package com.sap.cds.framework.spring.config.runtime;

import com.sap.cds.services.authentication.AuthenticationInfo;
import com.sap.cds.services.authentication.BasicAuthenticationInfo;
import com.sap.cds.services.authentication.JwtTokenAuthenticationInfo;
import com.sap.cds.services.runtime.AuthenticationInfoProvider;
import java.util.Iterator;
import java.util.List;
import java.util.function.Function;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;

@Configuration
@ConditionalOnClass({SecurityContextHolder.class})
/* loaded from: input_file:com/sap/cds/framework/spring/config/runtime/SpringAuthenticationInfoProvider.class */
public class SpringAuthenticationInfoProvider {

    @Configuration
    @ConditionalOnClass({UsernamePasswordAuthenticationToken.class})
    /* loaded from: input_file:com/sap/cds/framework/spring/config/runtime/SpringAuthenticationInfoProvider$BasicAuth.class */
    public static class BasicAuth {
        @Bean
        @Order(2147483645)
        public AuthenticationInfoProvider basicAuthenticationInfoProvider() {
            return new SecurityContextAuthenticationInfoProvider(authentication -> {
                if (!(authentication instanceof UsernamePasswordAuthenticationToken)) {
                    return null;
                }
                Object principal = ((UsernamePasswordAuthenticationToken) authentication).getPrincipal();
                if (!(principal instanceof User)) {
                    return null;
                }
                User user = (User) principal;
                return new BasicAuthenticationInfo(user.getUsername(), user.getPassword());
            });
        }
    }

    @Configuration
    @ConditionalOnClass({OAuth2AuthenticationToken.class})
    /* loaded from: input_file:com/sap/cds/framework/spring/config/runtime/SpringAuthenticationInfoProvider$OAuth2Client.class */
    public static class OAuth2Client {
        @Bean
        @Order(2147483646)
        public AuthenticationInfoProvider oauth2ClientAuthenticationInfoProvider(List<OAuth2AuthorizedClientService> list) {
            return new SecurityContextAuthenticationInfoProvider(authentication -> {
                if (!(authentication instanceof OAuth2AuthenticationToken)) {
                    return null;
                }
                String authorizedClientRegistrationId = ((OAuth2AuthenticationToken) authentication).getAuthorizedClientRegistrationId();
                String name = ((OAuth2AuthenticationToken) authentication).getName();
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    OAuth2AuthorizedClient loadAuthorizedClient = ((OAuth2AuthorizedClientService) it.next()).loadAuthorizedClient(authorizedClientRegistrationId, name);
                    if (loadAuthorizedClient != null) {
                        return new JwtTokenAuthenticationInfo(loadAuthorizedClient.getAccessToken().getTokenValue());
                    }
                }
                return null;
            });
        }
    }

    @Configuration
    @ConditionalOnClass({JwtAuthenticationToken.class})
    /* loaded from: input_file:com/sap/cds/framework/spring/config/runtime/SpringAuthenticationInfoProvider$OAuth2ResourceServer.class */
    public static class OAuth2ResourceServer {
        @Bean
        @Order(Integer.MAX_VALUE)
        public AuthenticationInfoProvider oauth2ResourceServerAuthenticationInfoProvider() {
            return new SecurityContextAuthenticationInfoProvider(authentication -> {
                if (authentication instanceof JwtAuthenticationToken) {
                    return new JwtTokenAuthenticationInfo(((JwtAuthenticationToken) authentication).getToken().getTokenValue());
                }
                return null;
            });
        }
    }

    /* loaded from: input_file:com/sap/cds/framework/spring/config/runtime/SpringAuthenticationInfoProvider$SecurityContextAuthenticationInfoProvider.class */
    private static class SecurityContextAuthenticationInfoProvider implements AuthenticationInfoProvider {
        private final Function<Authentication, AuthenticationInfo> authenticationMapper;
        private AuthenticationInfoProvider previous;

        public SecurityContextAuthenticationInfoProvider(Function<Authentication, AuthenticationInfo> function) {
            this.authenticationMapper = function;
        }

        public AuthenticationInfo get() {
            AuthenticationInfo apply = this.authenticationMapper.apply(SecurityContextHolder.getContext().getAuthentication());
            return apply == null ? this.previous.get() : apply;
        }

        public void setPrevious(AuthenticationInfoProvider authenticationInfoProvider) {
            this.previous = authenticationInfoProvider;
        }
    }
}
