package com.okta.spring.oauth.implicit;

import com.okta.spring.config.OktaOAuth2Properties;
import com.okta.spring.oauth.OktaTokenServicesConfig;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.annotation.Primary;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfiguration;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.security.oauth2.provider.token.TokenStore;

@ConditionalOnBean({ResourceServerConfiguration.class})
@Configuration
@Import({OktaTokenServicesConfig.class})
/* loaded from: input_file:com/okta/spring/oauth/implicit/ResourceServerConfig.class */
public class ResourceServerConfig {
    private final OktaOAuth2Properties oktaOAuth2Properties;

    @Configuration
    @ConditionalOnProperty(name = {"okta.oauth2.localTokenValidation"}, matchIfMissing = true)
    /* loaded from: input_file:com/okta/spring/oauth/implicit/ResourceServerConfig$LocalTokenValidationConfig.class */
    public static class LocalTokenValidationConfig {
        @Bean
        @Primary
        protected ResourceServerTokenServices resourceServerTokenServices(TokenStore tokenStore, OktaOAuth2Properties oktaOAuth2Properties) {
            ImplicitAudienceValidatingTokenServices implicitAudienceValidatingTokenServices = new ImplicitAudienceValidatingTokenServices(oktaOAuth2Properties.getAudience());
            implicitAudienceValidatingTokenServices.setTokenStore(tokenStore);
            return implicitAudienceValidatingTokenServices;
        }
    }

    public ResourceServerConfig(OktaOAuth2Properties oktaOAuth2Properties) {
        this.oktaOAuth2Properties = oktaOAuth2Properties;
    }

    @ConditionalOnBean({ResourceServerTokenServices.class})
    @Bean
    @Primary
    public ResourceServerConfigurerAdapter oktaResourceServerConfigurerAdapter(final ResourceServerTokenServices resourceServerTokenServices) {
        return new ResourceServerConfigurerAdapter() { // from class: com.okta.spring.oauth.implicit.ResourceServerConfig.1
            public void configure(ResourceServerSecurityConfigurer resourceServerSecurityConfigurer) {
                resourceServerSecurityConfigurer.resourceId(ResourceServerConfig.this.oktaOAuth2Properties.getAudience());
                resourceServerSecurityConfigurer.tokenServices(resourceServerTokenServices);
            }
        };
    }
}
