package com.c4_soft.springaddons.security.oidc.starter.synchronised.client;

import com.c4_soft.springaddons.security.oidc.starter.AdditionalParamsAuthorizationRequestCustomizer;
import com.c4_soft.springaddons.security.oidc.starter.CompositeOAuth2AuthorizationRequestCustomizer;
import com.c4_soft.springaddons.security.oidc.starter.properties.InvalidRedirectionUriException;
import com.c4_soft.springaddons.security.oidc.starter.properties.MisconfiguredPostLoginUriException;
import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcClientProperties;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpSession;
import java.net.URI;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.Consumer;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestCustomizers;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:com/c4_soft/springaddons/security/oidc/starter/synchronised/client/SpringAddonsOAuth2AuthorizationRequestResolver.class */
public class SpringAddonsOAuth2AuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
    private static final String REGISTRATION_ID_URI_VARIABLE_NAME = "registrationId";
    private final URI clientUri;
    private final Map<String, CompositeOAuth2AuthorizationRequestCustomizer> requestCustomizers;
    private final ClientRegistrationRepository clientRegistrationRepository;
    private final AntPathRequestMatcher authorizationRequestMatcher = new AntPathRequestMatcher("/oauth2/authorization/{registrationId}");
    private final List<Pattern> postLoginAllowedUriPatterns;

    public SpringAddonsOAuth2AuthorizationRequestResolver(OAuth2ClientProperties oAuth2ClientProperties, ClientRegistrationRepository clientRegistrationRepository, SpringAddonsOidcClientProperties springAddonsOidcClientProperties) {
        this.postLoginAllowedUriPatterns = springAddonsOidcClientProperties.getPostLoginAllowedUriPatterns();
        String uri = springAddonsOidcClientProperties.getPostLoginRedirectUri().toString();
        if (this.postLoginAllowedUriPatterns.stream().noneMatch(pattern -> {
            return pattern.matcher(uri).matches();
        })) {
            throw new MisconfiguredPostLoginUriException(URI.create(uri), this.postLoginAllowedUriPatterns);
        }
        this.clientUri = springAddonsOidcClientProperties.getClientUri();
        this.requestCustomizers = (Map) oAuth2ClientProperties.getRegistration().entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            MultiValueMap<String, String> extraAuthorizationParameters = springAddonsOidcClientProperties.getExtraAuthorizationParameters((String) entry.getKey());
            CompositeOAuth2AuthorizationRequestCustomizer compositeOAuth2AuthorizationRequestCustomizer = new CompositeOAuth2AuthorizationRequestCustomizer(extraAuthorizationParameters.size() > 0 ? new AdditionalParamsAuthorizationRequestCustomizer[]{new AdditionalParamsAuthorizationRequestCustomizer(extraAuthorizationParameters)} : new AdditionalParamsAuthorizationRequestCustomizer[0]);
            if (springAddonsOidcClientProperties.isPkceForced()) {
                compositeOAuth2AuthorizationRequestCustomizer.addCustomizer(OAuth2AuthorizationRequestCustomizers.withPkce());
            }
            return compositeOAuth2AuthorizationRequestCustomizer;
        }));
        this.clientRegistrationRepository = clientRegistrationRepository;
    }

    private Optional<String> getFirstParam(HttpServletRequest httpServletRequest, String str) {
        String[] parameterValues = httpServletRequest.getParameterValues(str);
        return (parameterValues == null || parameterValues.length < 1) ? Optional.empty() : Optional.of(parameterValues[0]);
    }

    private void savePostLoginUrisInSession(HttpServletRequest httpServletRequest) {
        HttpSession session = httpServletRequest.getSession();
        Optional.ofNullable((String) Optional.ofNullable(httpServletRequest.getHeader(SpringAddonsOidcClientProperties.POST_AUTHENTICATION_SUCCESS_URI_HEADER)).orElse(getFirstParam(httpServletRequest, "post_login_success_uri").orElse(null))).filter(StringUtils::hasText).map(URI::create).ifPresent(uri -> {
            String uri = uri.toString();
            if (this.postLoginAllowedUriPatterns.stream().noneMatch(pattern -> {
                return pattern.matcher(uri).matches();
            })) {
                throw new InvalidRedirectionUriException(uri);
            }
            session.setAttribute("post_login_success_uri", uri);
        });
        Optional.ofNullable((String) Optional.ofNullable(httpServletRequest.getHeader(SpringAddonsOidcClientProperties.POST_AUTHENTICATION_FAILURE_URI_HEADER)).orElse(getFirstParam(httpServletRequest, "post_login_failure_uri").orElse(null))).filter(StringUtils::hasText).map(URI::create).ifPresent(uri2 -> {
            String uri2 = uri2.toString();
            if (this.postLoginAllowedUriPatterns.stream().noneMatch(pattern -> {
                return pattern.matcher(uri2).matches();
            })) {
                throw new InvalidRedirectionUriException(uri2);
            }
            session.setAttribute("post_login_failure_uri", uri2);
        });
    }

    public OAuth2AuthorizationRequest resolve(HttpServletRequest httpServletRequest) {
        savePostLoginUrisInSession(httpServletRequest);
        OAuth2AuthorizationRequestResolver requestResolver = getRequestResolver(httpServletRequest, resolveRegistrationId(httpServletRequest));
        if (requestResolver == null) {
            return null;
        }
        return toAbsolute(requestResolver.resolve(httpServletRequest), httpServletRequest);
    }

    public OAuth2AuthorizationRequest resolve(HttpServletRequest httpServletRequest, String str) {
        savePostLoginUrisInSession(httpServletRequest);
        OAuth2AuthorizationRequestResolver requestResolver = getRequestResolver(httpServletRequest, str);
        if (requestResolver == null) {
            return null;
        }
        return toAbsolute(requestResolver.resolve(httpServletRequest, str), httpServletRequest);
    }

    protected OAuth2AuthorizationRequestResolver getRequestResolver(HttpServletRequest httpServletRequest, String str) {
        Consumer<OAuth2AuthorizationRequest.Builder> oAuth2AuthorizationRequestCustomizer = getOAuth2AuthorizationRequestCustomizer(httpServletRequest, str);
        if (oAuth2AuthorizationRequestCustomizer == null) {
            return null;
        }
        DefaultOAuth2AuthorizationRequestResolver defaultOAuth2AuthorizationRequestResolver = new DefaultOAuth2AuthorizationRequestResolver(this.clientRegistrationRepository, "/oauth2/authorization");
        defaultOAuth2AuthorizationRequestResolver.setAuthorizationRequestCustomizer(oAuth2AuthorizationRequestCustomizer);
        return defaultOAuth2AuthorizationRequestResolver;
    }

    protected Consumer<OAuth2AuthorizationRequest.Builder> getOAuth2AuthorizationRequestCustomizer(HttpServletRequest httpServletRequest, String str) {
        return getCompositeOAuth2AuthorizationRequestCustomizer(str);
    }

    protected CompositeOAuth2AuthorizationRequestCustomizer getCompositeOAuth2AuthorizationRequestCustomizer(String str) {
        return this.requestCustomizers.get(str);
    }

    private OAuth2AuthorizationRequest toAbsolute(OAuth2AuthorizationRequest oAuth2AuthorizationRequest, HttpServletRequest httpServletRequest) {
        if (oAuth2AuthorizationRequest == null || this.clientUri == null) {
            return oAuth2AuthorizationRequest;
        }
        URI create = URI.create(oAuth2AuthorizationRequest.getRedirectUri());
        return OAuth2AuthorizationRequest.from(oAuth2AuthorizationRequest).redirectUri(UriComponentsBuilder.fromUri(this.clientUri).path(create.getPath()).query(create.getQuery()).fragment(create.getFragment()).build().toString()).build();
    }

    private String resolveRegistrationId(HttpServletRequest httpServletRequest) {
        if (this.authorizationRequestMatcher.matches(httpServletRequest)) {
            return (String) this.authorizationRequestMatcher.matcher(httpServletRequest).getVariables().get(REGISTRATION_ID_URI_VARIABLE_NAME);
        }
        return null;
    }
}
