package com.microsoft.azure.spring.autoconfigure.aad;

import com.microsoft.aad.adal4j.ClientCredential;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.concurrent.ExecutionException;
import javax.naming.ServiceUnavailableException;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/microsoft/azure/spring/autoconfigure/aad/AADOAuth2UserService.class */
public class AADOAuth2UserService implements OAuth2UserService<OidcUserRequest, OidcUser> {
    private static final String INVALID_REQUEST = "invalid_request";
    private static final String SERVER_ERROR = "server_error";
    private static final String DEFAULT_USERNAME_ATTR_NAME = "name";
    private AADAuthenticationProperties aadAuthProps;
    private ServiceEndpointsProperties serviceEndpointsProps;

    public AADOAuth2UserService(AADAuthenticationProperties aADAuthenticationProperties, ServiceEndpointsProperties serviceEndpointsProperties) {
        this.aadAuthProps = aADAuthenticationProperties;
        this.serviceEndpointsProps = serviceEndpointsProperties;
    }

    public OidcUser loadUser(OidcUserRequest oidcUserRequest) throws OAuth2AuthenticationException {
        OidcUser loadUser = new OidcUserService().loadUser(oidcUserRequest);
        OidcIdToken idToken = oidcUserRequest.getIdToken();
        try {
            ClientRegistration clientRegistration = oidcUserRequest.getClientRegistration();
            AzureADGraphClient azureADGraphClient = new AzureADGraphClient(new ClientCredential(clientRegistration.getClientId(), clientRegistration.getClientSecret()), this.aadAuthProps, this.serviceEndpointsProps);
            return new DefaultOidcUser(azureADGraphClient.getGrantedAuthorities(azureADGraphClient.acquireTokenForGraphApi(idToken.getTokenValue(), this.aadAuthProps.getTenantId()).getAccessToken()), loadUser.getIdToken(), getUserNameAttrName(oidcUserRequest));
        } catch (IOException e) {
            throw wrapException(SERVER_ERROR, "Failed to map group to authorities.", null, e);
        } catch (ServiceUnavailableException | InterruptedException | ExecutionException e2) {
            throw wrapException(SERVER_ERROR, "Failed to acquire token for Graph API.", null, e2);
        } catch (MalformedURLException e3) {
            throw wrapException(INVALID_REQUEST, "Failed to acquire token for Graph API.", null, e3);
        }
    }

    private OAuth2AuthenticationException wrapException(String str, String str2, String str3, Exception exc) {
        throw new OAuth2AuthenticationException(new OAuth2Error(str, str2, str3), exc);
    }

    private String getUserNameAttrName(OAuth2UserRequest oAuth2UserRequest) {
        String userNameAttributeName = oAuth2UserRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
        if (StringUtils.isEmpty(userNameAttributeName)) {
            userNameAttributeName = DEFAULT_USERNAME_ATTR_NAME;
        }
        return userNameAttributeName;
    }
}
