package no.nav.security.token.support.spring;

import com.nimbusds.jose.util.ResourceRetriever;
import java.net.URL;
import java.util.EnumSet;
import javax.servlet.DispatcherType;
import javax.servlet.Filter;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import no.nav.security.token.support.core.configuration.MultiIssuerConfiguration;
import no.nav.security.token.support.core.configuration.ProxyAwareResourceRetriever;
import no.nav.security.token.support.core.context.TokenValidationContextHolder;
import no.nav.security.token.support.core.validation.JwtTokenValidationHandler;
import no.nav.security.token.support.filter.JwtTokenExpiryFilter;
import no.nav.security.token.support.filter.JwtTokenValidationFilter;
import no.nav.security.token.support.spring.api.EnableJwtTokenValidation;
import no.nav.security.token.support.spring.validation.interceptor.BearerTokenClientHttpRequestInterceptor;
import no.nav.security.token.support.spring.validation.interceptor.JwtTokenHandlerInterceptor;
import no.nav.security.token.support.spring.validation.interceptor.SpringJwtTokenAnnotationHandler;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.ImportAware;
import org.springframework.core.annotation.AnnotationAttributes;
import org.springframework.core.env.Environment;
import org.springframework.core.type.AnnotationMetadata;
import org.springframework.web.context.request.RequestContextListener;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

/* compiled from: EnableJwtTokenValidationConfiguration.kt */
@EnableConfigurationProperties({MultiIssuerProperties.class})
@Configuration
@Metadata(mv = {1, 6, 0}, k = 1, xi = 48, d1 = {"��\u0098\u0001\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\t\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\b\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0017\u0018��2\u00020\u00012\u00020\u0002B\r\u0012\u0006\u0010\u0003\u001a\u00020\u0004¢\u0006\u0002\u0010\u0005J\u0010\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000eH\u0016J\u0010\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0012H\u0017J\n\u0010\u0013\u001a\u0004\u0018\u00010\u0014H\u0012J\b\u0010\u0015\u001a\u00020\u0016H\u0012J\u001a\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\u00122\b\b\u0001\u0010\u001a\u001a\u00020\u001bH\u0017J&\u0010\u001c\u001a\u0010\u0012\f\u0012\n \n*\u0004\u0018\u00010\u001e0\u001e0\u001d2\u0006\u0010\u001f\u001a\u00020\u001e2\u0006\u0010 \u001a\u00020!H\u0012J\u001a\u0010\"\u001a\u00020#2\u0006\u0010$\u001a\u00020%2\b\u0010&\u001a\u0004\u0018\u00010'H\u0017J\b\u0010(\u001a\u00020)H\u0017J\b\u0010*\u001a\u00020'H\u0017J\u001e\u0010+\u001a\u0010\u0012\f\u0012\n \n*\u0004\u0018\u00010\u001e0\u001e0\u001d2\u0006\u0010\u001f\u001a\u00020\u0018H\u0017J\u001e\u0010,\u001a\u0010\u0012\f\u0012\n \n*\u0004\u0018\u00010\u001e0\u001e0\u001d2\u0006\u0010\u001f\u001a\u00020-H\u0017J\b\u0010.\u001a\u00020/H\u0017J\u0010\u00100\u001a\u00020\f2\u0006\u00101\u001a\u000202H\u0016J\u001c\u00103\u001a\u00020-2\b\u00104\u001a\u0004\u0018\u00010#2\b\u0010\u0019\u001a\u0004\u0018\u00010\u0012H\u0017R\u000e\u0010\u0006\u001a\u00020\u0007X\u0092.¢\u0006\u0002\n��R\u000e\u0010\u0003\u001a\u00020\u0004X\u0092\u0004¢\u0006\u0002\n��R\u0016\u0010\b\u001a\n \n*\u0004\u0018\u00010\t0\tX\u0092\u0004¢\u0006\u0002\n��¨\u00065"}, d2 = {"Lno/nav/security/token/support/spring/EnableJwtTokenValidationConfiguration;", "Lorg/springframework/web/servlet/config/annotation/WebMvcConfigurer;", "Lorg/springframework/context/annotation/ImportAware;", "env", "Lorg/springframework/core/env/Environment;", "(Lorg/springframework/core/env/Environment;)V", "attrs", "Lorg/springframework/core/annotation/AnnotationAttributes;", "log", "Lorg/slf4j/Logger;", "kotlin.jvm.PlatformType", "addInterceptors", "", "registry", "Lorg/springframework/web/servlet/config/annotation/InterceptorRegistry;", "bearerTokenClientHttpRequestInterceptor", "Lno/nav/security/token/support/spring/validation/interceptor/BearerTokenClientHttpRequestInterceptor;", "tokenValidationContextHolder", "Lno/nav/security/token/support/core/context/TokenValidationContextHolder;", "configuredProxy", "Ljava/net/URL;", "controllerInterceptor", "Lno/nav/security/token/support/spring/validation/interceptor/JwtTokenHandlerInterceptor;", "expiryFilter", "Lno/nav/security/token/support/filter/JwtTokenExpiryFilter;", "h", "threshold", "", "filterRegistrationBeanFor", "Lorg/springframework/boot/web/servlet/FilterRegistrationBean;", "Ljavax/servlet/Filter;", "filter", "order", "", "multiIssuerConfiguration", "Lno/nav/security/token/support/core/configuration/MultiIssuerConfiguration;", "issuerProperties", "Lno/nav/security/token/support/spring/MultiIssuerProperties;", "resourceRetriever", "Lno/nav/security/token/support/core/configuration/ProxyAwareResourceRetriever;", "oidcRequestContextHolder", "Lno/nav/security/token/support/spring/SpringTokenValidationContextHolder;", "oidcResourceRetriever", "oidcTokenExpiryFilterRegistrationBean", "oidcTokenValidationFilterRegistrationBean", "Lno/nav/security/token/support/filter/JwtTokenValidationFilter;", "requestContextListener", "Lorg/springframework/web/context/request/RequestContextListener;", "setImportMetadata", "meta", "Lorg/springframework/core/type/AnnotationMetadata;", "tokenValidationFilter", "config", "token-validation-spring"})
/* loaded from: input_file:no/nav/security/token/support/spring/EnableJwtTokenValidationConfiguration.class */
public class EnableJwtTokenValidationConfiguration implements WebMvcConfigurer, ImportAware {

    @NotNull
    private final Environment env;
    private final Logger log;
    private AnnotationAttributes attrs;

    public EnableJwtTokenValidationConfiguration(@NotNull Environment environment) {
        Intrinsics.checkNotNullParameter(environment, "env");
        this.env = environment;
        this.log = LoggerFactory.getLogger(EnableJwtTokenValidationConfiguration.class);
    }

    public void addInterceptors(@NotNull InterceptorRegistry interceptorRegistry) {
        Intrinsics.checkNotNullParameter(interceptorRegistry, "registry");
        interceptorRegistry.addInterceptor(controllerInterceptor());
    }

    public void setImportMetadata(@NotNull AnnotationMetadata annotationMetadata) {
        Intrinsics.checkNotNullParameter(annotationMetadata, "meta");
        AnnotationAttributes fromMap = AnnotationAttributes.fromMap(annotationMetadata.getAnnotationAttributes(EnableJwtTokenValidation.class.getName(), false));
        if (fromMap == null) {
            throw new IllegalArgumentException("@EnableJwtTokenValidation is not present on importing class " + annotationMetadata + ".className");
        }
        this.attrs = fromMap;
    }

    @Bean
    @NotNull
    public ProxyAwareResourceRetriever oidcResourceRetriever() {
        URL configuredProxy = configuredProxy();
        Object property = this.env.getProperty("https.plaintext", Boolean.TYPE, false);
        Intrinsics.checkNotNullExpressionValue(property, "env.getProperty(\"https.p…olean::class.java, false)");
        return new ProxyAwareResourceRetriever(configuredProxy, ((Boolean) property).booleanValue());
    }

    @Bean
    @NotNull
    public MultiIssuerConfiguration multiIssuerConfiguration(@NotNull MultiIssuerProperties multiIssuerProperties, @Nullable ProxyAwareResourceRetriever proxyAwareResourceRetriever) {
        Intrinsics.checkNotNullParameter(multiIssuerProperties, "issuerProperties");
        return new MultiIssuerConfiguration(multiIssuerProperties.getIssuer(), (ResourceRetriever) proxyAwareResourceRetriever);
    }

    @Bean
    @NotNull
    public SpringTokenValidationContextHolder oidcRequestContextHolder() {
        return new SpringTokenValidationContextHolder();
    }

    @Bean
    @NotNull
    public RequestContextListener requestContextListener() {
        return new RequestContextListener();
    }

    @Bean
    @NotNull
    public JwtTokenValidationFilter tokenValidationFilter(@Nullable MultiIssuerConfiguration multiIssuerConfiguration, @Nullable TokenValidationContextHolder tokenValidationContextHolder) {
        return new JwtTokenValidationFilter(new JwtTokenValidationHandler(multiIssuerConfiguration), tokenValidationContextHolder);
    }

    @ConditionalOnProperty({"no.nav.security.jwt.expirythreshold"})
    @Bean
    @NotNull
    public JwtTokenExpiryFilter expiryFilter(@NotNull TokenValidationContextHolder tokenValidationContextHolder, @Value("${no.nav.security.jwt.expirythreshold}") long j) {
        Intrinsics.checkNotNullParameter(tokenValidationContextHolder, "h");
        return new JwtTokenExpiryFilter(tokenValidationContextHolder, j);
    }

    @ConditionalOnProperty(value = {"no.nav.security.jwt.dont-propagate-bearertoken"}, matchIfMissing = true)
    @Bean
    @NotNull
    public BearerTokenClientHttpRequestInterceptor bearerTokenClientHttpRequestInterceptor(@NotNull TokenValidationContextHolder tokenValidationContextHolder) {
        Intrinsics.checkNotNullParameter(tokenValidationContextHolder, "tokenValidationContextHolder");
        return new BearerTokenClientHttpRequestInterceptor(tokenValidationContextHolder);
    }

    @Bean
    @NotNull
    public FilterRegistrationBean<Filter> oidcTokenValidationFilterRegistrationBean(@NotNull JwtTokenValidationFilter jwtTokenValidationFilter) {
        Intrinsics.checkNotNullParameter(jwtTokenValidationFilter, "filter");
        return filterRegistrationBeanFor((Filter) jwtTokenValidationFilter, Integer.MIN_VALUE);
    }

    @ConditionalOnProperty({"no.nav.security.jwt.expirythreshold"})
    @Bean
    @NotNull
    public FilterRegistrationBean<Filter> oidcTokenExpiryFilterRegistrationBean(@NotNull JwtTokenExpiryFilter jwtTokenExpiryFilter) {
        Intrinsics.checkNotNullParameter(jwtTokenExpiryFilter, "filter");
        return filterRegistrationBeanFor((Filter) jwtTokenExpiryFilter, 2);
    }

    private FilterRegistrationBean<Filter> filterRegistrationBeanFor(Filter filter, int i) {
        FilterRegistrationBean<Filter> filterRegistrationBean = new FilterRegistrationBean<>(filter, new ServletRegistrationBean[0]);
        this.log.info("Registering " + filter.getClass().getSimpleName());
        filterRegistrationBean.setOrder(i);
        filterRegistrationBean.setDispatcherTypes(EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD, DispatcherType.ASYNC));
        return filterRegistrationBean;
    }

    private JwtTokenHandlerInterceptor controllerInterceptor() {
        AnnotationAttributes annotationAttributes = this.attrs;
        if (annotationAttributes == null) {
            Intrinsics.throwUninitializedPropertyAccessException("attrs");
            annotationAttributes = null;
        }
        return new JwtTokenHandlerInterceptor(annotationAttributes, new SpringJwtTokenAnnotationHandler(new SpringTokenValidationContextHolder()));
    }

    private URL configuredProxy() {
        URL url = (URL) this.env.getProperty(this.env.getProperty("http.proxy.parametername", "http.proxy"), URL.class);
        if (url == null) {
            return null;
        }
        String property = this.env.getProperty("nais.cluster.name", "local");
        Intrinsics.checkNotNullExpressionValue(property, "env.getProperty(\"nais.cluster.name\",\"local\")");
        if (StringsKt.contains$default(property, "gcp", false, 2, (Object) null)) {
            this.log.warn("You have enabled proxying in GCP, this is probably not what you want");
        }
        return url;
    }
}
