package io.quantics.multitenant.oauth2.config;

import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import com.nimbusds.jwt.proc.JWTClaimsSetAwareJWSKeySelector;
import com.nimbusds.jwt.proc.JWTProcessor;
import io.quantics.multitenant.tenantdetails.TenantDetailsService;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
import org.springframework.security.oauth2.core.OAuth2TokenValidator;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtValidators;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;

@Configuration
@Conditional({JwtCondition.class})
/* loaded from: input_file:io/quantics/multitenant/oauth2/config/MultiTenantResourceServerJwtConfiguration.class */
public class MultiTenantResourceServerJwtConfiguration {
    @ConditionalOnMissingBean({JWTClaimsSetAwareJWSKeySelector.class})
    @Bean
    JWTClaimsSetAwareJWSKeySelector<SecurityContext> multiTenantJWSKeySelector(TenantDetailsService tenantDetailsService) {
        return new MultiTenantJWSKeySelector(tenantDetailsService);
    }

    @ConditionalOnMissingBean({JWTProcessor.class})
    @Bean
    JWTProcessor<SecurityContext> multiTenantJwtProcessor(JWTClaimsSetAwareJWSKeySelector<SecurityContext> jWTClaimsSetAwareJWSKeySelector) {
        DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
        defaultJWTProcessor.setJWTClaimsSetAwareJWSKeySelector(jWTClaimsSetAwareJWSKeySelector);
        return defaultJWTProcessor;
    }

    @ConditionalOnMissingBean({OAuth2TokenValidator.class})
    @Bean
    OAuth2TokenValidator<Jwt> multiTenantJwtIssuerValidator(TenantDetailsService tenantDetailsService) {
        return new MultiTenantJwtIssuerValidator(tenantDetailsService);
    }

    @ConditionalOnMissingBean({JwtDecoder.class})
    @Bean
    JwtDecoder multiTenantJwtDecoder(JWTProcessor<SecurityContext> jWTProcessor, OAuth2TokenValidator<Jwt> oAuth2TokenValidator) {
        NimbusJwtDecoder nimbusJwtDecoder = new NimbusJwtDecoder(jWTProcessor);
        nimbusJwtDecoder.setJwtValidator(new DelegatingOAuth2TokenValidator(new OAuth2TokenValidator[]{JwtValidators.createDefault(), oAuth2TokenValidator}));
        return nimbusJwtDecoder;
    }
}
