package com.azure.spring.cloud.autoconfigure.aad;

import com.azure.spring.cloud.autoconfigure.aad.properties.AadAuthenticationProperties;
import com.azure.spring.cloud.autoconfigure.aad.properties.AadAuthorizationGrantType;
import com.azure.spring.cloud.autoconfigure.aad.properties.AadAuthorizationServerEndpoints;
import com.azure.spring.cloud.autoconfigure.aad.properties.AuthorizationClientProperties;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.util.Assert;

/* loaded from: input_file:com/azure/spring/cloud/autoconfigure/aad/AadClientRegistrationRepository.class */
public class AadClientRegistrationRepository implements ClientRegistrationRepository, Iterable<ClientRegistration> {
    public static final String AZURE_CLIENT_REGISTRATION_ID = "azure";
    private final Set<String> azureClientAccessTokenScopes;
    private final Map<String, ClientRegistration> allClients;

    public AadClientRegistrationRepository(AadAuthenticationProperties aadAuthenticationProperties) {
        Set<String> azureClientAccessTokenScopes = azureClientAccessTokenScopes(aadAuthenticationProperties);
        Set<String> delegatedClientsAccessTokenScopes = delegatedClientsAccessTokenScopes(aadAuthenticationProperties);
        HashSet hashSet = new HashSet();
        hashSet.addAll(azureClientAccessTokenScopes);
        hashSet.addAll(delegatedClientsAccessTokenScopes);
        if (resourceServerCount(azureClientAccessTokenScopes) == 0 && resourceServerCount(hashSet) > 1) {
            String str = aadAuthenticationProperties.getProfile().getEnvironment().getMicrosoftGraphEndpoint() + "User.Read";
            azureClientAccessTokenScopes.add(str);
            hashSet.add(str);
        }
        this.azureClientAccessTokenScopes = azureClientAccessTokenScopes;
        this.allClients = (Map) aadAuthenticationProperties.getAuthorizationClients().entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return toClientRegistration((String) entry.getKey(), ((AuthorizationClientProperties) entry.getValue()).getAuthorizationGrantType(), ((AuthorizationClientProperties) entry.getValue()).getScopes(), aadAuthenticationProperties);
        }));
        this.allClients.put(AZURE_CLIENT_REGISTRATION_ID, toClientRegistration(AZURE_CLIENT_REGISTRATION_ID, AadAuthorizationGrantType.AUTHORIZATION_CODE, hashSet, aadAuthenticationProperties));
    }

    public Set<String> getAzureClientAccessTokenScopes() {
        return this.azureClientAccessTokenScopes;
    }

    public ClientRegistration findByRegistrationId(String str) {
        Assert.hasText(str, "registrationId cannot be empty");
        return this.allClients.get(str);
    }

    @Override // java.lang.Iterable
    public Iterator<ClientRegistration> iterator() {
        return this.allClients.values().stream().filter(clientRegistration -> {
            return clientRegistration.getAuthorizationGrantType().getValue().equals(AadAuthorizationGrantType.AUTHORIZATION_CODE.getValue());
        }).iterator();
    }

    private Set<String> azureClientAccessTokenScopes(AadAuthenticationProperties aadAuthenticationProperties) {
        Set<String> set = (Set) Optional.of(aadAuthenticationProperties).map((v0) -> {
            return v0.getAuthorizationClients();
        }).map(map -> {
            return (AuthorizationClientProperties) map.get(AZURE_CLIENT_REGISTRATION_ID);
        }).map((v0) -> {
            return v0.getScopes();
        }).map((v1) -> {
            return new HashSet(v1);
        }).orElseGet(HashSet::new);
        set.add("openid");
        set.add("profile");
        set.add("offline_access");
        if (aadAuthenticationProperties.isAllowedGroupNamesConfigured()) {
            set.add(aadAuthenticationProperties.getProfile().getEnvironment().getMicrosoftGraphEndpoint() + "Directory.Read.All");
        } else if (aadAuthenticationProperties.isAllowedGroupIdsConfigured()) {
            set.add(aadAuthenticationProperties.getProfile().getEnvironment().getMicrosoftGraphEndpoint() + "User.Read");
        }
        return set;
    }

    private Set<String> delegatedClientsAccessTokenScopes(AadAuthenticationProperties aadAuthenticationProperties) {
        return (Set) aadAuthenticationProperties.getAuthorizationClients().values().stream().filter(authorizationClientProperties -> {
            return AadAuthorizationGrantType.AZURE_DELEGATED.getValue().equals(authorizationClientProperties.getAuthorizationGrantType().getValue());
        }).flatMap(authorizationClientProperties2 -> {
            return authorizationClientProperties2.getScopes().stream();
        }).collect(Collectors.toSet());
    }

    private ClientRegistration toClientRegistration(String str, AadAuthorizationGrantType aadAuthorizationGrantType, Collection<String> collection, AadAuthenticationProperties aadAuthenticationProperties) {
        AadAuthorizationServerEndpoints aadAuthorizationServerEndpoints = new AadAuthorizationServerEndpoints(aadAuthenticationProperties.getProfile().getEnvironment().getActiveDirectoryEndpoint(), aadAuthenticationProperties.getProfile().getTenantId());
        return ClientRegistration.withRegistrationId(str).clientName(str).authorizationGrantType(new AuthorizationGrantType(aadAuthorizationGrantType.getValue())).scope(collection).redirectUri(aadAuthenticationProperties.getRedirectUriTemplate()).userNameAttributeName(aadAuthenticationProperties.getUserNameAttribute()).clientId(aadAuthenticationProperties.getCredential().getClientId()).clientSecret(aadAuthenticationProperties.getCredential().getClientSecret()).authorizationUri(aadAuthorizationServerEndpoints.getAuthorizationEndpoint()).tokenUri(aadAuthorizationServerEndpoints.getTokenEndpoint()).jwkSetUri(aadAuthorizationServerEndpoints.getJwkSetEndpoint()).providerConfigurationMetadata(providerConfigurationMetadata(aadAuthorizationServerEndpoints)).build();
    }

    private Map<String, Object> providerConfigurationMetadata(AadAuthorizationServerEndpoints aadAuthorizationServerEndpoints) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("end_session_endpoint", aadAuthorizationServerEndpoints.getEndSessionEndpoint());
        return linkedHashMap;
    }

    public static int resourceServerCount(Set<String> set) {
        return (int) set.stream().filter(str -> {
            return str.contains("/");
        }).map(str2 -> {
            return str2.substring(0, str2.lastIndexOf(47));
        }).distinct().count();
    }
}
