package org.tailormap.api.security;

import java.lang.invoke.MethodHandles;
import java.time.Instant;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.event.EventListener;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;
import org.tailormap.api.persistence.Group;
import org.tailormap.api.repository.GroupRepository;
import org.tailormap.api.security.events.OAuth2AuthenticationFailureEvent;

@Component
/* loaded from: input_file:org/tailormap/api/security/OIDCAuthenticationEventsHandler.class */
public class OIDCAuthenticationEventsHandler {
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private final GroupRepository groupRepository;

    public OIDCAuthenticationEventsHandler(GroupRepository groupRepository) {
        this.groupRepository = groupRepository;
    }

    @Transactional
    @EventListener
    public void onSuccess(AuthenticationSuccessEvent authenticationSuccessEvent) {
        Object source = authenticationSuccessEvent.getSource();
        if (source instanceof OAuth2LoginAuthenticationToken) {
            OAuth2LoginAuthenticationToken oAuth2LoginAuthenticationToken = (OAuth2LoginAuthenticationToken) source;
            DefaultOidcUser principal = oAuth2LoginAuthenticationToken.getPrincipal();
            if (principal instanceof DefaultOidcUser) {
                DefaultOidcUser defaultOidcUser = principal;
                String clientId = oAuth2LoginAuthenticationToken.getClientRegistration().getClientId();
                for (String str : (List) Optional.ofNullable(defaultOidcUser.getIdToken().getClaimAsStringList("roles")).orElseGet(Collections::emptyList)) {
                    Group group = (Group) this.groupRepository.findById(str).orElseGet(() -> {
                        return new Group().setName(str);
                    });
                    group.mapAdminPropertyValue("oidcClientIds", false, obj -> {
                        HashSet hashSet = new HashSet(obj instanceof List ? (List) obj : Collections.emptyList());
                        hashSet.add(clientId);
                        return hashSet;
                    });
                    group.mapAdminPropertyValue("oidcLastSeen", false, obj2 -> {
                        Map hashMap = obj2 instanceof Map ? (Map) obj2 : new HashMap();
                        hashMap.put(clientId, Instant.now().toString());
                        return hashMap;
                    });
                    this.groupRepository.save(group);
                }
            }
        }
    }

    @EventListener
    public void onOAuth2AuthenticationFailureEvent(OAuth2AuthenticationFailureEvent oAuth2AuthenticationFailureEvent) {
        logger.info("OAuth2 authentication failure: {}, {}", oAuth2AuthenticationFailureEvent.getException().getMessage(), oAuth2AuthenticationFailureEvent);
    }
}
