package org.springframework.security.boot;

import com.google.api.client.googleapis.auth.oauth2.GooglePublicKeysManager;
import com.google.api.client.http.HttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.api.client.util.Clock;
import java.security.GeneralSecurityException;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.boot.biz.userdetails.JwtPayloadRepository;
import org.springframework.security.boot.biz.userdetails.UserDetailsServiceAdapter;
import org.springframework.security.boot.google.authentication.GoogleAuthenticationProvider;
import org.springframework.security.boot.google.authentication.GoogleMatchedAuthenticationEntryPoint;
import org.springframework.security.boot.google.authentication.GoogleMatchedAuthenticationFailureHandler;
import org.springframework.security.boot.google.authentication.GoogleMatchedAuthenticationSuccessHandler;
import org.springframework.util.StringUtils;

@AutoConfigureBefore({SecurityBizAutoConfiguration.class})
@EnableConfigurationProperties({SecurityGoogleProperties.class})
@Configuration
@ConditionalOnProperty(prefix = SecurityGoogleProperties.PREFIX, value = {"enabled"}, havingValue = "true")
/* loaded from: input_file:org/springframework/security/boot/SecurityGoogleAutoConfiguration.class */
public class SecurityGoogleAutoConfiguration {
    private static final String SHOULD_USE_PROXY_FLAG = "com.google.api.client.should_use_proxy";

    @ConditionalOnMissingBean
    @Bean
    public HttpTransport transport(SecurityGoogleProperties securityGoogleProperties) throws GeneralSecurityException {
        if (!StringUtils.hasText(securityGoogleProperties.getProxyHost())) {
            return new NetHttpTransport();
        }
        System.setProperty(SHOULD_USE_PROXY_FLAG, securityGoogleProperties.getProxyHost());
        System.setProperty("https.proxyHost", securityGoogleProperties.getProxyHost());
        System.setProperty("https.proxyPort", String.valueOf(securityGoogleProperties.getProxyPort()));
        return new NetHttpTransport.Builder().doNotValidateCertificate().build();
    }

    @ConditionalOnMissingBean
    @Bean
    public JsonFactory jsonFactory() {
        return new GsonFactory();
    }

    @ConditionalOnMissingBean
    @Bean
    public GooglePublicKeysManager googlePublicKeysManager(HttpTransport httpTransport, JsonFactory jsonFactory, ObjectProvider<Clock> objectProvider, SecurityGoogleProperties securityGoogleProperties) throws GeneralSecurityException {
        return new GooglePublicKeysManager.Builder(httpTransport, jsonFactory).setPublicCertsEncodedUrl(securityGoogleProperties.getPublicCertsEncodedUrl()).setClock((Clock) objectProvider.getIfAvailable(() -> {
            return Clock.SYSTEM;
        })).build();
    }

    @ConditionalOnMissingBean
    @Bean
    public GoogleMatchedAuthenticationEntryPoint googleMatchedAuthenticationEntryPoint() {
        return new GoogleMatchedAuthenticationEntryPoint();
    }

    @ConditionalOnMissingBean
    @Bean
    public GoogleMatchedAuthenticationFailureHandler googleMatchedAuthenticationFailureHandler() {
        return new GoogleMatchedAuthenticationFailureHandler();
    }

    @ConditionalOnMissingBean
    @Bean
    public GoogleMatchedAuthenticationSuccessHandler googleMatchedAuthenticationSuccessHandler(JwtPayloadRepository jwtPayloadRepository) {
        return new GoogleMatchedAuthenticationSuccessHandler(jwtPayloadRepository);
    }

    @ConditionalOnMissingBean
    @Bean
    public GoogleAuthenticationProvider googleAuthenticationProvider(UserDetailsServiceAdapter userDetailsServiceAdapter) {
        return new GoogleAuthenticationProvider(userDetailsServiceAdapter);
    }
}
