package digital.nedra.commons.starter.keycloak.session.config;

import digital.nedra.commons.starter.security.config.SessionMatchersConfiguration;
import java.util.ArrayList;
import java.util.List;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesMapper;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;

@Configuration
/* loaded from: input_file:digital/nedra/commons/starter/keycloak/session/config/SecurityConfig.class */
public class SecurityConfig {

    @Value("${spring.security.oauth2.client.registration.sso.provider}")
    private String oauth2Provider;

    @Bean
    public SessionMatchersConfiguration swaggerMatchers() {
        return new SessionMatchersConfiguration(List.of("/swagger-ui/**"), "authenticated");
    }

    @Bean
    public SessionMatchersConfiguration logoutMatcher() {
        return new SessionMatchersConfiguration(List.of("/logout"), "authenticated");
    }

    @ConditionalOnMissingBean({JwtDecoder.class})
    @Bean
    public JwtDecoder keycloakJwtDecoder(OAuth2ClientProperties oAuth2ClientProperties) {
        return NimbusJwtDecoder.withJwkSetUri(((OAuth2ClientProperties.Provider) oAuth2ClientProperties.getProvider().get(this.oauth2Provider)).getJwkSetUri()).build();
    }

    @ConditionalOnMissingBean({OAuth2AuthorizedClientService.class})
    @Bean
    public OAuth2AuthorizedClientService authorizedClientService(ClientRegistrationRepository clientRegistrationRepository) {
        return new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository);
    }

    @Bean
    public ClientRegistrationRepository clientRegistrationRepository(OAuth2ClientProperties oAuth2ClientProperties) {
        return new InMemoryClientRegistrationRepository(new ArrayList(new OAuth2ClientPropertiesMapper(oAuth2ClientProperties).asClientRegistrations().values()));
    }
}
