package com.azure.spring.autoconfigure.b2c;

import java.util.HashMap;
import java.util.Objects;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import org.springframework.lang.NonNull;
import org.springframework.lang.Nullable;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizationRequestResolver;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/azure/spring/autoconfigure/b2c/AADB2CAuthorizationRequestResolver.class */
public class AADB2CAuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
    private static final String PARAMETER_X_CLIENT_SKU = "x-client-SKU";
    private static final String AAD_B2C_USER_AGENT = "spring-boot-starter";
    private final OAuth2AuthorizationRequestResolver defaultResolver;
    private final String passwordResetUserFlow;
    private final AADB2CProperties properties;
    private static final String REQUEST_BASE_URI = "/oauth2/authorization";
    private static final String REGISTRATION_ID_NAME = "registrationId";
    private static final String MATCHER_PATTERN = String.format("%s/{%s}", REQUEST_BASE_URI, REGISTRATION_ID_NAME);
    private static final AntPathRequestMatcher REQUEST_MATCHER = new AntPathRequestMatcher(MATCHER_PATTERN);

    public AADB2CAuthorizationRequestResolver(@NonNull ClientRegistrationRepository clientRegistrationRepository, @NonNull AADB2CProperties aADB2CProperties) {
        this.properties = aADB2CProperties;
        this.passwordResetUserFlow = this.properties.getPasswordReset();
        this.defaultResolver = new DefaultOAuth2AuthorizationRequestResolver(clientRegistrationRepository, REQUEST_BASE_URI);
    }

    public OAuth2AuthorizationRequest resolve(@NonNull HttpServletRequest httpServletRequest) {
        return resolve(httpServletRequest, getRegistrationId(httpServletRequest));
    }

    public OAuth2AuthorizationRequest resolve(@NonNull HttpServletRequest httpServletRequest, String str) {
        if (StringUtils.hasText(this.passwordResetUserFlow) && isForgotPasswordAuthorizationRequest(httpServletRequest)) {
            return getB2CAuthorizationRequest(this.defaultResolver.resolve(httpServletRequest, this.passwordResetUserFlow), this.passwordResetUserFlow);
        }
        if (StringUtils.hasText(str) && REQUEST_MATCHER.matches(httpServletRequest)) {
            return getB2CAuthorizationRequest(this.defaultResolver.resolve(httpServletRequest), str);
        }
        return null;
    }

    private OAuth2AuthorizationRequest getB2CAuthorizationRequest(@Nullable OAuth2AuthorizationRequest oAuth2AuthorizationRequest, String str) {
        Assert.hasText(str, "User flow should contain text.");
        if (oAuth2AuthorizationRequest == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        Optional map = Optional.ofNullable(this.properties).map((v0) -> {
            return v0.getAuthenticateAdditionalParameters();
        });
        Objects.requireNonNull(hashMap);
        map.ifPresent(hashMap::putAll);
        hashMap.put("p", str);
        hashMap.put(PARAMETER_X_CLIENT_SKU, AAD_B2C_USER_AGENT);
        hashMap.putAll(oAuth2AuthorizationRequest.getAdditionalParameters());
        return OAuth2AuthorizationRequest.from(oAuth2AuthorizationRequest).additionalParameters(hashMap).build();
    }

    private String getRegistrationId(HttpServletRequest httpServletRequest) {
        if (REQUEST_MATCHER.matches(httpServletRequest)) {
            return (String) REQUEST_MATCHER.matcher(httpServletRequest).getVariables().get(REGISTRATION_ID_NAME);
        }
        return null;
    }

    private boolean isForgotPasswordAuthorizationRequest(@NonNull HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("error");
        String parameter2 = httpServletRequest.getParameter("error_description");
        if (!"access_denied".equals(parameter)) {
            return false;
        }
        Assert.hasText(parameter2, "description should contain text.");
        return parameter2.startsWith("AADB2C90118:");
    }
}
