package org.springframework.security.oauth2.server.authorization.web;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.List;
import java.util.function.Consumer;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationServerMetadata;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.http.converter.OAuth2AuthorizationServerMetadataHttpMessageConverter;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-authorization-server-1.4.1.jar:org/springframework/security/oauth2/server/authorization/web/OAuth2AuthorizationServerMetadataEndpointFilter.class */
public final class OAuth2AuthorizationServerMetadataEndpointFilter extends OncePerRequestFilter {
    private static final String DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI = "/.well-known/oauth-authorization-server";
    private final RequestMatcher requestMatcher = createRequestMatcher();
    private final OAuth2AuthorizationServerMetadataHttpMessageConverter authorizationServerMetadataHttpMessageConverter = new OAuth2AuthorizationServerMetadataHttpMessageConverter();
    private Consumer<OAuth2AuthorizationServerMetadata.Builder> authorizationServerMetadataCustomizer = builder -> {
    };

    public void setAuthorizationServerMetadataCustomizer(Consumer<OAuth2AuthorizationServerMetadata.Builder> consumer) {
        Assert.notNull(consumer, "authorizationServerMetadataCustomizer cannot be null");
        this.authorizationServerMetadataCustomizer = consumer;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!this.requestMatcher.matches(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        AuthorizationServerContext context = AuthorizationServerContextHolder.getContext();
        String issuer = context.getIssuer();
        AuthorizationServerSettings authorizationServerSettings = context.getAuthorizationServerSettings();
        OAuth2AuthorizationServerMetadata.Builder builder = (OAuth2AuthorizationServerMetadata.Builder) ((OAuth2AuthorizationServerMetadata.Builder) ((OAuth2AuthorizationServerMetadata.Builder) ((OAuth2AuthorizationServerMetadata.Builder) ((OAuth2AuthorizationServerMetadata.Builder) ((OAuth2AuthorizationServerMetadata.Builder) ((OAuth2AuthorizationServerMetadata.Builder) ((OAuth2AuthorizationServerMetadata.Builder) ((OAuth2AuthorizationServerMetadata.Builder) ((OAuth2AuthorizationServerMetadata.Builder) ((OAuth2AuthorizationServerMetadata.Builder) ((OAuth2AuthorizationServerMetadata.Builder) ((OAuth2AuthorizationServerMetadata.Builder) ((OAuth2AuthorizationServerMetadata.Builder) ((OAuth2AuthorizationServerMetadata.Builder) ((OAuth2AuthorizationServerMetadata.Builder) ((OAuth2AuthorizationServerMetadata.Builder) ((OAuth2AuthorizationServerMetadata.Builder) OAuth2AuthorizationServerMetadata.builder().issuer(issuer)).authorizationEndpoint(asUrl(issuer, authorizationServerSettings.getAuthorizationEndpoint()))).deviceAuthorizationEndpoint(asUrl(issuer, authorizationServerSettings.getDeviceAuthorizationEndpoint()))).tokenEndpoint(asUrl(issuer, authorizationServerSettings.getTokenEndpoint()))).tokenEndpointAuthenticationMethods(clientAuthenticationMethods())).jwkSetUrl(asUrl(issuer, authorizationServerSettings.getJwkSetEndpoint()))).responseType(OAuth2AuthorizationResponseType.CODE.getValue())).grantType(AuthorizationGrantType.AUTHORIZATION_CODE.getValue())).grantType(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue())).grantType(AuthorizationGrantType.REFRESH_TOKEN.getValue())).grantType(AuthorizationGrantType.DEVICE_CODE.getValue())).grantType(AuthorizationGrantType.TOKEN_EXCHANGE.getValue())).tokenRevocationEndpoint(asUrl(issuer, authorizationServerSettings.getTokenRevocationEndpoint()))).tokenRevocationEndpointAuthenticationMethods(clientAuthenticationMethods())).tokenIntrospectionEndpoint(asUrl(issuer, authorizationServerSettings.getTokenIntrospectionEndpoint()))).tokenIntrospectionEndpointAuthenticationMethods(clientAuthenticationMethods())).codeChallengeMethod("S256")).tlsClientCertificateBoundAccessTokens(true);
        this.authorizationServerMetadataCustomizer.accept(builder);
        this.authorizationServerMetadataHttpMessageConverter.write(builder.build(), MediaType.APPLICATION_JSON, new ServletServerHttpResponse(httpServletResponse));
    }

    private static RequestMatcher createRequestMatcher() {
        AntPathRequestMatcher antPathRequestMatcher = new AntPathRequestMatcher(DEFAULT_OAUTH2_AUTHORIZATION_SERVER_METADATA_ENDPOINT_URI, HttpMethod.GET.name());
        AntPathRequestMatcher antPathRequestMatcher2 = new AntPathRequestMatcher("/.well-known/oauth-authorization-server/**", HttpMethod.GET.name());
        return httpServletRequest -> {
            return AuthorizationServerContextHolder.getContext().getAuthorizationServerSettings().isMultipleIssuersAllowed() ? antPathRequestMatcher2.matches(httpServletRequest) : antPathRequestMatcher.matches(httpServletRequest);
        };
    }

    private static Consumer<List<String>> clientAuthenticationMethods() {
        return list -> {
            list.add(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue());
            list.add(ClientAuthenticationMethod.CLIENT_SECRET_POST.getValue());
            list.add(ClientAuthenticationMethod.CLIENT_SECRET_JWT.getValue());
            list.add(ClientAuthenticationMethod.PRIVATE_KEY_JWT.getValue());
            list.add(ClientAuthenticationMethod.TLS_CLIENT_AUTH.getValue());
            list.add(ClientAuthenticationMethod.SELF_SIGNED_TLS_CLIENT_AUTH.getValue());
        };
    }

    private static String asUrl(String str, String str2) {
        return UriComponentsBuilder.fromUriString(str).path(str2).toUriString();
    }
}
