package com.c4_soft.springaddons.security.oidc.starter.synchronised.client;

import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.StreamSupport;
import org.springframework.security.oauth2.client.AuthorizationCodeOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.ClientCredentialsOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.DelegatingOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.JwtBearerOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.OAuth2AuthorizationContext;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.RefreshTokenOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.TokenExchangeOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.endpoint.RestClientClientCredentialsTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.RestClientJwtBearerTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.RestClientRefreshTokenTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.RestClientTokenExchangeTokenResponseClient;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestClient;

/* loaded from: input_file:com/c4_soft/springaddons/security/oidc/starter/synchronised/client/PerRegistrationOAuth2AuthorizedClientProvider.class */
public final class PerRegistrationOAuth2AuthorizedClientProvider implements OAuth2AuthorizedClientProvider {
    private final Map<String, OAuth2AuthorizedClientProvider> providersByRegistrationId;
    private final Map<String, List<OAuth2AuthorizedClientProvider>> customProvidersByRegistrationId;
    private final SpringAddonsOidcProperties addonsProperties;
    private final Map<String, RestClient> customTokenRestClientsByRegistrationId;

    public PerRegistrationOAuth2AuthorizedClientProvider(InMemoryClientRegistrationRepository inMemoryClientRegistrationRepository, SpringAddonsOidcProperties springAddonsOidcProperties, Map<String, RestClient> map, Map<String, List<OAuth2AuthorizedClientProvider>> map2) {
        this.providersByRegistrationId = new ConcurrentHashMap();
        this.customProvidersByRegistrationId = new HashMap(map2);
        this.addonsProperties = springAddonsOidcProperties;
        this.customTokenRestClientsByRegistrationId = map;
        StreamSupport.stream(inMemoryClientRegistrationRepository.spliterator(), false).forEach(clientRegistration -> {
            this.providersByRegistrationId.put(clientRegistration.getRegistrationId(), new DelegatingOAuth2AuthorizedClientProvider(getProvidersFor(clientRegistration, springAddonsOidcProperties)));
        });
    }

    public PerRegistrationOAuth2AuthorizedClientProvider(InMemoryClientRegistrationRepository inMemoryClientRegistrationRepository, SpringAddonsOidcProperties springAddonsOidcProperties, Map<String, RestClient> map) {
        this(inMemoryClientRegistrationRepository, springAddonsOidcProperties, map, Map.of());
    }

    public PerRegistrationOAuth2AuthorizedClientProvider(InMemoryClientRegistrationRepository inMemoryClientRegistrationRepository, SpringAddonsOidcProperties springAddonsOidcProperties) {
        this(inMemoryClientRegistrationRepository, springAddonsOidcProperties, Map.of(), Map.of());
    }

    public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext oAuth2AuthorizationContext) {
        if (oAuth2AuthorizationContext == null) {
            return null;
        }
        ClientRegistration clientRegistration = oAuth2AuthorizationContext.getClientRegistration();
        if (!this.providersByRegistrationId.containsKey(clientRegistration.getRegistrationId())) {
            this.providersByRegistrationId.put(clientRegistration.getRegistrationId(), new DelegatingOAuth2AuthorizedClientProvider(getProvidersFor(clientRegistration, this.addonsProperties)));
        }
        return this.providersByRegistrationId.get(clientRegistration.getRegistrationId()).authorize(oAuth2AuthorizationContext);
    }

    private List<OAuth2AuthorizedClientProvider> getProvidersFor(ClientRegistration clientRegistration, SpringAddonsOidcProperties springAddonsOidcProperties) {
        return AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType()) ? this.customProvidersByRegistrationId.computeIfAbsent(clientRegistration.getRegistrationId(), str -> {
            return List.of(new AuthorizationCodeOAuth2AuthorizedClientProvider(), createRefreshTokenProvider(clientRegistration, springAddonsOidcProperties));
        }) : AuthorizationGrantType.CLIENT_CREDENTIALS.equals(clientRegistration.getAuthorizationGrantType()) ? this.customProvidersByRegistrationId.computeIfAbsent(clientRegistration.getRegistrationId(), str2 -> {
            return List.of(createClientCredentialsProvider(clientRegistration, springAddonsOidcProperties));
        }) : AuthorizationGrantType.TOKEN_EXCHANGE.equals(clientRegistration.getAuthorizationGrantType()) ? this.customProvidersByRegistrationId.computeIfAbsent(clientRegistration.getRegistrationId(), str3 -> {
            return List.of(createTokenExchangeProvider(clientRegistration, springAddonsOidcProperties));
        }) : AuthorizationGrantType.JWT_BEARER.equals(clientRegistration.getAuthorizationGrantType()) ? this.customProvidersByRegistrationId.computeIfAbsent(clientRegistration.getRegistrationId(), str4 -> {
            return List.of(createJwtBearerProvider(clientRegistration, springAddonsOidcProperties));
        }) : List.of();
    }

    private ClientCredentialsOAuth2AuthorizedClientProvider createClientCredentialsProvider(ClientRegistration clientRegistration, SpringAddonsOidcProperties springAddonsOidcProperties) {
        RestClientClientCredentialsTokenResponseClient restClientClientCredentialsTokenResponseClient = new RestClientClientCredentialsTokenResponseClient();
        ClientCredentialsOAuth2AuthorizedClientProvider clientCredentialsOAuth2AuthorizedClientProvider = new ClientCredentialsOAuth2AuthorizedClientProvider();
        if (this.customTokenRestClientsByRegistrationId.containsKey(clientRegistration.getRegistrationId())) {
            restClientClientCredentialsTokenResponseClient.setRestClient(this.customTokenRestClientsByRegistrationId.get(clientRegistration.getRegistrationId()));
        }
        MultiValueMap<String, String> extraTokenParameters = springAddonsOidcProperties.getClient().getExtraTokenParameters(clientRegistration.getRegistrationId());
        if (extraTokenParameters.size() > 0) {
            restClientClientCredentialsTokenResponseClient.setParametersCustomizer(multiValueMap -> {
                multiValueMap.addAll(extraTokenParameters);
            });
        }
        clientCredentialsOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(restClientClientCredentialsTokenResponseClient);
        return clientCredentialsOAuth2AuthorizedClientProvider;
    }

    private RefreshTokenOAuth2AuthorizedClientProvider createRefreshTokenProvider(ClientRegistration clientRegistration, SpringAddonsOidcProperties springAddonsOidcProperties) {
        RestClientRefreshTokenTokenResponseClient restClientRefreshTokenTokenResponseClient = new RestClientRefreshTokenTokenResponseClient();
        RefreshTokenOAuth2AuthorizedClientProvider refreshTokenOAuth2AuthorizedClientProvider = new RefreshTokenOAuth2AuthorizedClientProvider();
        if (this.customTokenRestClientsByRegistrationId.containsKey(clientRegistration.getRegistrationId())) {
            restClientRefreshTokenTokenResponseClient.setRestClient(this.customTokenRestClientsByRegistrationId.get(clientRegistration.getRegistrationId()));
        }
        MultiValueMap<String, String> extraTokenParameters = springAddonsOidcProperties.getClient().getExtraTokenParameters(clientRegistration.getRegistrationId());
        if (extraTokenParameters.size() > 0) {
            restClientRefreshTokenTokenResponseClient.setParametersCustomizer(multiValueMap -> {
                multiValueMap.addAll(extraTokenParameters);
            });
        }
        refreshTokenOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(restClientRefreshTokenTokenResponseClient);
        return refreshTokenOAuth2AuthorizedClientProvider;
    }

    private TokenExchangeOAuth2AuthorizedClientProvider createTokenExchangeProvider(ClientRegistration clientRegistration, SpringAddonsOidcProperties springAddonsOidcProperties) {
        RestClientTokenExchangeTokenResponseClient restClientTokenExchangeTokenResponseClient = new RestClientTokenExchangeTokenResponseClient();
        TokenExchangeOAuth2AuthorizedClientProvider tokenExchangeOAuth2AuthorizedClientProvider = new TokenExchangeOAuth2AuthorizedClientProvider();
        if (this.customTokenRestClientsByRegistrationId.containsKey(clientRegistration.getRegistrationId())) {
            restClientTokenExchangeTokenResponseClient.setRestClient(this.customTokenRestClientsByRegistrationId.get(clientRegistration.getRegistrationId()));
        }
        MultiValueMap<String, String> extraTokenParameters = springAddonsOidcProperties.getClient().getExtraTokenParameters(clientRegistration.getRegistrationId());
        if (extraTokenParameters.size() > 0) {
            restClientTokenExchangeTokenResponseClient.setParametersCustomizer(multiValueMap -> {
                multiValueMap.addAll(extraTokenParameters);
            });
        }
        tokenExchangeOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(restClientTokenExchangeTokenResponseClient);
        return tokenExchangeOAuth2AuthorizedClientProvider;
    }

    private JwtBearerOAuth2AuthorizedClientProvider createJwtBearerProvider(ClientRegistration clientRegistration, SpringAddonsOidcProperties springAddonsOidcProperties) {
        RestClientJwtBearerTokenResponseClient restClientJwtBearerTokenResponseClient = new RestClientJwtBearerTokenResponseClient();
        JwtBearerOAuth2AuthorizedClientProvider jwtBearerOAuth2AuthorizedClientProvider = new JwtBearerOAuth2AuthorizedClientProvider();
        if (this.customTokenRestClientsByRegistrationId.containsKey(clientRegistration.getRegistrationId())) {
            restClientJwtBearerTokenResponseClient.setRestClient(this.customTokenRestClientsByRegistrationId.get(clientRegistration.getRegistrationId()));
        }
        MultiValueMap<String, String> extraTokenParameters = springAddonsOidcProperties.getClient().getExtraTokenParameters(clientRegistration.getRegistrationId());
        if (extraTokenParameters.size() > 0) {
            restClientJwtBearerTokenResponseClient.setParametersCustomizer(multiValueMap -> {
                multiValueMap.addAll(extraTokenParameters);
            });
        }
        jwtBearerOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(restClientJwtBearerTokenResponseClient);
        return jwtBearerOAuth2AuthorizedClientProvider;
    }
}
