package no.difi.move.common.oauth;

import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.web.reactive.function.client.WebClient;

/* loaded from: input_file:no/difi/move/common/oauth/JwtWebClient.class */
public class JwtWebClient {
    public static WebClient.Builder builder(String str, String str2, JwtTokenClient jwtTokenClient) {
        ServletOAuth2AuthorizedClientExchangeFilterFunction authorizedFilter = getAuthorizedFilter(str2, jwtTokenClient);
        authorizedFilter.setDefaultOAuth2AuthorizedClient(true);
        authorizedFilter.setDefaultClientRegistrationId(str2);
        return WebClient.builder().apply(authorizedFilter.oauth2Configuration()).baseUrl(str);
    }

    private static ServletOAuth2AuthorizedClientExchangeFilterFunction getAuthorizedFilter(String str, JwtTokenClient jwtTokenClient) {
        InMemoryClientRegistrationRepository inMemoryClientRegistrationRepository = new InMemoryClientRegistrationRepository(new ClientRegistration[]{ClientRegistration.withRegistrationId(str).clientAuthenticationMethod(ClientAuthenticationMethod.PRIVATE_KEY_JWT).authorizationGrantType(AuthorizationGrantType.JWT_BEARER).build()});
        JwtBearerOAuth2AuthorizedClientProvider jwtBearerOAuth2AuthorizedClientProvider = new JwtBearerOAuth2AuthorizedClientProvider(new JwtBearerAccessTokenResponseClient(jwtTokenClient));
        SyncedOauth2AuthorizedClientManager syncedOauth2AuthorizedClientManager = new SyncedOauth2AuthorizedClientManager(inMemoryClientRegistrationRepository, new SyncedInMemoryOAuth2AuthorizedClientService(inMemoryClientRegistrationRepository));
        syncedOauth2AuthorizedClientManager.setAuthorizedClientProvider(OAuth2AuthorizedClientProviderBuilder.builder().provider(jwtBearerOAuth2AuthorizedClientProvider).build());
        return new ServletOAuth2AuthorizedClientExchangeFilterFunction(syncedOauth2AuthorizedClientManager);
    }
}
