package cronapp.framework.security;

import cronapp.framework.api.ApiManager;
import java.time.OffsetDateTime;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.UUID;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.Customizer;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
import org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService;
import org.springframework.security.oauth2.client.web.OAuth2LoginAuthenticationFilter;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.stereotype.Component;

@ConditionalOnProperty(prefix = "cronapp.security.oauth", name = {"enabled"}, havingValue = "true")
@Component
/* loaded from: input_file:cronapp/framework/security/OAuthConfiguration.class */
public class OAuthConfiguration {
    private final GrantedAuthorityRepository authorityRepository;
    private final ApiAuthenticationFailureHandler authenticationFailureHandler;
    private final ApiAuthenticationSuccessHandler authenticationSuccessHandler;
    private final ApiUserDetailsManager userDetailsManager;
    private final OAuthAuthorizationRequestResolver authorizationRequestResolver;

    @Bean
    public HttpSecurityCustomizer oauthCustomizer() {
        return httpSecurity -> {
            httpSecurity.oauth2Login(oAuth2LoginConfigurer -> {
                oAuth2LoginConfigurer.failureHandler(this.authenticationFailureHandler);
                oAuth2LoginConfigurer.successHandler(this.authenticationSuccessHandler);
                oAuth2LoginConfigurer.userInfoEndpoint(Customizer.withDefaults());
                oAuth2LoginConfigurer.withObjectPostProcessor(this::postProcess);
                oAuth2LoginConfigurer.authorizationEndpoint(authorizationEndpointConfig -> {
                    authorizationEndpointConfig.authorizationRequestResolver(this.authorizationRequestResolver);
                });
            }).oidcLogout(oidcLogoutConfigurer -> {
                oidcLogoutConfigurer.backChannel(Customizer.withDefaults());
            });
        };
    }

    @Bean
    public OidcUserService oidcUserService() {
        OidcUserService oidcUserService = new OidcUserService();
        DefaultOAuth2UserService defaultOAuth2UserService = new DefaultOAuth2UserService();
        defaultOAuth2UserService.setAttributesConverter(oAuth2UserRequest -> {
            HashMap hashMap = new HashMap();
            if (oAuth2UserRequest instanceof OidcUserRequest) {
                hashMap.putAll(((OidcUserRequest) oAuth2UserRequest).getIdToken().getClaims());
            }
            return map -> {
                map.putAll(hashMap);
                return hashMap;
            };
        });
        oidcUserService.setOauth2UserService(defaultOAuth2UserService);
        return oidcUserService;
    }

    private <O> O postProcess(O o) {
        if (o instanceof OAuth2LoginAuthenticationFilter) {
            ((OAuth2LoginAuthenticationFilter) o).setAuthenticationResultConverter(this::convertAuthentication);
        }
        return o;
    }

    private OAuth2AuthenticationToken convertAuthentication(OAuth2LoginAuthenticationToken oAuth2LoginAuthenticationToken) {
        List<SimpleGrantedAuthority> findAll;
        Object attribute = oAuth2LoginAuthenticationToken.getPrincipal().getAttribute("roles");
        if (attribute instanceof Collection) {
            findAll = this.authorityRepository.findAll((Collection<String>) attribute);
        } else {
            findAll = this.authorityRepository.findAll(List.of());
        }
        OAuth2AuthenticationToken oAuth2AuthenticationToken = new OAuth2AuthenticationToken(oAuth2LoginAuthenticationToken.getPrincipal(), findAll, oAuth2LoginAuthenticationToken.getClientRegistration().getRegistrationId());
        if (!this.userDetailsManager.userExists(oAuth2LoginAuthenticationToken.getName())) {
            this.userDetailsManager.createUser(createCronappUserDetails(oAuth2AuthenticationToken));
        }
        oAuth2AuthenticationToken.setDetails(this.userDetailsManager.loadUserByUsername(oAuth2LoginAuthenticationToken.getName()));
        return oAuth2AuthenticationToken;
    }

    public static CronappUserDetails createCronappUserDetails(OAuth2AuthenticationToken oAuth2AuthenticationToken) {
        OAuth2User principal = oAuth2AuthenticationToken.getPrincipal();
        String str = (String) principal.getAttribute(ApiManager.SECURABLE_ATTRIBUTE_NAME);
        String name = oAuth2AuthenticationToken.getName();
        String normalize = ApiManager.normalize(name);
        String str2 = (String) principal.getAttribute("email");
        String normalize2 = ApiManager.normalize(str2);
        String str3 = (String) principal.getAttribute("phone");
        if (StringUtils.isEmpty(str3)) {
            str3 = "N/A";
        }
        if (StringUtils.isEmpty(str2)) {
            str2 = normalize;
        }
        if (!str2.contains("@")) {
            str2 = str2 + "@no-email";
        }
        if (StringUtils.isEmpty(normalize2)) {
            normalize2 = ApiManager.normalize(str2);
        }
        return CronappUserDetails.newBuilder().setName((String) StringUtils.defaultIfEmpty(str, name)).setUserName(name).setNormalizedUserName(normalize).setEmail(str2).setNormalizedEmail(normalize2).setEmailConfirmed(true).setSecurityStamp(UUID.randomUUID().toString()).setPhoneNumber(str3).setPhoneNumberConfirmed(true).setTwoFactorEnabled(false).setLockoutEnd(OffsetDateTime.MIN).setLockoutEnabled(false).setAccessFailedCount(0).setAuthorities(new HashSet(oAuth2AuthenticationToken.getAuthorities())).build();
    }

    @Generated
    public OAuthConfiguration(GrantedAuthorityRepository grantedAuthorityRepository, ApiAuthenticationFailureHandler apiAuthenticationFailureHandler, ApiAuthenticationSuccessHandler apiAuthenticationSuccessHandler, ApiUserDetailsManager apiUserDetailsManager, OAuthAuthorizationRequestResolver oAuthAuthorizationRequestResolver) {
        this.authorityRepository = grantedAuthorityRepository;
        this.authenticationFailureHandler = apiAuthenticationFailureHandler;
        this.authenticationSuccessHandler = apiAuthenticationSuccessHandler;
        this.userDetailsManager = apiUserDetailsManager;
        this.authorizationRequestResolver = oAuthAuthorizationRequestResolver;
    }
}
