package org.opentmf.security.config;

import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.source.JWKSourceBuilder;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import java.io.IOException;
import java.net.URL;
import lombok.Generated;
import org.opentmf.security.model.OpenTmfSecurityProperties;
import org.opentmf.security.util.ServletResourceRetriever;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
import org.springframework.util.ResourceUtils;

@EnableConfigurationProperties({OpenTmfSecurityProperties.class})
@AutoConfiguration
/* loaded from: input_file:org/opentmf/security/config/ServletJwtAutoConfiguration.class */
public class ServletJwtAutoConfiguration {
    private final OpenTmfSecurityProperties openTmfSecurityProperties;

    @Bean
    public JwtDecoder jwtDecoder() throws IOException {
        return ResourceUtils.isFileURL(this.openTmfSecurityProperties.getJwkSetUri().getURL()) ? customJwtDecoder() : defaultJwtDecoder();
    }

    private JwtDecoder defaultJwtDecoder() throws IOException {
        return NimbusJwtDecoder.withJwkSetUri(this.openTmfSecurityProperties.getJwkSetUri().getURL().toString()).build();
    }

    private JwtDecoder customJwtDecoder() {
        try {
            URL url = this.openTmfSecurityProperties.getJwkSetUri().getURL();
            JWSVerificationKeySelector jWSVerificationKeySelector = new JWSVerificationKeySelector(JWSAlgorithm.RS256, JWKSourceBuilder.create(url, new ServletResourceRetriever()).build());
            return NimbusJwtDecoder.withJwkSetUri(url.toString()).jwtProcessorCustomizer(configurableJWTProcessor -> {
                configurableJWTProcessor.setJWSKeySelector(jWSVerificationKeySelector);
            }).build();
        } catch (IOException e) {
            throw new IllegalArgumentException("Exception during jwtDecoder configuration", e);
        }
    }

    @Generated
    public ServletJwtAutoConfiguration(OpenTmfSecurityProperties openTmfSecurityProperties) {
        this.openTmfSecurityProperties = openTmfSecurityProperties;
    }
}
