package com.azure.spring.cloud.autoconfigure.aadb2c.configuration;

import com.azure.spring.cloud.autoconfigure.aad.implementation.AadRestTemplateCreator;
import com.azure.spring.cloud.autoconfigure.aadb2c.implementation.AadB2cClientRegistrationRepository;
import com.azure.spring.cloud.autoconfigure.aadb2c.implementation.AadB2cConditions;
import com.azure.spring.cloud.autoconfigure.aadb2c.implementation.AadB2cUrl;
import com.azure.spring.cloud.autoconfigure.aadb2c.properties.AadB2cProperties;
import com.azure.spring.cloud.autoconfigure.aadb2c.properties.AuthorizationClientProperties;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
import org.springframework.security.oauth2.client.PasswordOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;

@Configuration(proxyBeanMethods = false)
@ConditionalOnClass({OAuth2LoginAuthenticationFilter.class})
@ConditionalOnProperty(value = {"spring.cloud.azure.active-directory.b2c.enabled"}, havingValue = "true")
@Conditional({AadB2cConditions.ClientRegistrationCondition.class})
@Import({AadB2cPropertiesConfiguration.class})
/* loaded from: input_file:com/azure/spring/cloud/autoconfigure/aadb2c/configuration/AadB2cOAuth2ClientConfiguration.class */
public class AadB2cOAuth2ClientConfiguration {
    private static final Logger LOGGER = LoggerFactory.getLogger(AadB2cOAuth2ClientConfiguration.class);
    private final AadB2cProperties properties;
    private final RestTemplateBuilder restTemplateBuilder;

    public AadB2cOAuth2ClientConfiguration(AadB2cProperties aadB2cProperties, RestTemplateBuilder restTemplateBuilder) {
        this.properties = aadB2cProperties;
        this.restTemplateBuilder = restTemplateBuilder;
    }

    @ConditionalOnMissingBean
    @Bean
    public ClientRegistrationRepository clientRegistrationRepository() {
        return new AadB2cClientRegistrationRepository(this.properties.getLoginFlow(), (List) Stream.concat(this.properties.getUserFlows().entrySet().stream().map(this::buildUserFlowClientRegistration), this.properties.getAuthorizationClients().entrySet().stream().map(this::buildClientRegistration)).collect(Collectors.toList()));
    }

    private ClientRegistration buildUserFlowClientRegistration(Map.Entry<String, String> entry) {
        return ClientRegistration.withRegistrationId(entry.getValue()).clientName(entry.getKey()).clientId(this.properties.getCredential().getClientId()).clientSecret(this.properties.getCredential().getClientSecret()).clientAuthenticationMethod(ClientAuthenticationMethod.POST).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUri(this.properties.getReplyUrl()).scope(new String[]{this.properties.getCredential().getClientId(), "openid", "offline_access"}).authorizationUri(AadB2cUrl.getAuthorizationUrl(this.properties.getBaseUri())).tokenUri(AadB2cUrl.getTokenUrl(this.properties.getBaseUri(), entry.getValue())).jwkSetUri(AadB2cUrl.getJwkSetUrl(this.properties.getBaseUri(), entry.getValue())).userNameAttributeName(this.properties.getUserNameAttributeName()).build();
    }

    private ClientRegistration buildClientRegistration(Map.Entry<String, AuthorizationClientProperties> entry) {
        AuthorizationGrantType authorizationGrantType = entry.getValue().getAuthorizationGrantType();
        if (!AuthorizationGrantType.CLIENT_CREDENTIALS.equals(authorizationGrantType)) {
            LOGGER.warn("The authorization type of the {} client registration is not supported.", entry.getKey());
        }
        return ClientRegistration.withRegistrationId(entry.getKey()).clientName(entry.getKey()).clientId(this.properties.getCredential().getClientId()).clientSecret(this.properties.getCredential().getClientSecret()).clientAuthenticationMethod(ClientAuthenticationMethod.POST).authorizationGrantType(authorizationGrantType).scope(entry.getValue().getScopes()).tokenUri(AadB2cUrl.getAADTokenUrl(this.properties.getProfile().getTenantId())).jwkSetUri(AadB2cUrl.getAADJwkSetUrl(this.properties.getProfile().getTenantId())).build();
    }

    @ConditionalOnMissingBean
    @Bean
    public OAuth2AuthorizedClientManager authorizedClientManager(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository) {
        OAuth2AuthorizedClientProvider build = OAuth2AuthorizedClientProviderBuilder.builder().authorizationCode().provider(azureRefreshTokenProvider()).provider(azureClientCredentialProvider()).provider(azurePasswordProvider()).build();
        DefaultOAuth2AuthorizedClientManager defaultOAuth2AuthorizedClientManager = new DefaultOAuth2AuthorizedClientManager(clientRegistrationRepository, oAuth2AuthorizedClientRepository);
        defaultOAuth2AuthorizedClientManager.setAuthorizedClientProvider(build);
        return defaultOAuth2AuthorizedClientManager;
    }

    private RefreshTokenOAuth2AuthorizedClientProvider azureRefreshTokenProvider() {
        RefreshTokenOAuth2AuthorizedClientProvider refreshTokenOAuth2AuthorizedClientProvider = new RefreshTokenOAuth2AuthorizedClientProvider();
        DefaultRefreshTokenTokenResponseClient defaultRefreshTokenTokenResponseClient = new DefaultRefreshTokenTokenResponseClient();
        defaultRefreshTokenTokenResponseClient.setRestOperations(AadRestTemplateCreator.createOAuth2AccessTokenResponseClientRestTemplate(this.restTemplateBuilder));
        refreshTokenOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(defaultRefreshTokenTokenResponseClient);
        return refreshTokenOAuth2AuthorizedClientProvider;
    }

    private ClientCredentialsOAuth2AuthorizedClientProvider azureClientCredentialProvider() {
        ClientCredentialsOAuth2AuthorizedClientProvider clientCredentialsOAuth2AuthorizedClientProvider = new ClientCredentialsOAuth2AuthorizedClientProvider();
        DefaultClientCredentialsTokenResponseClient defaultClientCredentialsTokenResponseClient = new DefaultClientCredentialsTokenResponseClient();
        defaultClientCredentialsTokenResponseClient.setRestOperations(AadRestTemplateCreator.createOAuth2AccessTokenResponseClientRestTemplate(this.restTemplateBuilder));
        clientCredentialsOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(defaultClientCredentialsTokenResponseClient);
        return clientCredentialsOAuth2AuthorizedClientProvider;
    }

    private PasswordOAuth2AuthorizedClientProvider azurePasswordProvider() {
        PasswordOAuth2AuthorizedClientProvider passwordOAuth2AuthorizedClientProvider = new PasswordOAuth2AuthorizedClientProvider();
        DefaultPasswordTokenResponseClient defaultPasswordTokenResponseClient = new DefaultPasswordTokenResponseClient();
        defaultPasswordTokenResponseClient.setRestOperations(AadRestTemplateCreator.createOAuth2AccessTokenResponseClientRestTemplate(this.restTemplateBuilder));
        passwordOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(defaultPasswordTokenResponseClient);
        return passwordOAuth2AuthorizedClientProvider;
    }
}
