package com.google.cloud.spring.autoconfigure.security;

import com.google.cloud.spring.autoconfigure.core.GcpContextAutoConfiguration;
import com.google.cloud.spring.core.GcpProjectIdProvider;
import com.google.cloud.spring.security.firebase.FirebaseJwtTokenDecoder;
import com.google.cloud.spring.security.firebase.FirebaseTokenValidator;
import java.util.ArrayList;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.AutoConfigureBefore;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.security.oauth2.resource.servlet.OAuth2ResourceServerAutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.client.SimpleClientHttpRequestFactory;
import org.springframework.security.oauth2.core.DelegatingOAuth2TokenValidator;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtIssuerValidator;
import org.springframework.security.oauth2.jwt.JwtTimestampValidator;
import org.springframework.web.client.RestOperations;
import org.springframework.web.client.RestTemplate;

@AutoConfigureBefore({OAuth2ResourceServerAutoConfiguration.class})
@EnableConfigurationProperties({FirebaseAuthenticationProperties.class})
@Configuration(proxyBeanMethods = false)
@ConditionalOnClass({FirebaseTokenValidator.class})
@AutoConfigureAfter({GcpContextAutoConfiguration.class})
@ConditionalOnProperty(value = {"spring.cloud.gcp.security.firebase.enabled"}, matchIfMissing = true)
/* loaded from: input_file:com/google/cloud/spring/autoconfigure/security/FirebaseAuthenticationAutoConfiguration.class */
public class FirebaseAuthenticationAutoConfiguration {
    private static final String ISSUER_TEMPLATE = "https://securetoken.google.com/%s";
    private final String projectId;

    public FirebaseAuthenticationAutoConfiguration(GcpProjectIdProvider gcpProjectIdProvider, FirebaseAuthenticationProperties firebaseAuthenticationProperties) {
        this.projectId = firebaseAuthenticationProperties.getProjectId() != null ? firebaseAuthenticationProperties.getProjectId() : gcpProjectIdProvider.getProjectId();
    }

    @ConditionalOnMissingBean(name = {"firebaseJwtDelegatingValidator"})
    @Bean
    public DelegatingOAuth2TokenValidator<Jwt> firebaseJwtDelegatingValidator(JwtIssuerValidator jwtIssuerValidator, GcpProjectIdProvider gcpProjectIdProvider) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new JwtTimestampValidator());
        arrayList.add(jwtIssuerValidator);
        arrayList.add(new FirebaseTokenValidator(this.projectId));
        return new DelegatingOAuth2TokenValidator<>(arrayList);
    }

    @ConditionalOnMissingBean(name = {"firebaseAuthenticationJwtDecoder"})
    @Bean
    public JwtDecoder firebaseAuthenticationJwtDecoder(DelegatingOAuth2TokenValidator<Jwt> delegatingOAuth2TokenValidator, FirebaseAuthenticationProperties firebaseAuthenticationProperties) {
        return new FirebaseJwtTokenDecoder(restOperations(), firebaseAuthenticationProperties.getPublicKeysEndpoint(), delegatingOAuth2TokenValidator);
    }

    @Bean
    public JwtIssuerValidator jwtIssuerValidator(GcpProjectIdProvider gcpProjectIdProvider) {
        return new JwtIssuerValidator(String.format(ISSUER_TEMPLATE, this.projectId));
    }

    private RestOperations restOperations() {
        SimpleClientHttpRequestFactory simpleClientHttpRequestFactory = new SimpleClientHttpRequestFactory();
        simpleClientHttpRequestFactory.setConnectTimeout(5000);
        simpleClientHttpRequestFactory.setReadTimeout(2000);
        return new RestTemplate(simpleClientHttpRequestFactory);
    }
}
