package eu.openanalytics.containerproxy.auth.impl.msgraph;

import eu.openanalytics.containerproxy.util.EnvironmentUtils;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.core.env.Environment;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.client.AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.InMemoryReactiveOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.InMemoryReactiveClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.stereotype.Component;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;

@ConditionalOnProperty({"proxy.ms-graph.client-id"})
@Component
/* loaded from: input_file:BOOT-INF/lib/containerproxy-1.2.0.jar:eu/openanalytics/containerproxy/auth/impl/msgraph/MicrosoftGraphGroupFetcher.class */
public class MicrosoftGraphGroupFetcher {
    private static final String REGISTRATION_ID = "shinyproxy-ms-graph";
    private final String tenantId;
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private final WebClient webClient;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/containerproxy-1.2.0.jar:eu/openanalytics/containerproxy/auth/impl/msgraph/MicrosoftGraphGroupFetcher$GroupMembership.class */
    public static final class GroupMembership extends Record {
        private final String id;
        private final String displayName;

        private GroupMembership(String str, String str2) {
            this.id = str;
            this.displayName = str2;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, GroupMembership.class), GroupMembership.class, "id;displayName", "FIELD:Leu/openanalytics/containerproxy/auth/impl/msgraph/MicrosoftGraphGroupFetcher$GroupMembership;->id:Ljava/lang/String;", "FIELD:Leu/openanalytics/containerproxy/auth/impl/msgraph/MicrosoftGraphGroupFetcher$GroupMembership;->displayName:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, GroupMembership.class), GroupMembership.class, "id;displayName", "FIELD:Leu/openanalytics/containerproxy/auth/impl/msgraph/MicrosoftGraphGroupFetcher$GroupMembership;->id:Ljava/lang/String;", "FIELD:Leu/openanalytics/containerproxy/auth/impl/msgraph/MicrosoftGraphGroupFetcher$GroupMembership;->displayName:Ljava/lang/String;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, GroupMembership.class, Object.class), GroupMembership.class, "id;displayName", "FIELD:Leu/openanalytics/containerproxy/auth/impl/msgraph/MicrosoftGraphGroupFetcher$GroupMembership;->id:Ljava/lang/String;", "FIELD:Leu/openanalytics/containerproxy/auth/impl/msgraph/MicrosoftGraphGroupFetcher$GroupMembership;->displayName:Ljava/lang/String;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public String id() {
            return this.id;
        }

        public String displayName() {
            return this.displayName;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/containerproxy-1.2.0.jar:eu/openanalytics/containerproxy/auth/impl/msgraph/MicrosoftGraphGroupFetcher$MemberOfResponse.class */
    public static final class MemberOfResponse extends Record {
        private final List<GroupMembership> value;

        private MemberOfResponse(List<GroupMembership> list) {
            this.value = list;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, MemberOfResponse.class), MemberOfResponse.class, "value", "FIELD:Leu/openanalytics/containerproxy/auth/impl/msgraph/MicrosoftGraphGroupFetcher$MemberOfResponse;->value:Ljava/util/List;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, MemberOfResponse.class), MemberOfResponse.class, "value", "FIELD:Leu/openanalytics/containerproxy/auth/impl/msgraph/MicrosoftGraphGroupFetcher$MemberOfResponse;->value:Ljava/util/List;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, MemberOfResponse.class, Object.class), MemberOfResponse.class, "value", "FIELD:Leu/openanalytics/containerproxy/auth/impl/msgraph/MicrosoftGraphGroupFetcher$MemberOfResponse;->value:Ljava/util/List;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public List<GroupMembership> value() {
            return this.value;
        }
    }

    public MicrosoftGraphGroupFetcher(Environment environment) {
        String property = environment.getProperty("proxy.ms-graph.client-id");
        String property2 = environment.getProperty("proxy.ms-graph.client-secret");
        String property3 = environment.getProperty("proxy.ms-graph.api-url", "https://graph.microsoft.com");
        String property4 = environment.getProperty("proxy.ms-graph.token-url");
        List<String> readList = EnvironmentUtils.readList(environment, "proxy.ms-graph.scopes");
        readList = (readList == null || readList.isEmpty()) ? List.of("https://graph.microsoft.com/.default") : readList;
        this.tenantId = environment.getProperty("proxy.ms-graph.tenant-id");
        this.webClient = WebClient.builder().baseUrl(property3).filter(getServerOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistration.withRegistrationId(REGISTRATION_ID).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).clientId(property).clientSecret(property2).tokenUri(property4).scope(readList).build())).defaultHeader("Content-Type", "application/json").build();
    }

    private ServerOAuth2AuthorizedClientExchangeFilterFunction getServerOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistration clientRegistration) {
        InMemoryReactiveClientRegistrationRepository inMemoryReactiveClientRegistrationRepository = new InMemoryReactiveClientRegistrationRepository(clientRegistration);
        ServerOAuth2AuthorizedClientExchangeFilterFunction serverOAuth2AuthorizedClientExchangeFilterFunction = new ServerOAuth2AuthorizedClientExchangeFilterFunction(new AuthorizedClientServiceReactiveOAuth2AuthorizedClientManager(inMemoryReactiveClientRegistrationRepository, new InMemoryReactiveOAuth2AuthorizedClientService(inMemoryReactiveClientRegistrationRepository)));
        serverOAuth2AuthorizedClientExchangeFilterFunction.setDefaultClientRegistrationId(REGISTRATION_ID);
        return serverOAuth2AuthorizedClientExchangeFilterFunction;
    }

    /* JADX WARN: Type inference failed for: r0v6, types: [org.springframework.web.reactive.function.client.WebClient$RequestHeadersSpec] */
    public Set<GrantedAuthority> fetchGroups(String str) {
        try {
            MemberOfResponse memberOfResponse = (MemberOfResponse) this.webClient.get().uri(String.format("/v1.0/%s/users/%s/memberOf", this.tenantId, str), new Object[0]).retrieve().onStatus((v0) -> {
                return v0.isError();
            }, clientResponse -> {
                return clientResponse.bodyToMono(String.class).flatMap(str2 -> {
                    return Mono.error(new IllegalStateException(String.format("Error from Microsoft Graph API, status: %s, response: %s", clientResponse.statusCode(), str2)));
                });
            }).bodyToFlux(MemberOfResponse.class).blockLast();
            if (memberOfResponse == null) {
                this.logger.warn("No group memberships found for {}", str);
                return Set.of();
            }
            HashSet hashSet = new HashSet(memberOfResponse.value.stream().map(groupMembership -> {
                if (groupMembership == null || groupMembership.displayName == null) {
                    return null;
                }
                return new SimpleGrantedAuthority((groupMembership.displayName.toUpperCase().startsWith("ROLE_") ? groupMembership.displayName : "ROLE_" + groupMembership.displayName).toUpperCase());
            }).filter((v0) -> {
                return Objects.nonNull(v0);
            }).toList());
            this.logger.debug("Received groups from Microsoft Graph api for user: {}, groups: {}", str, hashSet);
            return hashSet;
        } catch (Exception e) {
            this.logger.warn("Error while fetching groups from Microsoft Graph API - continuing without groups", (Throwable) e);
            return Set.of();
        }
    }
}
