package com.c4_soft.springaddons.security.oidc.starter.reactive.client;

import com.c4_soft.springaddons.security.oidc.starter.AdditionalParamsAuthorizationRequestCustomizer;
import com.c4_soft.springaddons.security.oidc.starter.CompositeOAuth2AuthorizationRequestCustomizer;
import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties;
import java.net.URI;
import java.util.Map;
import java.util.Optional;
import java.util.function.Consumer;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
import org.springframework.http.HttpHeaders;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestCustomizers;
import org.springframework.security.oauth2.client.web.server.DefaultServerOAuth2AuthorizationRequestResolver;
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizationRequestResolver;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatcher;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebSession;
import org.springframework.web.util.UriComponentsBuilder;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/c4_soft/springaddons/security/oidc/starter/reactive/client/SpringAddonsServerOAuth2AuthorizationRequestResolver.class */
public class SpringAddonsServerOAuth2AuthorizationRequestResolver implements ServerOAuth2AuthorizationRequestResolver {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(SpringAddonsServerOAuth2AuthorizationRequestResolver.class);
    private static final Pattern authorizationRequestPattern = Pattern.compile("\\/oauth2\\/authorization\\/([^\\/]+)");
    private final URI clientUri;
    private final Map<String, CompositeOAuth2AuthorizationRequestCustomizer> requestCustomizers;
    private final ReactiveClientRegistrationRepository clientRegistrationRepository;
    private final ServerWebExchangeMatcher authorizationRequestMatcher = new PathPatternParserServerWebExchangeMatcher("/oauth2/authorization/{registrationId}");

    public SpringAddonsServerOAuth2AuthorizationRequestResolver(OAuth2ClientProperties oAuth2ClientProperties, ReactiveClientRegistrationRepository reactiveClientRegistrationRepository, SpringAddonsOidcClientProperties springAddonsOidcClientProperties) {
        this.clientUri = springAddonsOidcClientProperties.getClientUri();
        this.requestCustomizers = (Map) oAuth2ClientProperties.getRegistration().entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            CompositeOAuth2AuthorizationRequestCustomizer compositeOAuth2AuthorizationRequestCustomizer = new CompositeOAuth2AuthorizationRequestCustomizer(new Consumer[0]);
            MultiValueMap<String, String> extraAuthorizationParameters = springAddonsOidcClientProperties.getExtraAuthorizationParameters((String) entry.getKey());
            if (extraAuthorizationParameters.size() > 0) {
                compositeOAuth2AuthorizationRequestCustomizer.addCustomizer(new AdditionalParamsAuthorizationRequestCustomizer(extraAuthorizationParameters));
            }
            if (springAddonsOidcClientProperties.isPkceForced()) {
                compositeOAuth2AuthorizationRequestCustomizer.addCustomizer(OAuth2AuthorizationRequestCustomizers.withPkce());
            }
            return compositeOAuth2AuthorizationRequestCustomizer;
        }));
        this.clientRegistrationRepository = reactiveClientRegistrationRepository;
    }

    private Mono<WebSession> savePostLoginUrisInSession(ServerWebExchange serverWebExchange) {
        ServerHttpRequest request = serverWebExchange.getRequest();
        HttpHeaders headers = request.getHeaders();
        MultiValueMap queryParams = request.getQueryParams();
        return serverWebExchange.getSession().map(webSession -> {
            Optional.ofNullable((String) Optional.ofNullable(headers.getFirst(SpringAddonsOidcClientProperties.POST_AUTHENTICATION_SUCCESS_URI_HEADER)).orElse((String) Optional.ofNullable((String) queryParams.getFirst("post_login_success_uri")).orElse(null))).filter(StringUtils::hasText).map(URI::create).ifPresent(uri -> {
                webSession.getAttributes().put("post_login_success_uri", uri);
            });
            Optional.ofNullable((String) Optional.ofNullable(headers.getFirst(SpringAddonsOidcClientProperties.POST_AUTHENTICATION_FAILURE_URI_HEADER)).orElse((String) Optional.ofNullable((String) queryParams.getFirst("post_login_failure_uri")).orElse(null))).filter(StringUtils::hasText).map(URI::create).ifPresent(uri2 -> {
                webSession.getAttributes().put("post_login_failure_uri", uri2);
            });
            return webSession;
        });
    }

    private OAuth2AuthorizationRequest postProcess(OAuth2AuthorizationRequest oAuth2AuthorizationRequest) {
        OAuth2AuthorizationRequest.Builder from = OAuth2AuthorizationRequest.from(oAuth2AuthorizationRequest);
        URI create = URI.create(oAuth2AuthorizationRequest.getRedirectUri());
        String uriComponents = UriComponentsBuilder.fromUri(this.clientUri).path(create.getPath()).query(create.getQuery()).fragment(create.getFragment()).build().toString();
        from.redirectUri(uriComponents);
        log.debug("Changed OAuth2AuthorizationRequest redirectUri from {} to {}", create, uriComponents);
        return from.build();
    }

    public Mono<OAuth2AuthorizationRequest> resolve(ServerWebExchange serverWebExchange) {
        return this.authorizationRequestMatcher.matches(serverWebExchange).filter(matchResult -> {
            return matchResult.isMatch();
        }).map((v0) -> {
            return v0.getVariables();
        }).map(map -> {
            return map.get("registrationId");
        }).cast(String.class).flatMap(str -> {
            return resolve(serverWebExchange, str);
        });
    }

    public Mono<OAuth2AuthorizationRequest> resolve(ServerWebExchange serverWebExchange, String str) {
        return savePostLoginUrisInSession(serverWebExchange).then(getRequestResolver(serverWebExchange, str).resolve(serverWebExchange, str).map(this::postProcess));
    }

    protected ServerOAuth2AuthorizationRequestResolver getRequestResolver(ServerWebExchange serverWebExchange, String str) {
        Consumer<OAuth2AuthorizationRequest.Builder> oAuth2AuthorizationRequestCustomizer = getOAuth2AuthorizationRequestCustomizer(serverWebExchange, str);
        if (oAuth2AuthorizationRequestCustomizer == null) {
            return null;
        }
        DefaultServerOAuth2AuthorizationRequestResolver defaultServerOAuth2AuthorizationRequestResolver = new DefaultServerOAuth2AuthorizationRequestResolver(this.clientRegistrationRepository);
        defaultServerOAuth2AuthorizationRequestResolver.setAuthorizationRequestCustomizer(oAuth2AuthorizationRequestCustomizer);
        return defaultServerOAuth2AuthorizationRequestResolver;
    }

    protected Consumer<OAuth2AuthorizationRequest.Builder> getOAuth2AuthorizationRequestCustomizer(ServerWebExchange serverWebExchange, String str) {
        return getCompositeOAuth2AuthorizationRequestCustomizer(str);
    }

    protected CompositeOAuth2AuthorizationRequestCustomizer getCompositeOAuth2AuthorizationRequestCustomizer(String str) {
        return this.requestCustomizers.get(str);
    }

    static String resolveRegistrationId(ServerWebExchange serverWebExchange) {
        return resolveRegistrationId((String) Optional.ofNullable(serverWebExchange.getRequest()).map((v0) -> {
            return v0.getPath();
        }).map((v0) -> {
            return v0.toString();
        }).orElse(""));
    }

    static String resolveRegistrationId(String str) {
        Matcher matcher = authorizationRequestPattern.matcher(str);
        if (matcher.matches()) {
            return matcher.group(1);
        }
        return null;
    }
}
