package com.sap.cloud.security.spring.autoconfig;

import com.sap.cloud.security.config.ServiceConstants;
import com.sap.cloud.security.spring.config.IdentityServiceConfiguration;
import com.sap.cloud.security.spring.config.XsuaaServiceConfiguration;
import com.sap.cloud.security.spring.config.XsuaaServiceConfigurations;
import com.sap.cloud.security.spring.token.authentication.JwtDecoderBuilder;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.security.oauth2.resource.servlet.OAuth2ResourceServerAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder;

@EnableConfigurationProperties({XsuaaServiceConfiguration.class, IdentityServiceConfiguration.class, XsuaaServiceConfigurations.class})
@AutoConfigureBefore({OAuth2ResourceServerAutoConfiguration.class})
@Configuration
@ConditionalOnClass({Jwt.class})
@ConditionalOnProperty(name = {"sap.spring.security.hybrid.auto"}, havingValue = "true", matchIfMissing = true)
/* loaded from: input_file:com/sap/cloud/security/spring/autoconfig/HybridIdentityServicesAutoConfiguration.class */
public class HybridIdentityServicesAutoConfiguration {
    private static final Logger LOGGER = LoggerFactory.getLogger(HybridIdentityServicesAutoConfiguration.class);

    @ConditionalOnMissingBean({JwtDecoder.class})
    @Configuration
    @ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
    /* loaded from: input_file:com/sap/cloud/security/spring/autoconfig/HybridIdentityServicesAutoConfiguration$JwtDecoderConfigurations.class */
    public static class JwtDecoderConfigurations {
        XsuaaServiceConfigurations xsuaaConfigs;

        JwtDecoderConfigurations(XsuaaServiceConfigurations xsuaaServiceConfigurations) {
            this.xsuaaConfigs = xsuaaServiceConfigurations;
        }

        @ConditionalOnProperty({"sap.security.services.xsuaa.uaadomain"})
        @Bean
        public JwtDecoder hybridJwtDecoder(XsuaaServiceConfiguration xsuaaServiceConfiguration, IdentityServiceConfiguration identityServiceConfiguration) {
            HybridIdentityServicesAutoConfiguration.LOGGER.debug("auto-configures HybridJwtDecoder.");
            return new JwtDecoderBuilder().withIasServiceConfiguration(identityServiceConfiguration).withXsuaaServiceConfiguration(xsuaaServiceConfiguration).build();
        }

        @ConditionalOnProperty({"sap.security.services.xsuaa[0].uaadomain"})
        @Bean
        @Primary
        public JwtDecoder hybridJwtDecoderMultiXsuaaServices(IdentityServiceConfiguration identityServiceConfiguration) {
            HybridIdentityServicesAutoConfiguration.LOGGER.debug("auto-configures HybridJwtDecoder when bound to multiple xsuaa service instances.");
            List<XsuaaServiceConfiguration> configurations = this.xsuaaConfigs.getConfigurations();
            List<XsuaaServiceConfiguration> subList = configurations.subList(0, Math.min(2, configurations.size()));
            if (subList.size() == 2 && !ServiceConstants.Plan.BROKER.toString().equals(subList.get(1).getProperty("plan"))) {
                subList = subList.subList(0, 1);
            }
            return new JwtDecoderBuilder().withIasServiceConfiguration(identityServiceConfiguration).withXsuaaServiceConfigurations(subList).build();
        }

        @ConditionalOnMissingBean({JwtDecoder.class})
        @ConditionalOnProperty(name = {"sap.spring.security.identity.prooftoken"}, havingValue = "true")
        @Bean
        public JwtDecoder iasJwtDecoderWithProofTokenCheck(IdentityServiceConfiguration identityServiceConfiguration) {
            HybridIdentityServicesAutoConfiguration.LOGGER.debug("auto-configures iasJwtDecoderWithProofTokenCheck.");
            return new JwtDecoderBuilder().withIasServiceConfiguration(identityServiceConfiguration).enableProofTokenCheck().build();
        }

        @ConditionalOnMissingBean({JwtDecoder.class})
        @ConditionalOnProperty({"sap.security.services.identity.domains"})
        @Bean
        public JwtDecoder iasJwtDecoder(IdentityServiceConfiguration identityServiceConfiguration) {
            HybridIdentityServicesAutoConfiguration.LOGGER.debug("auto-configures IasJwtDecoder.");
            return new JwtDecoderBuilder().withIasServiceConfiguration(identityServiceConfiguration).build();
        }
    }

    HybridIdentityServicesAutoConfiguration() {
    }
}
