package com.azure.spring.aad.webapp;

import com.azure.spring.aad.AADClientRegistrationRepository;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.Map;
import java.util.function.Consumer;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.OAuth2AuthorizationContext;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.web.context.request.RequestContextHolder;

/* loaded from: input_file:com/azure/spring/aad/webapp/AADOAuth2AuthorizedClientRepository.class */
public class AADOAuth2AuthorizedClientRepository implements OAuth2AuthorizedClientRepository {
    private static final Logger LOGGER = LoggerFactory.getLogger(AADOAuth2AuthorizedClientRepository.class);
    private final AADWebAppClientRegistrationRepository repo;
    private final OAuth2AuthorizedClientRepository delegate;
    private final OAuth2AuthorizedClientProvider provider;

    public AADOAuth2AuthorizedClientRepository(AADWebAppClientRegistrationRepository aADWebAppClientRegistrationRepository) {
        this(aADWebAppClientRegistrationRepository, new JacksonHttpSessionOAuth2AuthorizedClientRepository(), new RefreshTokenOAuth2AuthorizedClientProvider());
    }

    public AADOAuth2AuthorizedClientRepository(AADWebAppClientRegistrationRepository aADWebAppClientRegistrationRepository, OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository, OAuth2AuthorizedClientProvider oAuth2AuthorizedClientProvider) {
        this.repo = aADWebAppClientRegistrationRepository;
        this.delegate = oAuth2AuthorizedClientRepository;
        this.provider = oAuth2AuthorizedClientProvider;
    }

    public void saveAuthorizedClient(OAuth2AuthorizedClient oAuth2AuthorizedClient, Authentication authentication, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.delegate.saveAuthorizedClient(oAuth2AuthorizedClient, authentication, httpServletRequest, httpServletResponse);
    }

    public <T extends OAuth2AuthorizedClient> T loadAuthorizedClient(String str, Authentication authentication, HttpServletRequest httpServletRequest) {
        T t = (T) this.delegate.loadAuthorizedClient(str, authentication, httpServletRequest);
        if (t != null) {
            return t;
        }
        if (!this.repo.isClientNeedConsentWhenLogin(str)) {
            return null;
        }
        OAuth2AuthorizationContext.Builder withAuthorizedClient = OAuth2AuthorizationContext.withAuthorizedClient(createFakeAuthzClient(loadAuthorizedClient(getAzureClientId(), authentication, httpServletRequest), str, authentication));
        String[] strArr = null;
        if (!AADClientRegistrationRepository.isDefaultClient(str)) {
            strArr = (String[]) this.repo.findByRegistrationId(str).getScopes().toArray(new String[0]);
        }
        T t2 = (T) this.provider.authorize(withAuthorizedClient.principal(authentication).attributes(getAttributesConsumer(strArr)).build());
        try {
            this.delegate.saveAuthorizedClient(t2, authentication, httpServletRequest, RequestContextHolder.currentRequestAttributes().getResponse());
        } catch (IllegalStateException e) {
            LOGGER.warn("Can not save OAuth2AuthorizedClient.", e);
        }
        return t2;
    }

    private Consumer<Map<String, Object>> getAttributesConsumer(String[] strArr) {
        return map -> {
            map.put(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, strArr);
        };
    }

    private String getAzureClientId() {
        return this.repo.getAzureClient().getClient().getRegistrationId();
    }

    private OAuth2AuthorizedClient createFakeAuthzClient(OAuth2AuthorizedClient oAuth2AuthorizedClient, String str, Authentication authentication) {
        if (oAuth2AuthorizedClient == null || oAuth2AuthorizedClient.getRefreshToken() == null) {
            return null;
        }
        return new OAuth2AuthorizedClient(this.repo.findByRegistrationId(str), authentication.getName(), new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "non-access-token", Instant.MIN, Instant.now().minus(100L, (TemporalUnit) ChronoUnit.DAYS)), oAuth2AuthorizedClient.getRefreshToken());
    }

    public void removeAuthorizedClient(String str, Authentication authentication, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        this.delegate.removeAuthorizedClient(str, authentication, httpServletRequest, httpServletResponse);
    }
}
