package com.azure.spring.aad;

import com.azure.spring.aad.webapp.AuthorizationClientProperties;
import com.azure.spring.autoconfigure.aad.AADAuthenticationProperties;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.util.Assert;

/* loaded from: input_file:com/azure/spring/aad/AADClientRegistrationRepository.class */
public class AADClientRegistrationRepository implements ClientRegistrationRepository, Iterable<ClientRegistration> {
    public static final String AZURE_CLIENT_REGISTRATION_ID = "azure";
    private final Set<String> azureClientAccessTokenScopes;
    private final Map<String, ClientRegistration> allClients;

    public AADClientRegistrationRepository(AADAuthenticationProperties aADAuthenticationProperties) {
        Set<String> azureClientAccessTokenScopes = azureClientAccessTokenScopes(aADAuthenticationProperties);
        Set<String> delegatedClientsAccessTokenScopes = delegatedClientsAccessTokenScopes(aADAuthenticationProperties);
        HashSet hashSet = new HashSet();
        hashSet.addAll(azureClientAccessTokenScopes);
        hashSet.addAll(delegatedClientsAccessTokenScopes);
        if (resourceServerCount(azureClientAccessTokenScopes) == 0 && resourceServerCount(hashSet) > 1) {
            String str = aADAuthenticationProperties.getGraphBaseUri() + "User.Read";
            azureClientAccessTokenScopes.add(str);
            hashSet.add(str);
        }
        this.azureClientAccessTokenScopes = azureClientAccessTokenScopes;
        this.allClients = (Map) aADAuthenticationProperties.getAuthorizationClients().entrySet().stream().collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry -> {
            return toClientRegistration((String) entry.getKey(), ((AuthorizationClientProperties) entry.getValue()).getAuthorizationGrantType(), ((AuthorizationClientProperties) entry.getValue()).getScopes(), aADAuthenticationProperties);
        }));
        this.allClients.put(AZURE_CLIENT_REGISTRATION_ID, toClientRegistration(AZURE_CLIENT_REGISTRATION_ID, AADAuthorizationGrantType.AUTHORIZATION_CODE, hashSet, aADAuthenticationProperties));
    }

    public Set<String> getAzureClientAccessTokenScopes() {
        return this.azureClientAccessTokenScopes;
    }

    public ClientRegistration findByRegistrationId(String str) {
        Assert.hasText(str, "registrationId cannot be empty");
        return this.allClients.get(str);
    }

    @Override // java.lang.Iterable
    public Iterator<ClientRegistration> iterator() {
        return this.allClients.values().stream().filter(clientRegistration -> {
            return clientRegistration.getAuthorizationGrantType().getValue().equals(AADAuthorizationGrantType.AUTHORIZATION_CODE.getValue());
        }).iterator();
    }

    private Set<String> azureClientAccessTokenScopes(AADAuthenticationProperties aADAuthenticationProperties) {
        Set<String> set = (Set) Optional.of(aADAuthenticationProperties).map((v0) -> {
            return v0.getAuthorizationClients();
        }).map(map -> {
            return (AuthorizationClientProperties) map.get(AZURE_CLIENT_REGISTRATION_ID);
        }).map((v0) -> {
            return v0.getScopes();
        }).map((v1) -> {
            return new HashSet(v1);
        }).orElseGet(HashSet::new);
        if (!set.contains("openid")) {
            set.add("openid");
        }
        if (!set.contains("profile")) {
            set.add("profile");
        }
        if (!set.contains("offline_access")) {
            set.add("offline_access");
        }
        if (aADAuthenticationProperties.allowedGroupNamesConfigured()) {
            set.add(aADAuthenticationProperties.getGraphBaseUri() + "Directory.Read.All");
        } else if (aADAuthenticationProperties.allowedGroupIdsConfigured()) {
            set.add(aADAuthenticationProperties.getGraphBaseUri() + "User.Read");
        }
        return set;
    }

    private Set<String> delegatedClientsAccessTokenScopes(AADAuthenticationProperties aADAuthenticationProperties) {
        return (Set) aADAuthenticationProperties.getAuthorizationClients().values().stream().filter(authorizationClientProperties -> {
            return AADAuthorizationGrantType.AZURE_DELEGATED.getValue().equals(authorizationClientProperties.getAuthorizationGrantType().getValue());
        }).flatMap(authorizationClientProperties2 -> {
            return authorizationClientProperties2.getScopes().stream();
        }).collect(Collectors.toSet());
    }

    private ClientRegistration toClientRegistration(String str, AADAuthorizationGrantType aADAuthorizationGrantType, Collection<String> collection, AADAuthenticationProperties aADAuthenticationProperties) {
        AADAuthorizationServerEndpoints aADAuthorizationServerEndpoints = new AADAuthorizationServerEndpoints(aADAuthenticationProperties.getBaseUri(), aADAuthenticationProperties.getTenantId());
        return ClientRegistration.withRegistrationId(str).clientName(str).authorizationGrantType(new AuthorizationGrantType(aADAuthorizationGrantType.getValue())).scope(collection).redirectUri(aADAuthenticationProperties.getRedirectUriTemplate()).userNameAttributeName(aADAuthenticationProperties.getUserNameAttribute()).clientId(aADAuthenticationProperties.getClientId()).clientSecret(aADAuthenticationProperties.getClientSecret()).authorizationUri(aADAuthorizationServerEndpoints.authorizationEndpoint()).tokenUri(aADAuthorizationServerEndpoints.tokenEndpoint()).jwkSetUri(aADAuthorizationServerEndpoints.jwkSetEndpoint()).providerConfigurationMetadata(providerConfigurationMetadata(aADAuthorizationServerEndpoints)).build();
    }

    private Map<String, Object> providerConfigurationMetadata(AADAuthorizationServerEndpoints aADAuthorizationServerEndpoints) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("end_session_endpoint", aADAuthorizationServerEndpoints.endSessionEndpoint());
        return linkedHashMap;
    }

    public static int resourceServerCount(Set<String> set) {
        return (int) set.stream().filter(str -> {
            return str.contains("/");
        }).map(str2 -> {
            return str2.substring(0, str2.lastIndexOf(47));
        }).distinct().count();
    }
}
