package com.azure.spring.aad.webapp;

import com.azure.spring.autoconfigure.aad.AADAuthenticationProperties;
import com.azure.spring.autoconfigure.aad.AADTokenClaim;
import com.azure.spring.autoconfigure.aad.Constants;
import java.util.Collections;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpSession;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;

/* loaded from: input_file:com/azure/spring/aad/webapp/AADOAuth2UserService.class */
public class AADOAuth2UserService implements OAuth2UserService<OidcUserRequest, OidcUser> {
    private final OidcUserService oidcUserService = new OidcUserService();
    private final AADAuthenticationProperties properties;
    private final GraphClient graphClient;
    private static final String DEFAULT_OIDC_USER = "defaultOidcUser";

    public AADOAuth2UserService(AADAuthenticationProperties aADAuthenticationProperties) {
        this.properties = aADAuthenticationProperties;
        this.graphClient = new GraphClient(aADAuthenticationProperties);
    }

    public OidcUser loadUser(OidcUserRequest oidcUserRequest) throws OAuth2AuthenticationException {
        OidcUser loadUser = this.oidcUserService.loadUser(oidcUserRequest);
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        HttpSession session = RequestContextHolder.currentRequestAttributes().getRequest().getSession(true);
        if (authentication != null) {
            return (DefaultOidcUser) session.getAttribute(DEFAULT_OIDC_USER);
        }
        Optional map = Optional.of(oidcUserRequest).filter(oidcUserRequest2 -> {
            return this.properties.allowedGroupsConfigured();
        }).map((v0) -> {
            return v0.getAccessToken();
        }).map((v0) -> {
            return v0.getTokenValue();
        });
        GraphClient graphClient = this.graphClient;
        Objects.requireNonNull(graphClient);
        Stream stream = ((Set) map.map(graphClient::getGroupsFromGraph).orElseGet(Collections::emptySet)).stream();
        AADAuthenticationProperties aADAuthenticationProperties = this.properties;
        Objects.requireNonNull(aADAuthenticationProperties);
        Set<SimpleGrantedAuthority> set = (Set) ((Set) stream.filter(aADAuthenticationProperties::isAllowedGroup).map(str -> {
            return Constants.ROLE_PREFIX + str;
        }).collect(Collectors.toSet())).stream().map(SimpleGrantedAuthority::new).collect(Collectors.toSet());
        if (set.isEmpty()) {
            set = Constants.DEFAULT_AUTHORITY_SET;
        }
        DefaultOidcUser defaultOidcUser = new DefaultOidcUser(set, loadUser.getIdToken(), (String) Optional.of(oidcUserRequest).map((v0) -> {
            return v0.getClientRegistration();
        }).map((v0) -> {
            return v0.getProviderDetails();
        }).map((v0) -> {
            return v0.getUserInfoEndpoint();
        }).map((v0) -> {
            return v0.getUserNameAttributeName();
        }).filter(StringUtils::hasText).orElse(AADTokenClaim.NAME));
        session.setAttribute(DEFAULT_OIDC_USER, defaultOidcUser);
        return defaultOidcUser;
    }
}
