package org.springframework.security.oauth2.server.authorization.oidc.web;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.List;
import java.util.function.Consumer;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.oidc.OidcProviderConfiguration;
import org.springframework.security.oauth2.server.authorization.oidc.http.converter.OidcProviderConfigurationHttpMessageConverter;
import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/oidc/web/OidcProviderConfigurationEndpointFilter.class */
public final class OidcProviderConfigurationEndpointFilter extends OncePerRequestFilter {
    private static final String DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI = "/.well-known/openid-configuration";
    private final RequestMatcher requestMatcher = new AntPathRequestMatcher(DEFAULT_OIDC_PROVIDER_CONFIGURATION_ENDPOINT_URI, HttpMethod.GET.name());
    private final OidcProviderConfigurationHttpMessageConverter providerConfigurationHttpMessageConverter = new OidcProviderConfigurationHttpMessageConverter();
    private Consumer<OidcProviderConfiguration.Builder> providerConfigurationCustomizer = builder -> {
    };

    public void setProviderConfigurationCustomizer(Consumer<OidcProviderConfiguration.Builder> consumer) {
        Assert.notNull(consumer, "providerConfigurationCustomizer cannot be null");
        this.providerConfigurationCustomizer = consumer;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!this.requestMatcher.matches(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        AuthorizationServerContext context = AuthorizationServerContextHolder.getContext();
        String issuer = context.getIssuer();
        AuthorizationServerSettings authorizationServerSettings = context.getAuthorizationServerSettings();
        OidcProviderConfiguration.Builder builder = (OidcProviderConfiguration.Builder) ((OidcProviderConfiguration.Builder) ((OidcProviderConfiguration.Builder) ((OidcProviderConfiguration.Builder) ((OidcProviderConfiguration.Builder) ((OidcProviderConfiguration.Builder) ((OidcProviderConfiguration.Builder) ((OidcProviderConfiguration.Builder) ((OidcProviderConfiguration.Builder) ((OidcProviderConfiguration.Builder) ((OidcProviderConfiguration.Builder) ((OidcProviderConfiguration.Builder) ((OidcProviderConfiguration.Builder) ((OidcProviderConfiguration.Builder) OidcProviderConfiguration.builder().issuer(issuer)).authorizationEndpoint(asUrl(issuer, authorizationServerSettings.getAuthorizationEndpoint()))).tokenEndpoint(asUrl(issuer, authorizationServerSettings.getTokenEndpoint()))).tokenEndpointAuthenticationMethods(clientAuthenticationMethods())).jwkSetUrl(asUrl(issuer, authorizationServerSettings.getJwkSetEndpoint()))).userInfoEndpoint(asUrl(issuer, authorizationServerSettings.getOidcUserInfoEndpoint())).responseType(OAuth2AuthorizationResponseType.CODE.getValue())).grantType(AuthorizationGrantType.AUTHORIZATION_CODE.getValue())).grantType(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue())).grantType(AuthorizationGrantType.REFRESH_TOKEN.getValue())).tokenRevocationEndpoint(asUrl(issuer, authorizationServerSettings.getTokenRevocationEndpoint()))).tokenRevocationEndpointAuthenticationMethods(clientAuthenticationMethods())).tokenIntrospectionEndpoint(asUrl(issuer, authorizationServerSettings.getTokenIntrospectionEndpoint()))).tokenIntrospectionEndpointAuthenticationMethods(clientAuthenticationMethods())).subjectType("public").idTokenSigningAlgorithm(SignatureAlgorithm.RS256.getName()).scope("openid");
        this.providerConfigurationCustomizer.accept(builder);
        this.providerConfigurationHttpMessageConverter.write(builder.build(), MediaType.APPLICATION_JSON, new ServletServerHttpResponse(httpServletResponse));
    }

    private static Consumer<List<String>> clientAuthenticationMethods() {
        return list -> {
            list.add(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue());
            list.add(ClientAuthenticationMethod.CLIENT_SECRET_POST.getValue());
            list.add(ClientAuthenticationMethod.CLIENT_SECRET_JWT.getValue());
            list.add(ClientAuthenticationMethod.PRIVATE_KEY_JWT.getValue());
        };
    }

    private static String asUrl(String str, String str2) {
        return UriComponentsBuilder.fromUriString(str).path(str2).build().toUriString();
    }
}
