package pl.decerto.hyperon.common.security.oauth2;

import com.sun.xml.ws.encoding.soap.streaming.SOAP12NamespaceConstants;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.http.HttpSession;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
import org.springframework.web.context.request.RequestContextHolder;
import pl.decerto.hyperon.common.security.MppUserDetails;
import pl.decerto.hyperon.common.security.cache.UsersCacheManager;
import pl.decerto.hyperon.common.security.dto.SystemUser;

@OAuth2PropertyCondition
@Configuration
/* loaded from: input_file:pl/decerto/hyperon/common/security/oauth2/OAuth2UserServiceConfiguration.class */
public class OAuth2UserServiceConfiguration {
    private static final String NAME_ATTRIBUTE_KEY = "name";
    private static final String HYPERON_OIDC_USER = "hyperonOidcUser";
    private final OAuth2SystemUserCreator oAuth2SystemUserCreator;
    private final UsersCacheManager userCache;

    public OAuth2UserServiceConfiguration(OAuth2SystemUserCreator oAuth2SystemUserCreator, UsersCacheManager usersCacheManager) {
        this.oAuth2SystemUserCreator = oAuth2SystemUserCreator;
        this.userCache = usersCacheManager;
    }

    @Bean
    public OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService() {
        OidcUserService oidcUserService = new OidcUserService();
        return oidcUserRequest -> {
            OidcUser loadUser = oidcUserService.loadUser(oidcUserRequest);
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            HttpSession session = RequestContextHolder.currentRequestAttributes().getRequest().getSession(true);
            if (authentication != null) {
                return (HyperonOidcUserDetails) session.getAttribute(HYPERON_OIDC_USER);
            }
            HyperonOidcUserDetails hyperonOidcUserDetails = new HyperonOidcUserDetails(getAuthorities(loadUser), loadUser.getIdToken(), "name");
            SystemUser createOrUpdateSystemUser = createOrUpdateSystemUser(hyperonOidcUserDetails);
            hyperonOidcUserDetails.setHyperonUserDetails(MppUserDetails.createMppUserDetails(createOrUpdateSystemUser, this.userCache.getUserCacheEntry(createOrUpdateSystemUser.getLogin())));
            session.setAttribute(HYPERON_OIDC_USER, hyperonOidcUserDetails);
            return hyperonOidcUserDetails;
        };
    }

    private static Set<SimpleGrantedAuthority> getAuthorities(OidcUser oidcUser) {
        return (Set) oidcUser.getAuthorities().stream().filter(grantedAuthority -> {
            return grantedAuthority instanceof OidcUserAuthority;
        }).map((v0) -> {
            return v0.getAuthority();
        }).filter(str -> {
            return str.toLowerCase().contains(SOAP12NamespaceConstants.ATTR_ACTOR);
        }).map(SimpleGrantedAuthority::new).collect(Collectors.toUnmodifiableSet());
    }

    private SystemUser createOrUpdateSystemUser(HyperonOidcUserDetails hyperonOidcUserDetails) {
        return this.oAuth2SystemUserCreator.createOrUpdate((String) hyperonOidcUserDetails.getAttribute("name"), hyperonOidcUserDetails);
    }
}
