package com.c4_soft.springaddons.security.oidc.starter.reactive.client;

import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.StreamSupport;
import org.springframework.security.oauth2.client.AuthorizationCodeReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.DelegatingReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.OAuth2AuthorizationContext;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.endpoint.WebClientReactiveClientCredentialsTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.WebClientReactiveJwtBearerTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.WebClientReactiveRefreshTokenTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.WebClientReactiveTokenExchangeTokenResponseClient;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.util.MultiValueMap;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/c4_soft/springaddons/security/oidc/starter/reactive/client/PerRegistrationReactiveOAuth2AuthorizedClientProvider.class */
public final class PerRegistrationReactiveOAuth2AuthorizedClientProvider implements ReactiveOAuth2AuthorizedClientProvider {
    private final Map<String, DelegatingReactiveOAuth2AuthorizedClientProvider> providersByRegistrationId;
    private final Map<String, List<ReactiveOAuth2AuthorizedClientProvider>> customProvidersByRegistrationId;
    private final SpringAddonsOidcProperties addonsProperties;
    private final Map<String, WebClient> customTokenRestClientsByRegistrationId;

    public PerRegistrationReactiveOAuth2AuthorizedClientProvider(InMemoryReactiveClientRegistrationRepository inMemoryReactiveClientRegistrationRepository, SpringAddonsOidcProperties springAddonsOidcProperties, Map<String, WebClient> map, Map<String, List<ReactiveOAuth2AuthorizedClientProvider>> map2) {
        this.providersByRegistrationId = new ConcurrentHashMap();
        this.customTokenRestClientsByRegistrationId = map;
        this.customProvidersByRegistrationId = new HashMap(map2);
        this.addonsProperties = springAddonsOidcProperties;
        StreamSupport.stream(inMemoryReactiveClientRegistrationRepository.spliterator(), false).forEach(clientRegistration -> {
            this.providersByRegistrationId.put(clientRegistration.getRegistrationId(), new DelegatingReactiveOAuth2AuthorizedClientProvider(getProvidersFor(clientRegistration, springAddonsOidcProperties)));
        });
    }

    public PerRegistrationReactiveOAuth2AuthorizedClientProvider(InMemoryReactiveClientRegistrationRepository inMemoryReactiveClientRegistrationRepository, SpringAddonsOidcProperties springAddonsOidcProperties, Map<String, WebClient> map) {
        this(inMemoryReactiveClientRegistrationRepository, springAddonsOidcProperties, map, Map.of());
    }

    public PerRegistrationReactiveOAuth2AuthorizedClientProvider(InMemoryReactiveClientRegistrationRepository inMemoryReactiveClientRegistrationRepository, SpringAddonsOidcProperties springAddonsOidcProperties) {
        this(inMemoryReactiveClientRegistrationRepository, springAddonsOidcProperties, Map.of(), Map.of());
    }

    public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext oAuth2AuthorizationContext) {
        if (oAuth2AuthorizationContext == null) {
            return null;
        }
        ClientRegistration clientRegistration = oAuth2AuthorizationContext.getClientRegistration();
        if (!this.providersByRegistrationId.containsKey(clientRegistration.getRegistrationId())) {
            this.providersByRegistrationId.put(clientRegistration.getRegistrationId(), new DelegatingReactiveOAuth2AuthorizedClientProvider(getProvidersFor(clientRegistration, this.addonsProperties)));
        }
        return this.providersByRegistrationId.get(clientRegistration.getRegistrationId()).authorize(oAuth2AuthorizationContext);
    }

    private List<ReactiveOAuth2AuthorizedClientProvider> getProvidersFor(ClientRegistration clientRegistration, SpringAddonsOidcProperties springAddonsOidcProperties) {
        return AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType()) ? this.customProvidersByRegistrationId.computeIfAbsent(clientRegistration.getRegistrationId(), str -> {
            return List.of(new AuthorizationCodeReactiveOAuth2AuthorizedClientProvider(), createRefreshTokenProvider(clientRegistration, springAddonsOidcProperties));
        }) : AuthorizationGrantType.CLIENT_CREDENTIALS.equals(clientRegistration.getAuthorizationGrantType()) ? this.customProvidersByRegistrationId.computeIfAbsent(clientRegistration.getRegistrationId(), str2 -> {
            return List.of(createClientCredentialsProvider(clientRegistration, springAddonsOidcProperties));
        }) : AuthorizationGrantType.TOKEN_EXCHANGE.equals(clientRegistration.getAuthorizationGrantType()) ? this.customProvidersByRegistrationId.computeIfAbsent(clientRegistration.getRegistrationId(), str3 -> {
            return List.of(createTokenExchangeProvider(clientRegistration, springAddonsOidcProperties));
        }) : AuthorizationGrantType.JWT_BEARER.equals(clientRegistration.getAuthorizationGrantType()) ? this.customProvidersByRegistrationId.computeIfAbsent(clientRegistration.getRegistrationId(), str4 -> {
            return List.of(createJwtBearerProvider(clientRegistration, springAddonsOidcProperties));
        }) : List.of();
    }

    private ClientCredentialsReactiveOAuth2AuthorizedClientProvider createClientCredentialsProvider(ClientRegistration clientRegistration, SpringAddonsOidcProperties springAddonsOidcProperties) {
        ClientCredentialsReactiveOAuth2AuthorizedClientProvider clientCredentialsReactiveOAuth2AuthorizedClientProvider = new ClientCredentialsReactiveOAuth2AuthorizedClientProvider();
        WebClientReactiveClientCredentialsTokenResponseClient webClientReactiveClientCredentialsTokenResponseClient = new WebClientReactiveClientCredentialsTokenResponseClient();
        if (this.customTokenRestClientsByRegistrationId.containsKey(clientRegistration.getRegistrationId())) {
            webClientReactiveClientCredentialsTokenResponseClient.setWebClient(this.customTokenRestClientsByRegistrationId.get(clientRegistration.getRegistrationId()));
        }
        MultiValueMap<String, String> extraTokenParameters = springAddonsOidcProperties.getClient().getExtraTokenParameters(clientRegistration.getRegistrationId());
        if (extraTokenParameters.size() > 0) {
            webClientReactiveClientCredentialsTokenResponseClient.setParametersCustomizer(multiValueMap -> {
                multiValueMap.addAll(extraTokenParameters);
            });
        }
        clientCredentialsReactiveOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(webClientReactiveClientCredentialsTokenResponseClient);
        return clientCredentialsReactiveOAuth2AuthorizedClientProvider;
    }

    private RefreshTokenReactiveOAuth2AuthorizedClientProvider createRefreshTokenProvider(ClientRegistration clientRegistration, SpringAddonsOidcProperties springAddonsOidcProperties) {
        RefreshTokenReactiveOAuth2AuthorizedClientProvider refreshTokenReactiveOAuth2AuthorizedClientProvider = new RefreshTokenReactiveOAuth2AuthorizedClientProvider();
        WebClientReactiveRefreshTokenTokenResponseClient webClientReactiveRefreshTokenTokenResponseClient = new WebClientReactiveRefreshTokenTokenResponseClient();
        if (this.customTokenRestClientsByRegistrationId.containsKey(clientRegistration.getRegistrationId())) {
            webClientReactiveRefreshTokenTokenResponseClient.setWebClient(this.customTokenRestClientsByRegistrationId.get(clientRegistration.getRegistrationId()));
        }
        MultiValueMap<String, String> extraTokenParameters = springAddonsOidcProperties.getClient().getExtraTokenParameters(clientRegistration.getRegistrationId());
        if (extraTokenParameters.size() > 0) {
            webClientReactiveRefreshTokenTokenResponseClient.setParametersCustomizer(multiValueMap -> {
                multiValueMap.addAll(extraTokenParameters);
            });
        }
        refreshTokenReactiveOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(webClientReactiveRefreshTokenTokenResponseClient);
        return refreshTokenReactiveOAuth2AuthorizedClientProvider;
    }

    private TokenExchangeReactiveOAuth2AuthorizedClientProvider createTokenExchangeProvider(ClientRegistration clientRegistration, SpringAddonsOidcProperties springAddonsOidcProperties) {
        TokenExchangeReactiveOAuth2AuthorizedClientProvider tokenExchangeReactiveOAuth2AuthorizedClientProvider = new TokenExchangeReactiveOAuth2AuthorizedClientProvider();
        WebClientReactiveTokenExchangeTokenResponseClient webClientReactiveTokenExchangeTokenResponseClient = new WebClientReactiveTokenExchangeTokenResponseClient();
        if (this.customTokenRestClientsByRegistrationId.containsKey(clientRegistration.getRegistrationId())) {
            webClientReactiveTokenExchangeTokenResponseClient.setWebClient(this.customTokenRestClientsByRegistrationId.get(clientRegistration.getRegistrationId()));
        }
        MultiValueMap<String, String> extraTokenParameters = springAddonsOidcProperties.getClient().getExtraTokenParameters(clientRegistration.getRegistrationId());
        if (extraTokenParameters.size() > 0) {
            webClientReactiveTokenExchangeTokenResponseClient.setParametersCustomizer(multiValueMap -> {
                multiValueMap.addAll(extraTokenParameters);
            });
        }
        tokenExchangeReactiveOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(webClientReactiveTokenExchangeTokenResponseClient);
        return tokenExchangeReactiveOAuth2AuthorizedClientProvider;
    }

    private JwtBearerReactiveOAuth2AuthorizedClientProvider createJwtBearerProvider(ClientRegistration clientRegistration, SpringAddonsOidcProperties springAddonsOidcProperties) {
        JwtBearerReactiveOAuth2AuthorizedClientProvider jwtBearerReactiveOAuth2AuthorizedClientProvider = new JwtBearerReactiveOAuth2AuthorizedClientProvider();
        WebClientReactiveJwtBearerTokenResponseClient webClientReactiveJwtBearerTokenResponseClient = new WebClientReactiveJwtBearerTokenResponseClient();
        if (this.customTokenRestClientsByRegistrationId.containsKey(clientRegistration.getRegistrationId())) {
            webClientReactiveJwtBearerTokenResponseClient.setWebClient(this.customTokenRestClientsByRegistrationId.get(clientRegistration.getRegistrationId()));
        }
        MultiValueMap<String, String> extraTokenParameters = springAddonsOidcProperties.getClient().getExtraTokenParameters(clientRegistration.getRegistrationId());
        if (extraTokenParameters.size() > 0) {
            webClientReactiveJwtBearerTokenResponseClient.setParametersCustomizer(multiValueMap -> {
                multiValueMap.addAll(extraTokenParameters);
            });
        }
        jwtBearerReactiveOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(webClientReactiveJwtBearerTokenResponseClient);
        return jwtBearerReactiveOAuth2AuthorizedClientProvider;
    }
}
