenResponseCache(longValue, longValue2));
            oAuth2AccessTokenService.setOnBehalfOfGrantCache(OAuth2CacheFactory.accessTokenResponseCache(longValue, longValue2));
            oAuth2AccessTokenService.setExchangeGrantCache(OAuth2CacheFactory.accessTokenResponseCache(longValue, longValue2));
        }
        return oAuth2AccessTokenService;
    }

    @Bean
    OAuth2HttpClient oAuth2HttpClient(RestTemplateBuilder restTemplateBuilder) {
        return new DefaultOAuth2HttpClient(restTemplateBuilder);
    }

    @ConditionalOnClass({TokenValidationContextHolder.class})
    @Bean
    JwtBearerTokenResolver jwtBearerTokenResolver(TokenValidationContextHolder tokenValidationContextHolder) {
        return () -> {
            return tokenValidationContextHolder.getTokenValidationContext() != null ? tokenValidationContextHolder.getTokenValidationContext().getFirstValidToken().map((v0) -> {
                return v0.getTokenAsString();
            }) : Optional.empty();
        };
    }

    @ConditionalOnMissingBean({JwtBearerTokenResolver.class})
    @ConditionalOnMissingClass({"no.nav.security.token.support.core.context.TokenValidationContextHolder"})
    @Bean
    JwtBearerTokenResolver noopJwtBearerTokenResolver() {
        return () -> {
            throw new UnsupportedOperationException(String.format("a no-op implementation of %s is registered, cannot get token to exchange required for OnBehalfOf/TokenExchange grant", JwtBearerTokenResolver.class));
        };
    }
}
