package org.springframework.security.oauth2.config.annotation.web.configurers;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.servlet.Filter;
import org.apache.pdfbox.pdmodel.documentinterchange.taggedpdf.StandardStructureTypes;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExceptionHandlingConfigurer;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter;
import org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService;
import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpointHandlerMapping;
import org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.context.NullSecurityContextRepository;
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.accept.ContentNegotiationStrategy;
import org.springframework.web.accept.HeaderContentNegotiationStrategy;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-2.3.7.RELEASE.jar:org/springframework/security/oauth2/config/annotation/web/configurers/AuthorizationServerSecurityConfigurer.class */
public final class AuthorizationServerSecurityConfigurer extends SecurityConfigurerAdapter<DefaultSecurityFilterChain, HttpSecurity> {
    private AuthenticationEntryPoint authenticationEntryPoint;
    private PasswordEncoder passwordEncoder;
    private AccessDeniedHandler accessDeniedHandler = new OAuth2AccessDeniedHandler();
    private String realm = "oauth2/client";
    private boolean allowFormAuthenticationForClients = false;
    private String tokenKeyAccess = "denyAll()";
    private String checkTokenAccess = "denyAll()";
    private boolean sslOnly = false;
    private List<Filter> tokenEndpointAuthenticationFilters = new ArrayList();

    public AuthorizationServerSecurityConfigurer sslOnly() {
        this.sslOnly = true;
        return this;
    }

    public AuthorizationServerSecurityConfigurer allowFormAuthenticationForClients() {
        this.allowFormAuthenticationForClients = true;
        return this;
    }

    public AuthorizationServerSecurityConfigurer realm(String str) {
        this.realm = str;
        return this;
    }

    public AuthorizationServerSecurityConfigurer passwordEncoder(PasswordEncoder passwordEncoder) {
        this.passwordEncoder = passwordEncoder;
        return this;
    }

    public AuthorizationServerSecurityConfigurer authenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
        this.authenticationEntryPoint = authenticationEntryPoint;
        return this;
    }

    public AuthorizationServerSecurityConfigurer accessDeniedHandler(AccessDeniedHandler accessDeniedHandler) {
        this.accessDeniedHandler = accessDeniedHandler;
        return this;
    }

    public AuthorizationServerSecurityConfigurer tokenKeyAccess(String str) {
        this.tokenKeyAccess = str;
        return this;
    }

    public AuthorizationServerSecurityConfigurer checkTokenAccess(String str) {
        this.checkTokenAccess = str;
        return this;
    }

    public String getTokenKeyAccess() {
        return this.tokenKeyAccess;
    }

    public String getCheckTokenAccess() {
        return this.checkTokenAccess;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void init(HttpSecurity httpSecurity) throws Exception {
        registerDefaultAuthenticationEntryPoint(httpSecurity);
        if (this.passwordEncoder != null) {
            ClientDetailsUserDetailsService clientDetailsUserDetailsService = new ClientDetailsUserDetailsService(clientDetailsService());
            clientDetailsUserDetailsService.setPasswordEncoder(passwordEncoder());
            ((AuthenticationManagerBuilder) httpSecurity.getSharedObject(AuthenticationManagerBuilder.class)).userDetailsService(clientDetailsUserDetailsService).passwordEncoder(passwordEncoder());
        } else {
            httpSecurity.userDetailsService((UserDetailsService) new ClientDetailsUserDetailsService(clientDetailsService()));
        }
        ((HttpSecurity) ((HttpSecurity) httpSecurity.securityContext().securityContextRepository(new NullSecurityContextRepository()).and()).csrf().disable()).httpBasic().authenticationEntryPoint(this.authenticationEntryPoint).realmName(this.realm);
        if (this.sslOnly) {
            httpSecurity.requiresChannel().anyRequest().requiresSecure();
        }
    }

    private PasswordEncoder passwordEncoder() {
        return new PasswordEncoder() { // from class: org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer.1
            @Override // org.springframework.security.crypto.password.PasswordEncoder
            public boolean matches(CharSequence charSequence, String str) {
                if (StringUtils.hasText(str)) {
                    return AuthorizationServerSecurityConfigurer.this.passwordEncoder.matches(charSequence, str);
                }
                return true;
            }

            @Override // org.springframework.security.crypto.password.PasswordEncoder
            public String encode(CharSequence charSequence) {
                return AuthorizationServerSecurityConfigurer.this.passwordEncoder.encode(charSequence);
            }
        };
    }

    private void registerDefaultAuthenticationEntryPoint(HttpSecurity httpSecurity) {
        ExceptionHandlingConfigurer exceptionHandlingConfigurer = (ExceptionHandlingConfigurer) httpSecurity.getConfigurer(ExceptionHandlingConfigurer.class);
        if (exceptionHandlingConfigurer == null) {
            return;
        }
        if (this.authenticationEntryPoint == null) {
            BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
            basicAuthenticationEntryPoint.setRealmName(this.realm);
            this.authenticationEntryPoint = basicAuthenticationEntryPoint;
        }
        ContentNegotiationStrategy contentNegotiationStrategy = (ContentNegotiationStrategy) httpSecurity.getSharedObject(ContentNegotiationStrategy.class);
        if (contentNegotiationStrategy == null) {
            contentNegotiationStrategy = new HeaderContentNegotiationStrategy();
        }
        MediaTypeRequestMatcher mediaTypeRequestMatcher = new MediaTypeRequestMatcher(contentNegotiationStrategy, MediaType.APPLICATION_ATOM_XML, MediaType.APPLICATION_FORM_URLENCODED, MediaType.APPLICATION_JSON, MediaType.APPLICATION_OCTET_STREAM, MediaType.APPLICATION_XML, MediaType.MULTIPART_FORM_DATA, MediaType.TEXT_XML);
        mediaTypeRequestMatcher.setIgnoredMediaTypes(Collections.singleton(MediaType.ALL));
        exceptionHandlingConfigurer.defaultAuthenticationEntryPointFor((AuthenticationEntryPoint) postProcess(this.authenticationEntryPoint), mediaTypeRequestMatcher);
    }

    @Override // org.springframework.security.config.annotation.SecurityConfigurerAdapter, org.springframework.security.config.annotation.SecurityConfigurer
    public void configure(HttpSecurity httpSecurity) throws Exception {
        frameworkEndpointHandlerMapping();
        if (this.allowFormAuthenticationForClients) {
            clientCredentialsTokenEndpointFilter(httpSecurity);
        }
        Iterator<Filter> it = this.tokenEndpointAuthenticationFilters.iterator();
        while (it.hasNext()) {
            httpSecurity.addFilterBefore(it.next(), BasicAuthenticationFilter.class);
        }
        httpSecurity.exceptionHandling().accessDeniedHandler(this.accessDeniedHandler);
    }

    private ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter(HttpSecurity httpSecurity) {
        ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter = new ClientCredentialsTokenEndpointFilter(frameworkEndpointHandlerMapping().getServletPath("/oauth/token"));
        clientCredentialsTokenEndpointFilter.setAuthenticationManager((AuthenticationManager) httpSecurity.getSharedObject(AuthenticationManager.class));
        OAuth2AuthenticationEntryPoint oAuth2AuthenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
        oAuth2AuthenticationEntryPoint.setTypeName(StandardStructureTypes.FORM);
        oAuth2AuthenticationEntryPoint.setRealmName(this.realm);
        clientCredentialsTokenEndpointFilter.setAuthenticationEntryPoint(oAuth2AuthenticationEntryPoint);
        ClientCredentialsTokenEndpointFilter clientCredentialsTokenEndpointFilter2 = (ClientCredentialsTokenEndpointFilter) postProcess(clientCredentialsTokenEndpointFilter);
        httpSecurity.addFilterBefore((Filter) clientCredentialsTokenEndpointFilter2, BasicAuthenticationFilter.class);
        return clientCredentialsTokenEndpointFilter2;
    }

    private ClientDetailsService clientDetailsService() {
        return (ClientDetailsService) getBuilder().getSharedObject(ClientDetailsService.class);
    }

    private FrameworkEndpointHandlerMapping frameworkEndpointHandlerMapping() {
        return (FrameworkEndpointHandlerMapping) getBuilder().getSharedObject(FrameworkEndpointHandlerMapping.class);
    }

    public void addTokenEndpointAuthenticationFilter(Filter filter) {
        this.tokenEndpointAuthenticationFilters.add(filter);
    }

    public void tokenEndpointAuthenticationFilters(List<Filter> list) {
        Assert.notNull(list, "Custom authentication filter list must not be null");
        this.tokenEndpointAuthenticationFilters = new ArrayList(list);
    }
}
