package org.springframework.cloud.gcp.autoconfigure.security;

import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.security.oauth2.resource.servlet.OAuth2ResourceServerAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtValidators;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoderJwkSupport;
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;

@AutoConfigureBefore({OAuth2ResourceServerAutoConfiguration.class})
@EnableConfigurationProperties({IapAuthenticationProperties.class})
@Configuration
@ConditionalOnClass({NimbusJwtDecoderJwkSupport.class})
@ConditionalOnProperty({"spring.cloud.gcp.security.iap.enabled"})
/* loaded from: input_file:org/springframework/cloud/gcp/autoconfigure/security/IapAuthenticationAutoConfiguration.class */
public class IapAuthenticationAutoConfiguration {
    @ConditionalOnMissingBean
    @Bean
    public JwtDecoder iapJwtDecoder(IapAuthenticationProperties iapAuthenticationProperties) {
        NimbusJwtDecoderJwkSupport nimbusJwtDecoderJwkSupport = new NimbusJwtDecoderJwkSupport(iapAuthenticationProperties.getRegistry(), iapAuthenticationProperties.getAlgorithm());
        nimbusJwtDecoderJwkSupport.setJwtValidator(JwtValidators.createDefaultWithIssuer(iapAuthenticationProperties.getIssuer()));
        return nimbusJwtDecoderJwkSupport;
    }

    @ConditionalOnMissingBean
    @Bean
    public BearerTokenResolver iatTokenResolver(IapAuthenticationProperties iapAuthenticationProperties) {
        return httpServletRequest -> {
            return httpServletRequest.getHeader(iapAuthenticationProperties.getHeader());
        };
    }
}
