package io.pivotal.cfenv.boot.sso;

import io.pivotal.cfenv.core.CfCredentials;
import io.pivotal.cfenv.core.CfService;
import io.pivotal.cfenv.spring.boot.CfEnvProcessor;
import io.pivotal.cfenv.spring.boot.CfEnvProcessorProperties;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:io/pivotal/cfenv/boot/sso/CfSingleSignOnProcessor.class */
public class CfSingleSignOnProcessor implements CfEnvProcessor {
    private static final String PIVOTAL_SSO_LABEL = "p-identity";
    private static final String SPRING_SECURITY_CLIENT = "spring.security.oauth2.client";
    private static final String PROVIDER_ID = "sso";
    private static final String BASE_CLIENT_REGISTRATION_ID = "sso";
    private static final String AUTHCODE_CLIENT_REGISTRATION_ID = "ssoauthorizationcode";
    private static final String CLIENTCRED_CLIENT_REGISTRATION_ID = "ssoclientcredentials";
    private static final String SSO_SERVICE = "ssoServiceUrl";
    private static final String AUTHORIZATION_CODE = "authorization_code";
    private static final String CLIENT_CREDENTIALS = "client_credentials";
    private static final Set<String> AUTH_CODE_AND_CLIENT_CREDS = new HashSet(Arrays.asList(AUTHORIZATION_CODE, CLIENT_CREDENTIALS));

    public boolean accept(CfService cfService) {
        return SpringSecurityDetector.isSpringSecurityPresent() && cfService.existsByLabelStartsWith(PIVOTAL_SSO_LABEL);
    }

    public void process(CfCredentials cfCredentials, Map<String, Object> map) {
        String string = cfCredentials.getString(new String[]{"client_id"});
        String string2 = cfCredentials.getString(new String[]{"client_secret"});
        String string3 = cfCredentials.getString(new String[]{"auth_domain"});
        String fromAuthDomain = fromAuthDomain(string3);
        map.put(SSO_SERVICE, string3);
        map.put("spring.security.oauth2.client.provider.sso.issuer-uri", fromAuthDomain + "/oauth/token");
        map.put("spring.security.oauth2.client.provider.sso.authorization-uri", string3 + "/oauth/authorize");
        ArrayList<String> arrayList = (ArrayList) cfCredentials.getMap().get("grant_types");
        if (arrayList != null && isAuthCodeAndClientCreds(arrayList)) {
            mapBasicClientProperties(map, AUTHCODE_CLIENT_REGISTRATION_ID, string, string2);
            map.put("spring.security.oauth2.client.registration.ssoauthorizationcode.authorization-grant-type", AUTHORIZATION_CODE);
            mapBasicClientProperties(map, CLIENTCRED_CLIENT_REGISTRATION_ID, string, string2);
            map.put("spring.security.oauth2.client.registration.ssoclientcredentials.authorization-grant-type", CLIENT_CREDENTIALS);
            return;
        }
        if (arrayList == null || arrayList.size() != 1) {
            mapBasicClientProperties(map, "sso", string, string2);
        } else {
            mapBasicClientProperties(map, "sso", string, string2);
            map.put("spring.security.oauth2.client.registration.sso.authorization-grant-type", arrayList.get(0));
        }
    }

    private boolean isAuthCodeAndClientCreds(ArrayList<String> arrayList) {
        return new HashSet(arrayList).equals(AUTH_CODE_AND_CLIENT_CREDS);
    }

    private void mapBasicClientProperties(Map<String, Object> map, String str, String str2, String str3) {
        String str4 = "spring.security.oauth2.client.registration." + str;
        map.put(str4 + ".client-id", str2);
        map.put(str4 + ".client-secret", str3);
        map.put(str4 + ".client-name", str);
        map.put(str4 + ".redirect-uri", "{baseUrl}/login/oauth2/code/{registrationId}");
        map.put(str4 + ".provider", "sso");
    }

    public CfEnvProcessorProperties getProperties() {
        return CfEnvProcessorProperties.builder().propertyPrefixes(String.join(",", SSO_SERVICE, SPRING_SECURITY_CLIENT)).serviceName("Single Sign On").build();
    }

    String fromAuthDomain(String str) {
        URI create = URI.create(str);
        if (create.getHost() == null) {
            throw new IllegalArgumentException("Unable to parse URI host from VCAP_SERVICES with label: \"p-identity\" and auth_domain: \"" + str + "\"");
        }
        try {
            return new URI(create.getScheme(), create.getUserInfo(), create.getHost().replaceFirst("login\\.", "uaa."), create.getPort(), create.getPath(), create.getQuery(), create.getFragment()).toString();
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException(e.getMessage(), e);
        }
    }
}
