package com.azure.spring.autoconfigure.aad;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.MediaType;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction;
import org.springframework.web.reactive.function.client.WebClient;

/* loaded from: input_file:com/azure/spring/autoconfigure/aad/GraphWebClient.class */
public class GraphWebClient {
    private static final Logger LOGGER = LoggerFactory.getLogger(GraphWebClient.class);
    private final ServiceEndpoints serviceEndpoints;
    private final AADAuthenticationProperties aadAuthenticationProperties;
    private final boolean graphApiVersionIsV2;
    private final WebClient webClient;

    public GraphWebClient(AADAuthenticationProperties aADAuthenticationProperties, ServiceEndpointsProperties serviceEndpointsProperties, WebClient webClient) {
        this.aadAuthenticationProperties = aADAuthenticationProperties;
        this.serviceEndpoints = serviceEndpointsProperties.getServiceEndpoints(aADAuthenticationProperties.getEnvironment());
        this.webClient = webClient;
        this.graphApiVersionIsV2 = ((Boolean) Optional.of(aADAuthenticationProperties).map((v0) -> {
            return v0.getEnvironment();
        }).map(str -> {
            return Boolean.valueOf(str.contains("v2-graph"));
        }).orElse(false)).booleanValue();
    }

    public Set<SimpleGrantedAuthority> getGrantedAuthorities() {
        return toGrantedAuthoritySet(getGroupsFromGraphApi());
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v20, types: [java.util.Set] */
    public Set<String> getGroupsFromGraphApi() {
        ObjectMapper jacksonObjectMapperFactory = JacksonObjectMapperFactory.getInstance();
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        String aadMembershipRestUri = getAadMembershipRestUri();
        while (true) {
            String str = aadMembershipRestUri;
            if (str == null) {
                return linkedHashSet;
            }
            try {
                Memberships memberships = (Memberships) jacksonObjectMapperFactory.readValue(getUserMembershipsJson(str), Memberships.class);
                linkedHashSet = (Set) memberships.getValue().stream().filter(this::isGroupObject).map((v0) -> {
                    return v0.getDisplayName();
                }).collect(Collectors.toSet());
                aadMembershipRestUri = (String) Optional.of(memberships).map((v0) -> {
                    return v0.getOdataNextLink();
                }).map(this::getUrlStringFromODataNextLink).orElse(null);
            } catch (JsonProcessingException e) {
                LOGGER.error("Can not get groups.", e);
                return Collections.emptySet();
            }
        }
    }

    private String getUserMembershipsJson(String str) {
        String str2 = this.graphApiVersionIsV2 ? (String) this.webClient.get().uri(str, new Object[0]).attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId("graph")).accept(new MediaType[]{MediaType.APPLICATION_JSON}).header("Content-Type", new String[]{"application/x-www-form-urlencoded"}).retrieve().bodyToMono(String.class).block() : (String) this.webClient.get().uri(str, new Object[0]).attributes(ServletOAuth2AuthorizedClientExchangeFilterFunction.clientRegistrationId("graph")).header("Accept", new String[]{"application/json;odata=minimalmetadata"}).header("api-version", new String[]{"1.6"}).retrieve().bodyToMono(String.class).block();
        if (str2 == null || str2.isEmpty()) {
            throw new IllegalStateException("Response is not 200, response json: " + str2);
        }
        return str2;
    }

    private String getUrlStringFromODataNextLink(String str) {
        if (this.graphApiVersionIsV2) {
            return str;
        }
        return this.serviceEndpoints.getAadMembershipRestUri() + "&" + str.split("/memberOf\\?")[1];
    }

    private String getAadMembershipRestUri() {
        return AADAuthenticationProperties.getDirectGroupRelationship().equalsIgnoreCase(this.aadAuthenticationProperties.getUserGroup().getGroupRelationship()) ? this.serviceEndpoints.getAadMembershipRestUri() : this.serviceEndpoints.getAadTransitiveMemberRestUri();
    }

    private boolean isGroupObject(Membership membership) {
        return membership.getObjectType().equals(this.aadAuthenticationProperties.getUserGroup().getValue());
    }

    public Set<SimpleGrantedAuthority> toGrantedAuthoritySet(Set<String> set) {
        Stream<String> stream = set.stream();
        AADAuthenticationProperties aADAuthenticationProperties = this.aadAuthenticationProperties;
        Objects.requireNonNull(aADAuthenticationProperties);
        return (Set) Optional.of((Set) stream.filter(aADAuthenticationProperties::isAllowedGroup).map(str -> {
            return new SimpleGrantedAuthority(Constants.ROLE_PREFIX + str);
        }).collect(Collectors.toSet())).filter(set2 -> {
            return !set2.isEmpty();
        }).orElse(Constants.DEFAULT_AUTHORITY_SET);
    }
}
