package com.azure.spring.autoconfigure.aad;

import com.azure.spring.telemetry.TelemetryData;
import com.azure.spring.telemetry.TelemetrySender;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.annotation.PostConstruct;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.condition.ConditionalOnResource;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.util.ClassUtils;
import org.springframework.web.reactive.function.client.WebClient;

@EnableConfigurationProperties({AADAuthenticationProperties.class, ServiceEndpointsProperties.class})
@ConditionalOnProperty(prefix = AADAuthenticationFilterAutoConfiguration.PROPERTY_PREFIX, value = {"client-id", "client-secret", "tenant-id"})
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
@PropertySource({"classpath:service-endpoints.properties"})
@Configuration
@ConditionalOnClass({ClientRegistrationRepository.class})
@ConditionalOnResource(resources = {"classpath:aad.enable.config"})
/* loaded from: input_file:com/azure/spring/autoconfigure/aad/AzureActiveDirectoryAutoConfiguration.class */
public class AzureActiveDirectoryAutoConfiguration {
    private static final String DEFAULT_CLIENT = "azure";

    @Autowired
    private AADAuthenticationProperties aadAuthenticationProperties;

    @Autowired
    private ServiceEndpointsProperties serviceEndpointsProperties;

    @ConditionalOnMissingBean({WebSecurityConfigurerAdapter.class})
    @Configuration
    @EnableWebSecurity
    /* loaded from: input_file:com/azure/spring/autoconfigure/aad/AzureActiveDirectoryAutoConfiguration$DefaultAzureOAuth2WebSecurityConfigurerAdapter.class */
    public static class DefaultAzureOAuth2WebSecurityConfigurerAdapter extends AzureOAuth2WebSecurityConfigurerAdapter {
        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.azure.spring.autoconfigure.aad.AzureOAuth2WebSecurityConfigurerAdapter
        public void configure(HttpSecurity httpSecurity) throws Exception {
            super.configure(httpSecurity);
            ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().anyRequest()).authenticated();
        }
    }

    @ConditionalOnMissingBean({ClientRegistrationRepository.class, AzureClientRegistrationRepository.class})
    @Bean
    public AzureClientRegistrationRepository clientRegistrationRepository() {
        return new AzureClientRegistrationRepository(createDefaultClient(), createClientRegistrations());
    }

    @ConditionalOnMissingBean
    @Bean
    public OAuth2AuthorizedClientRepository authorizedClientRepository(AzureClientRegistrationRepository azureClientRegistrationRepository) {
        return new AzureOAuth2AuthorizedClientRepository(azureClientRegistrationRepository);
    }

    @ConditionalOnMissingBean
    @Bean
    WebClient webClient(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository) {
        return WebClient.builder().apply(new ServletOAuth2AuthorizedClientExchangeFilterFunction(new DefaultOAuth2AuthorizedClientManager(clientRegistrationRepository, oAuth2AuthorizedClientRepository)).oauth2Configuration()).build();
    }

    @ConditionalOnMissingBean
    @Bean
    GraphWebClient graphWebClient(WebClient webClient) {
        return new GraphWebClient(this.aadAuthenticationProperties, this.serviceEndpointsProperties, webClient);
    }

    @ConditionalOnProperty(prefix = "azure.activedirectory.user-group", value = {"allowed-groups"})
    @Bean
    public OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService(GraphWebClient graphWebClient) {
        return new AADOAuth2UserService(graphWebClient);
    }

    private DefaultClient createDefaultClient() {
        return new DefaultClient(toClientRegistrationBuilder(DEFAULT_CLIENT).scope(allScopes()).build(), defaultScopes());
    }

    private String[] allScopes() {
        List<String> openidScopes = openidScopes();
        Iterator<AuthorizationProperties> it = this.aadAuthenticationProperties.getAuthorization().values().iterator();
        while (it.hasNext()) {
            openidScopes.addAll(it.next().scopes());
        }
        return (String[]) openidScopes.toArray(new String[0]);
    }

    private String[] defaultScopes() {
        List<String> openidScopes = openidScopes();
        AuthorizationProperties authorizationProperties = this.aadAuthenticationProperties.getAuthorization().get(DEFAULT_CLIENT);
        if (authorizationProperties != null) {
            openidScopes.addAll(authorizationProperties.scopes());
        }
        return (String[]) openidScopes.toArray(new String[0]);
    }

    private List<String> openidScopes() {
        ArrayList arrayList = new ArrayList();
        arrayList.add("openid");
        arrayList.add("profile");
        if (!this.aadAuthenticationProperties.getAuthorization().isEmpty()) {
            arrayList.add("offline_access");
        }
        return arrayList;
    }

    private List<ClientRegistration> createClientRegistrations() {
        ArrayList arrayList = new ArrayList();
        for (String str : this.aadAuthenticationProperties.getAuthorization().keySet()) {
            if (!DEFAULT_CLIENT.equals(str)) {
                arrayList.add(toClientRegistration(str, this.aadAuthenticationProperties.getAuthorization().get(str)));
            }
        }
        return arrayList;
    }

    private ClientRegistration toClientRegistration(String str, AuthorizationProperties authorizationProperties) {
        return toClientRegistrationBuilder(str).scope(authorizationProperties.getScope()).build();
    }

    private ClientRegistration.Builder toClientRegistrationBuilder(String str) {
        AuthorizationServerEndpoints authorizationServerEndpoints = new AuthorizationServerEndpoints(this.serviceEndpointsProperties.getServiceEndpoints(this.aadAuthenticationProperties.getEnvironment()).getAadSigninUri());
        String tenantId = this.aadAuthenticationProperties.getTenantId();
        return ClientRegistration.withRegistrationId(str).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}").clientId(this.aadAuthenticationProperties.getClientId()).clientSecret(this.aadAuthenticationProperties.getClientSecret()).authorizationUri(authorizationServerEndpoints.authorizationEndpoint(tenantId)).tokenUri(authorizationServerEndpoints.tokenEndpoint(tenantId)).jwkSetUri(authorizationServerEndpoints.jwkSetEndpoint(tenantId));
    }

    @PostConstruct
    private void sendTelemetry() {
        if (this.aadAuthenticationProperties.isAllowTelemetry()) {
            HashMap hashMap = new HashMap();
            TelemetrySender telemetrySender = new TelemetrySender();
            hashMap.put(TelemetryData.SERVICE_NAME, TelemetryData.getClassPackageSimpleName(AzureActiveDirectoryAutoConfiguration.class));
            telemetrySender.send(ClassUtils.getUserClass(getClass()).getSimpleName(), hashMap);
        }
    }
}
