package org.springframework.security.oauth2.server.authorization.config.annotation.web.configuration;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.source.JWKSource;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import java.util.HashSet;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.AuthorizeHttpRequestsConfigurer;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.RequestMatcher;

@Configuration(proxyBeanMethods = false)
/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.class */
public class OAuth2AuthorizationServerConfiguration {
    @Bean
    @Order(Integer.MIN_VALUE)
    public SecurityFilterChain authorizationServerSecurityFilterChain(HttpSecurity httpSecurity) throws Exception {
        applyDefaultSecurity(httpSecurity);
        return (SecurityFilterChain) httpSecurity.build();
    }

    public static void applyDefaultSecurity(HttpSecurity httpSecurity) throws Exception {
        OAuth2AuthorizationServerConfigurer oAuth2AuthorizationServerConfigurer = new OAuth2AuthorizationServerConfigurer();
        RequestMatcher endpointsMatcher = oAuth2AuthorizationServerConfigurer.getEndpointsMatcher();
        httpSecurity.securityMatcher(endpointsMatcher).authorizeHttpRequests(authorizationManagerRequestMatcherRegistry -> {
            ((AuthorizeHttpRequestsConfigurer.AuthorizedUrl) authorizationManagerRequestMatcherRegistry.anyRequest()).authenticated();
        }).csrf(csrfConfigurer -> {
            csrfConfigurer.ignoringRequestMatchers(new RequestMatcher[]{endpointsMatcher});
        }).apply(oAuth2AuthorizationServerConfigurer);
    }

    public static JwtDecoder jwtDecoder(JWKSource<SecurityContext> jWKSource) {
        HashSet hashSet = new HashSet();
        hashSet.addAll(JWSAlgorithm.Family.RSA);
        hashSet.addAll(JWSAlgorithm.Family.EC);
        hashSet.addAll(JWSAlgorithm.Family.HMAC_SHA);
        DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
        defaultJWTProcessor.setJWSKeySelector(new JWSVerificationKeySelector(hashSet, jWKSource));
        defaultJWTProcessor.setJWTClaimsSetVerifier((jWTClaimsSet, securityContext) -> {
        });
        return new NimbusJwtDecoder(defaultJWTProcessor);
    }

    @Bean
    RegisterMissingBeanPostProcessor registerMissingBeanPostProcessor() {
        RegisterMissingBeanPostProcessor registerMissingBeanPostProcessor = new RegisterMissingBeanPostProcessor();
        registerMissingBeanPostProcessor.addBeanDefinition(AuthorizationServerSettings.class, () -> {
            return AuthorizationServerSettings.builder().build();
        });
        return registerMissingBeanPostProcessor;
    }
}
