package org.alfresco.web.site.servlet.config;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.openid.connect.sdk.op.OIDCProviderMetadata;
import java.net.URI;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicReference;
import net.minidev.json.JSONObject;
import org.alfresco.web.site.TaskUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.http.MediaType;
import org.springframework.http.RequestEntity;
import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponentsBuilder;

@Configuration
/* loaded from: input_file:org/alfresco/web/site/servlet/config/AppConfig.class */
public class AppConfig {
    private final String clientId;
    private final String clientSecret;
    private final String principalAttribute;
    private final AIMSConfig aimsConfig;
    private static final String REALMS = "realms";
    private static final Log LOGGER = LogFactory.getLog(AppConfig.class);
    private static final RestTemplate rest = new RestTemplate();
    private static final ParameterizedTypeReference<Map<String, Object>> typeReference = new ParameterizedTypeReference<Map<String, Object>>() { // from class: org.alfresco.web.site.servlet.config.AppConfig.1
    };

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/alfresco/web/site/servlet/config/AppConfig$ThrowingFunction.class */
    public interface ThrowingFunction<S, T, E extends Throwable> {
        T apply(S s) throws Throwable;
    }

    @Autowired
    public AppConfig(AIMSConfig aIMSConfig) {
        this.aimsConfig = aIMSConfig;
        this.clientId = aIMSConfig.getResource();
        this.clientSecret = aIMSConfig.getSecret();
        this.principalAttribute = aIMSConfig.getPrincipalAttribute();
    }

    @Bean
    public OAuth2AuthorizedClientRepository authorizedClientRepository(@Autowired(required = false) OAuth2AuthorizedClientService oAuth2AuthorizedClientService) {
        if (null != oAuth2AuthorizedClientService) {
            return new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(oAuth2AuthorizedClientService);
        }
        return null;
    }

    @Bean
    public OAuth2AuthorizedClientService authorizedClientService(@Autowired(required = false) ClientRegistrationRepository clientRegistrationRepository) {
        if (null != clientRegistrationRepository) {
            return new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository);
        }
        return null;
    }

    @Bean
    public ClientRegistrationRepository clientRegistrationRepository() throws ParseException {
        if (null != clientRegistration()) {
            return new InMemoryClientRegistrationRepository(new ClientRegistration[]{clientRegistration()});
        }
        return null;
    }

    @Bean
    public AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientServiceAndManager(@Autowired(required = false) ClientRegistrationRepository clientRegistrationRepository, @Autowired(required = false) OAuth2AuthorizedClientService oAuth2AuthorizedClientService) {
        if (null == clientRegistrationRepository || null == oAuth2AuthorizedClientService) {
            return null;
        }
        OAuth2AuthorizedClientProvider build = OAuth2AuthorizedClientProviderBuilder.builder().authorizationCode().build();
        AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientServiceOAuth2AuthorizedClientManager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(clientRegistrationRepository, oAuth2AuthorizedClientService);
        authorizedClientServiceOAuth2AuthorizedClientManager.setAuthorizedClientProvider(build);
        return authorizedClientServiceOAuth2AuthorizedClientManager;
    }

    private ClientRegistration clientRegistration() throws ParseException {
        if (!this.aimsConfig.isEnabled()) {
            return null;
        }
        AtomicReference atomicReference = new AtomicReference();
        TaskUtils.retry(10, 1000L, LOGGER, () -> {
            atomicReference.set(createBuilder(getMetadataURI()));
        });
        return ((ClientRegistration.Builder) atomicReference.get()).registrationId(this.clientId).clientId(this.clientId).clientSecret(this.clientSecret).scope(new String[]{"openid", "profile", "email"}).redirectUri("*").userNameAttributeName(this.principalAttribute).clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).clientName(this.clientId).build();
    }

    @Bean
    public MappingJackson2HttpMessageConverter jsonConverter() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(MediaType.APPLICATION_JSON);
        Jackson2ObjectMapperBuilder jackson2ObjectMapperBuilder = new Jackson2ObjectMapperBuilder();
        jackson2ObjectMapperBuilder.serializationInclusion(JsonInclude.Include.NON_NULL);
        MappingJackson2HttpMessageConverter mappingJackson2HttpMessageConverter = new MappingJackson2HttpMessageConverter(jackson2ObjectMapperBuilder.build());
        mappingJackson2HttpMessageConverter.setSupportedMediaTypes(arrayList);
        return mappingJackson2HttpMessageConverter;
    }

    private ClientRegistration.Builder createBuilder(URI uri) {
        OIDCProviderMetadata oIDCProviderMetadata = (OIDCProviderMetadata) parse((Map) rest.exchange(RequestEntity.get(uri).build(), typeReference).getBody(), OIDCProviderMetadata::parse);
        String str = (String) Optional.of(oIDCProviderMetadata).map((v0) -> {
            return v0.getAuthorizationEndpointURI();
        }).map((v0) -> {
            return v0.toASCIIString();
        }).orElse(null);
        return ClientRegistration.withRegistrationId("ids").providerConfigurationMetadata(new LinkedHashMap((Map) oIDCProviderMetadata.toJSONObject())).authorizationUri(str).issuerUri((String) Optional.of(oIDCProviderMetadata).map((v0) -> {
            return v0.getIssuer();
        }).map((v0) -> {
            return v0.getValue();
        }).orElseThrow(() -> {
            return new IllegalStateException("Issuer Url cannot be empty.");
        })).tokenUri(oIDCProviderMetadata.getTokenEndpointURI().toASCIIString()).jwkSetUri(oIDCProviderMetadata.getJWKSetURI().toASCIIString()).userInfoUri(oIDCProviderMetadata.getUserInfoEndpointURI().toASCIIString());
    }

    private static <T> T parse(Map<String, Object> map, ThrowingFunction<JSONObject, T, ParseException> throwingFunction) {
        try {
            return throwingFunction.apply(new JSONObject(map));
        } catch (ParseException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private URI getMetadataURI() {
        String authServerUrl = this.aimsConfig.getAuthServerUrl();
        if (StringUtils.isEmpty(authServerUrl)) {
            throw new IllegalArgumentException("AuthServer Url cannot be empty.");
        }
        return UriComponentsBuilder.fromUriString(authServerUrl).pathSegment(new String[]{".well-known", "openid-configuration"}).build().toUri();
    }
}
