package com.azure.spring.autoconfigure.b2c;

import com.azure.spring.autoconfigure.b2c.AADB2CConditions;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnResource;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.lang.NonNull;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;

@EnableConfigurationProperties({AADB2CProperties.class})
@Configuration
@ConditionalOnClass({OAuth2LoginAuthenticationFilter.class})
@ConditionalOnResource(resources = {"classpath:aadb2c.enable.config"})
@Conditional({AADB2CConditions.CommonCondition.class, AADB2CConditions.ClientRegistrationCondition.class})
/* loaded from: input_file:com/azure/spring/autoconfigure/b2c/AADB2COAuth2ClientConfiguration.class */
public class AADB2COAuth2ClientConfiguration {
    private static final Logger LOGGER = LoggerFactory.getLogger(AADB2COAuth2ClientConfiguration.class);
    private final AADB2CProperties properties;

    public AADB2COAuth2ClientConfiguration(@NonNull AADB2CProperties aADB2CProperties) {
        this.properties = aADB2CProperties;
    }

    @ConditionalOnMissingBean
    @Bean
    public ClientRegistrationRepository clientRegistrationRepository() {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll((Collection) this.properties.getUserFlows().entrySet().stream().map(this::buildUserFlowClientRegistration).collect(Collectors.toList()));
        arrayList.addAll((Collection) this.properties.getAuthorizationClients().entrySet().stream().map(this::buildClientRegistration).collect(Collectors.toList()));
        return new AADB2CClientRegistrationRepository(this.properties.getLoginFlow(), arrayList);
    }

    private ClientRegistration buildUserFlowClientRegistration(Map.Entry<String, String> entry) {
        return ClientRegistration.withRegistrationId(entry.getValue()).clientName(entry.getKey()).clientId(this.properties.getClientId()).clientSecret(this.properties.getClientSecret()).clientAuthenticationMethod(ClientAuthenticationMethod.POST).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(this.properties.getReplyUrl()).scope(new String[]{this.properties.getClientId(), "openid", "offline_access"}).authorizationUri(AADB2CURL.getAuthorizationUrl(this.properties.getBaseUri())).tokenUri(AADB2CURL.getTokenUrl(this.properties.getBaseUri(), entry.getValue())).jwkSetUri(AADB2CURL.getJwkSetUrl(this.properties.getBaseUri(), entry.getValue())).userNameAttributeName(this.properties.getUserNameAttributeName()).build();
    }

    private ClientRegistration buildClientRegistration(Map.Entry<String, AuthorizationClientProperties> entry) {
        AuthorizationGrantType authorizationGrantType = (AuthorizationGrantType) Optional.ofNullable(entry.getValue().getAuthorizationGrantType()).map((v0) -> {
            return v0.getValue();
        }).map(AuthorizationGrantType::new).orElse(null);
        if (!AuthorizationGrantType.CLIENT_CREDENTIALS.equals(authorizationGrantType)) {
            LOGGER.warn("The authorization type of the {} client registration is not supported.", entry.getKey());
        }
        return ClientRegistration.withRegistrationId(entry.getKey()).clientName(entry.getKey()).clientId(this.properties.getClientId()).clientSecret(this.properties.getClientSecret()).clientAuthenticationMethod(ClientAuthenticationMethod.POST).authorizationGrantType(authorizationGrantType).scope(entry.getValue().getScopes()).tokenUri(AADB2CURL.getAADTokenUrl(this.properties.getTenantId())).jwkSetUri(AADB2CURL.getAADJwkSetUrl(this.properties.getTenantId())).build();
    }

    @ConditionalOnMissingBean
    @Bean
    public OAuth2AuthorizedClientManager authorizedClientManager(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository) {
        return new DefaultOAuth2AuthorizedClientManager(clientRegistrationRepository, oAuth2AuthorizedClientRepository);
    }
}
