package no.nav.security.token.support.spring;

import java.net.MalformedURLException;
import java.net.URL;
import java.util.EnumSet;
import javax.servlet.DispatcherType;
import no.nav.security.token.support.core.configuration.MultiIssuerConfiguration;
import no.nav.security.token.support.core.configuration.ProxyAwareResourceRetriever;
import no.nav.security.token.support.core.context.TokenValidationContextHolder;
import no.nav.security.token.support.core.validation.JwtTokenValidationHandler;
import no.nav.security.token.support.filter.JwtTokenExpiryFilter;
import no.nav.security.token.support.filter.JwtTokenValidationFilter;
import no.nav.security.token.support.spring.api.EnableJwtTokenValidation;
import no.nav.security.token.support.spring.validation.interceptor.BearerTokenClientHttpRequestInterceptor;
import no.nav.security.token.support.spring.validation.interceptor.JwtTokenHandlerInterceptor;
import no.nav.security.token.support.spring.validation.interceptor.SpringJwtTokenAnnotationHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.EnvironmentAware;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportAware;
import org.springframework.core.annotation.AnnotationAttributes;
import org.springframework.core.env.Environment;
import org.springframework.core.type.AnnotationMetadata;
import org.springframework.web.context.request.RequestContextListener;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@EnableConfigurationProperties({MultiIssuerProperties.class})
@Configuration
/* loaded from: input_file:no/nav/security/token/support/spring/EnableJwtTokenValidationConfiguration.class */
public class EnableJwtTokenValidationConfiguration implements WebMvcConfigurer, EnvironmentAware, ImportAware {
    private final Logger logger = LoggerFactory.getLogger(EnableJwtTokenValidationConfiguration.class);
    private Environment env;
    private AnnotationAttributes enableOIDCTokenValidation;

    public void addInterceptors(InterceptorRegistry interceptorRegistry) {
        interceptorRegistry.addInterceptor(getControllerInterceptor());
    }

    public void setEnvironment(Environment environment) {
        this.env = environment;
    }

    public void setImportMetadata(AnnotationMetadata annotationMetadata) {
        this.enableOIDCTokenValidation = AnnotationAttributes.fromMap(annotationMetadata.getAnnotationAttributes(EnableJwtTokenValidation.class.getName(), false));
        if (this.enableOIDCTokenValidation == null) {
            throw new IllegalArgumentException("@EnableJwtTokenValidation is not present on importing class " + annotationMetadata.getClassName());
        }
    }

    @Bean
    public ProxyAwareResourceRetriever oidcResourceRetriever() {
        return new ProxyAwareResourceRetriever(getConfiguredProxy(), Boolean.parseBoolean(this.env.getProperty("https.plaintext", "false")));
    }

    @Bean
    public MultiIssuerConfiguration multiIssuerConfiguration(MultiIssuerProperties multiIssuerProperties, ProxyAwareResourceRetriever proxyAwareResourceRetriever) {
        return new MultiIssuerConfiguration(multiIssuerProperties.getIssuer(), proxyAwareResourceRetriever);
    }

    @Bean
    public TokenValidationContextHolder oidcRequestContextHolder() {
        return new SpringTokenValidationContextHolder();
    }

    @Bean
    public RequestContextListener requestContextListener() {
        return new RequestContextListener();
    }

    @Bean
    public JwtTokenValidationFilter tokenValidationFilter(MultiIssuerConfiguration multiIssuerConfiguration, TokenValidationContextHolder tokenValidationContextHolder) {
        return new JwtTokenValidationFilter(new JwtTokenValidationHandler(multiIssuerConfiguration), tokenValidationContextHolder);
    }

    @Bean
    public BearerTokenClientHttpRequestInterceptor bearerTokenClientHttpRequestInterceptor(TokenValidationContextHolder tokenValidationContextHolder) {
        this.logger.info("creating bean for HttpClientOIDCAuthorizationInterceptor");
        return new BearerTokenClientHttpRequestInterceptor(tokenValidationContextHolder);
    }

    @Bean
    public JwtTokenHandlerInterceptor getControllerInterceptor() {
        this.logger.debug("registering OIDC token controller handler interceptor");
        return new JwtTokenHandlerInterceptor(this.enableOIDCTokenValidation, new SpringJwtTokenAnnotationHandler(new SpringTokenValidationContextHolder()));
    }

    @Bean
    @Qualifier("oidcTokenValidationFilterRegistrationBean")
    public FilterRegistrationBean<JwtTokenValidationFilter> oidcTokenValidationFilterRegistrationBean(JwtTokenValidationFilter jwtTokenValidationFilter, @Value("${no.nav.security.jwt.tokenvalidationfilter.order:-2147483648}") Integer num) {
        this.logger.info("Registering validation filter");
        FilterRegistrationBean<JwtTokenValidationFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        filterRegistrationBean.setFilter(jwtTokenValidationFilter);
        filterRegistrationBean.setMatchAfter(false);
        filterRegistrationBean.setDispatcherTypes(EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD, DispatcherType.ASYNC));
        filterRegistrationBean.setAsyncSupported(true);
        filterRegistrationBean.setOrder(num.intValue());
        return filterRegistrationBean;
    }

    @ConditionalOnProperty(name = {"no.nav.security.jwt.expirythreshold"}, matchIfMissing = false)
    @Bean
    @Qualifier("oidcTokenExpiryFilterRegistrationBean")
    public FilterRegistrationBean<JwtTokenExpiryFilter> oidcTokenExpiryFilterRegistrationBean(TokenValidationContextHolder tokenValidationContextHolder, @Value("${no.nav.security.jwt.expirythreshold}") long j) {
        this.logger.info("Registering expiry filter");
        FilterRegistrationBean<JwtTokenExpiryFilter> filterRegistrationBean = new FilterRegistrationBean<>();
        filterRegistrationBean.setFilter(new JwtTokenExpiryFilter(tokenValidationContextHolder, j));
        filterRegistrationBean.setMatchAfter(false);
        filterRegistrationBean.setDispatcherTypes(EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD, DispatcherType.ASYNC));
        filterRegistrationBean.setAsyncSupported(true);
        filterRegistrationBean.setOrder(2);
        return filterRegistrationBean;
    }

    private URL getConfiguredProxy() {
        String property = this.env.getProperty("http.proxy.parametername", "http.proxy");
        String property2 = this.env.getProperty(property);
        URL url = null;
        if (property2 == null || property2.trim().length() <= 0) {
            this.logger.info("No proxy configuration found [" + property + "]");
        } else {
            this.logger.info("Proxy configuration found [" + property + "] was " + property2);
            try {
                url = new URL(property2);
            } catch (MalformedURLException e) {
                throw new RuntimeException("config [" + property + "] is misconfigured: " + e, e);
            }
        }
        return url;
    }

    AnnotationAttributes getEnableOIDCTokenValidation() {
        return this.enableOIDCTokenValidation;
    }
}
