package org.tailormap.api.security;

import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import jakarta.annotation.Nonnull;
import jakarta.annotation.PostConstruct;
import java.lang.invoke.MethodHandles;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.tailormap.api.persistence.OIDCConfiguration;
import org.tailormap.api.repository.OIDCConfigurationRepository;

/* loaded from: input_file:org/tailormap/api/security/OIDCRepository.class */
public class OIDCRepository implements ClientRegistrationRepository, Iterable<ClientRegistration> {
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private final OIDCConfigurationRepository oidcConfigurationRepository;

    @Value("${tailormap-api.oidc.name:#{null}}")
    private String oidcName;

    @Value("${tailormap-api.oidc.issuer-uri:#{null}}")
    private String oidcIssuerUri;

    @Value("${tailormap-api.oidc.client-id:#{null}}")
    private String oidcClientId;

    @Value("${tailormap-api.oidc.client-secret:#{null}}")
    private String oidcClientSecret;

    @Value("${tailormap-api.oidc.user-name-attribute:#{null}}")
    private String oidcUserNameAttribute;

    @Value("${tailormap-api.oidc.show-for-viewer:false}")
    private boolean oidcShowForViewer;
    private final Map<String, ClientRegistration> registrations = new HashMap();

    /* loaded from: input_file:org/tailormap/api/security/OIDCRepository$OIDCRegistrationMetadata.class */
    public static class OIDCRegistrationMetadata {
        private boolean showForViewer;

        public boolean getShowForViewer() {
            return this.showForViewer;
        }
    }

    public OIDCRepository(OIDCConfigurationRepository oIDCConfigurationRepository) {
        this.oidcConfigurationRepository = oIDCConfigurationRepository;
    }

    public ClientRegistration findByRegistrationId(String str) {
        return this.registrations.get(str);
    }

    @Override // java.lang.Iterable
    @Nonnull
    public Iterator<ClientRegistration> iterator() {
        return this.registrations.values().iterator();
    }

    public OIDCRegistrationMetadata getMetadataForRegistrationId(String str) {
        OIDCRegistrationMetadata oIDCRegistrationMetadata = new OIDCRegistrationMetadata();
        if ("static".equals(str)) {
            oIDCRegistrationMetadata.showForViewer = this.oidcShowForViewer;
        } else {
            oIDCRegistrationMetadata.showForViewer = true;
        }
        return oIDCRegistrationMetadata;
    }

    @PostConstruct
    public void synchronize() {
        HashMap hashMap = new HashMap();
        HttpClient build = HttpClient.newBuilder().followRedirects(HttpClient.Redirect.NORMAL).build();
        for (OIDCConfiguration oIDCConfiguration : this.oidcConfigurationRepository.findAll()) {
            String format = String.format("%d", oIDCConfiguration.getId());
            try {
                OIDCProviderMetadata parse = OIDCProviderMetadata.parse((String) build.send(HttpRequest.newBuilder().uri(new URI(oIDCConfiguration.getIssuerUrl() + "/.well-known/openid-configuration")).build(), HttpResponse.BodyHandlers.ofString()).body());
                hashMap.put(format, ClientRegistration.withRegistrationId(format).clientId(oIDCConfiguration.getClientId()).clientSecret(oIDCConfiguration.getClientSecret()).clientName(oIDCConfiguration.getName()).scope(new String[]{"openid"}).issuerUri(parse.getIssuer().toString()).clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationUri(parse.getAuthorizationEndpointURI().toASCIIString()).tokenUri(parse.getTokenEndpointURI().toASCIIString()).userInfoUri(parse.getUserInfoEndpointURI().toASCIIString()).providerConfigurationMetadata(parse.toJSONObject()).jwkSetUri(parse.getJWKSetURI().toASCIIString()).userNameAttributeName(oIDCConfiguration.getUserNameAttribute()).redirectUri("{baseUrl}/api/oauth2/callback").build());
                if (oIDCConfiguration.getStatus() != null) {
                    oIDCConfiguration.setStatus(null);
                    this.oidcConfigurationRepository.save(oIDCConfiguration);
                }
            } catch (Exception e) {
                logger.error("Failed to create OIDC client registration for ID {}", format, e);
                oIDCConfiguration.setStatus(e.toString());
                this.oidcConfigurationRepository.save(oIDCConfiguration);
            }
        }
        if (StringUtils.isNotBlank(this.oidcName) && StringUtils.isNotBlank(this.oidcIssuerUri) && StringUtils.isNotBlank(this.oidcClientId)) {
            try {
                if (!this.oidcIssuerUri.endsWith("/.well-known/openid-configuration")) {
                    this.oidcIssuerUri += "/.well-known/openid-configuration";
                }
                OIDCProviderMetadata parse2 = OIDCProviderMetadata.parse((String) build.send(HttpRequest.newBuilder().uri(new URI(this.oidcIssuerUri)).build(), HttpResponse.BodyHandlers.ofString()).body());
                hashMap.put("static", ClientRegistration.withRegistrationId("static").clientId(this.oidcClientId).clientSecret(this.oidcClientSecret).clientName(this.oidcName).scope(new String[]{"openid"}).issuerUri(parse2.getIssuer().toString()).clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationUri(parse2.getAuthorizationEndpointURI().toASCIIString()).tokenUri(parse2.getTokenEndpointURI().toASCIIString()).userInfoUri(parse2.getUserInfoEndpointURI().toASCIIString()).providerConfigurationMetadata(parse2.toJSONObject()).jwkSetUri(parse2.getJWKSetURI().toASCIIString()).userNameAttributeName(this.oidcUserNameAttribute).redirectUri("{baseUrl}/api/oauth2/callback").build());
            } catch (Exception e2) {
                logger.error("Failed to create static OIDC client registration", e2);
            }
        }
        this.registrations.clear();
        this.registrations.putAll(hashMap);
    }
}
