package com.c4_soft.springaddons.security.oidc.starter.reactive.client;

import com.c4_soft.springaddons.security.oidc.starter.properties.SpringAddonsOidcProperties;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.stream.StreamSupport;
import org.springframework.security.oauth2.client.AuthorizationCodeReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.DelegatingReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.OAuth2AuthorizationContext;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.endpoint.WebClientReactiveClientCredentialsTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.WebClientReactiveRefreshTokenTokenResponseClient;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.util.MultiValueMap;
import reactor.core.publisher.Mono;

/* loaded from: input_file:com/c4_soft/springaddons/security/oidc/starter/reactive/client/PerRegistrationReactiveOAuth2AuthorizedClientProvider.class */
public final class PerRegistrationReactiveOAuth2AuthorizedClientProvider implements ReactiveOAuth2AuthorizedClientProvider {
    private final Map<String, DelegatingReactiveOAuth2AuthorizedClientProvider> providersByRegistrationId = new ConcurrentHashMap();
    private final Map<String, List<ReactiveOAuth2AuthorizedClientProvider>> customProvidersByRegistrationId;
    private final SpringAddonsOidcProperties addonsProperties;

    public PerRegistrationReactiveOAuth2AuthorizedClientProvider(InMemoryReactiveClientRegistrationRepository inMemoryReactiveClientRegistrationRepository, SpringAddonsOidcProperties springAddonsOidcProperties, Map<String, List<ReactiveOAuth2AuthorizedClientProvider>> map) {
        this.customProvidersByRegistrationId = map;
        this.addonsProperties = springAddonsOidcProperties;
        StreamSupport.stream(inMemoryReactiveClientRegistrationRepository.spliterator(), false).forEach(clientRegistration -> {
            this.providersByRegistrationId.put(clientRegistration.getRegistrationId(), new DelegatingReactiveOAuth2AuthorizedClientProvider(getProvidersFor(clientRegistration, springAddonsOidcProperties)));
        });
    }

    public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext oAuth2AuthorizationContext) {
        if (oAuth2AuthorizationContext == null) {
            return null;
        }
        ClientRegistration clientRegistration = oAuth2AuthorizationContext.getClientRegistration();
        if (!this.providersByRegistrationId.containsKey(clientRegistration.getRegistrationId())) {
            this.providersByRegistrationId.put(clientRegistration.getRegistrationId(), new DelegatingReactiveOAuth2AuthorizedClientProvider(getProvidersFor(clientRegistration, this.addonsProperties)));
        }
        return this.providersByRegistrationId.get(clientRegistration.getRegistrationId()).authorize(oAuth2AuthorizationContext);
    }

    private List<ReactiveOAuth2AuthorizedClientProvider> getProvidersFor(ClientRegistration clientRegistration, SpringAddonsOidcProperties springAddonsOidcProperties) {
        ArrayList arrayList = new ArrayList(this.customProvidersByRegistrationId.getOrDefault(clientRegistration.getRegistrationId(), List.of()));
        if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType())) {
            arrayList.add(new AuthorizationCodeReactiveOAuth2AuthorizedClientProvider());
            if (clientRegistration.getScopes().contains("offline_access")) {
                arrayList.add(createRefreshTokenProvider(clientRegistration, springAddonsOidcProperties));
            }
        } else if (AuthorizationGrantType.CLIENT_CREDENTIALS.equals(clientRegistration.getAuthorizationGrantType())) {
            arrayList.add(createClientCredentialsProvider(clientRegistration, springAddonsOidcProperties));
        }
        return arrayList;
    }

    private ClientCredentialsReactiveOAuth2AuthorizedClientProvider createClientCredentialsProvider(ClientRegistration clientRegistration, SpringAddonsOidcProperties springAddonsOidcProperties) {
        ClientCredentialsReactiveOAuth2AuthorizedClientProvider clientCredentialsReactiveOAuth2AuthorizedClientProvider = new ClientCredentialsReactiveOAuth2AuthorizedClientProvider();
        MultiValueMap<String, String> extraTokenParameters = springAddonsOidcProperties.getClient().getExtraTokenParameters(clientRegistration.getRegistrationId());
        if (extraTokenParameters.size() == 0) {
            return clientCredentialsReactiveOAuth2AuthorizedClientProvider;
        }
        WebClientReactiveClientCredentialsTokenResponseClient webClientReactiveClientCredentialsTokenResponseClient = new WebClientReactiveClientCredentialsTokenResponseClient();
        webClientReactiveClientCredentialsTokenResponseClient.addParametersConverter(oAuth2ClientCredentialsGrantRequest -> {
            return extraTokenParameters;
        });
        clientCredentialsReactiveOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(webClientReactiveClientCredentialsTokenResponseClient);
        return clientCredentialsReactiveOAuth2AuthorizedClientProvider;
    }

    private RefreshTokenReactiveOAuth2AuthorizedClientProvider createRefreshTokenProvider(ClientRegistration clientRegistration, SpringAddonsOidcProperties springAddonsOidcProperties) {
        RefreshTokenReactiveOAuth2AuthorizedClientProvider refreshTokenReactiveOAuth2AuthorizedClientProvider = new RefreshTokenReactiveOAuth2AuthorizedClientProvider();
        MultiValueMap<String, String> extraTokenParameters = springAddonsOidcProperties.getClient().getExtraTokenParameters(clientRegistration.getRegistrationId());
        if (extraTokenParameters.size() == 0) {
            return refreshTokenReactiveOAuth2AuthorizedClientProvider;
        }
        WebClientReactiveRefreshTokenTokenResponseClient webClientReactiveRefreshTokenTokenResponseClient = new WebClientReactiveRefreshTokenTokenResponseClient();
        webClientReactiveRefreshTokenTokenResponseClient.addParametersConverter(oAuth2RefreshTokenGrantRequest -> {
            return extraTokenParameters;
        });
        refreshTokenReactiveOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(webClientReactiveRefreshTokenTokenResponseClient);
        return refreshTokenReactiveOAuth2AuthorizedClientProvider;
    }
}
