package com.geoway.atlas.map.config;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Consumer;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
import org.springframework.security.crypto.keygen.StringKeyGenerator;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:com/geoway/atlas/map/config/CustomOAuth2AuthorizationRequestResolver.class */
public class CustomOAuth2AuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
    private static final String REGISTRATION_ID_URI_VARIABLE_NAME = "registrationId";
    private static final char PATH_DELIMITER = '/';
    private final ClientRegistrationRepository clientRegistrationRepository;
    private AntPathRequestMatcher authorizationRequestMatcher;
    private String baseUrl;
    final String AuthorizationRequestBaseUri = "/oauth2/authorization";
    private final StringKeyGenerator stateGenerator = new Base64StringKeyGenerator(Base64.getUrlEncoder());
    private final StringKeyGenerator secureKeyGenerator = new Base64StringKeyGenerator(Base64.getUrlEncoder().withoutPadding(), 96);
    private Consumer<OAuth2AuthorizationRequest.Builder> authorizationRequestCustomizer = builder -> {
    };

    public CustomOAuth2AuthorizationRequestResolver(ClientRegistrationRepository clientRegistrationRepository) {
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        this.clientRegistrationRepository = clientRegistrationRepository;
        this.authorizationRequestMatcher = new AntPathRequestMatcher("/oauth2/authorization/{registrationId}");
    }

    public CustomOAuth2AuthorizationRequestResolver(ClientRegistrationRepository clientRegistrationRepository, String str) {
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        Assert.hasText(str, "authorizationRequestBaseUri cannot be empty");
        this.clientRegistrationRepository = clientRegistrationRepository;
        this.authorizationRequestMatcher = new AntPathRequestMatcher(str + "/{registrationId}");
    }

    public CustomOAuth2AuthorizationRequestResolver(ClientRegistrationRepository clientRegistrationRepository, String str, String str2) {
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        Assert.hasText(str, "authorizationRequestBaseUri cannot be empty");
        this.clientRegistrationRepository = clientRegistrationRepository;
        this.authorizationRequestMatcher = new AntPathRequestMatcher(str + "/{registrationId}");
        this.baseUrl = str2;
    }

    public OAuth2AuthorizationRequest resolve(HttpServletRequest httpServletRequest) {
        return resolve(httpServletRequest, resolveRegistrationId(httpServletRequest), getAction(httpServletRequest, "login"));
    }

    public OAuth2AuthorizationRequest resolve(HttpServletRequest httpServletRequest, String str) {
        if (str == null) {
            return null;
        }
        return resolve(httpServletRequest, str, getAction(httpServletRequest, "authorize"));
    }

    public void setAuthorizationRequestCustomizer(Consumer<OAuth2AuthorizationRequest.Builder> consumer) {
        Assert.notNull(consumer, "authorizationRequestCustomizer cannot be null");
        this.authorizationRequestCustomizer = consumer;
    }

    private String getAction(HttpServletRequest httpServletRequest, String str) {
        String parameter = httpServletRequest.getParameter("action");
        return parameter == null ? str : parameter;
    }

    private OAuth2AuthorizationRequest resolve(HttpServletRequest httpServletRequest, String str, String str2) {
        OAuth2AuthorizationRequest.Builder implicit;
        if (str == null) {
            return null;
        }
        ClientRegistration findByRegistrationId = this.clientRegistrationRepository.findByRegistrationId(str);
        if (findByRegistrationId == null) {
            throw new IllegalArgumentException("Invalid Client Registration with Id: " + str);
        }
        HashMap hashMap = new HashMap();
        hashMap.put("registration_id", findByRegistrationId.getRegistrationId());
        if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(findByRegistrationId.getAuthorizationGrantType())) {
            implicit = OAuth2AuthorizationRequest.authorizationCode();
            HashMap hashMap2 = new HashMap();
            if (!CollectionUtils.isEmpty(findByRegistrationId.getScopes()) && findByRegistrationId.getScopes().contains("openid")) {
                addNonceParameters(hashMap, hashMap2);
            }
            if (ClientAuthenticationMethod.NONE.equals(findByRegistrationId.getClientAuthenticationMethod())) {
                addPkceParameters(hashMap, hashMap2);
            }
            implicit.additionalParameters(hashMap2);
        } else {
            if (!AuthorizationGrantType.IMPLICIT.equals(findByRegistrationId.getAuthorizationGrantType())) {
                throw new IllegalArgumentException("Invalid Authorization Grant Type (" + findByRegistrationId.getAuthorizationGrantType().getValue() + ") for Client Registration with Id: " + findByRegistrationId.getRegistrationId());
            }
            implicit = OAuth2AuthorizationRequest.implicit();
        }
        implicit.clientId(findByRegistrationId.getClientId()).authorizationUri(findByRegistrationId.getProviderDetails().getAuthorizationUri()).redirectUri(expandRedirectUri(httpServletRequest, findByRegistrationId, str2)).scopes(findByRegistrationId.getScopes()).state(this.stateGenerator.generateKey()).attributes(hashMap);
        this.authorizationRequestCustomizer.accept(implicit);
        return implicit.build();
    }

    private String resolveRegistrationId(HttpServletRequest httpServletRequest) {
        if (this.authorizationRequestMatcher.matches(httpServletRequest)) {
            return (String) this.authorizationRequestMatcher.matcher(httpServletRequest).getVariables().get(REGISTRATION_ID_URI_VARIABLE_NAME);
        }
        return null;
    }

    private String expandRedirectUri(HttpServletRequest httpServletRequest, ClientRegistration clientRegistration, String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(REGISTRATION_ID_URI_VARIABLE_NAME, clientRegistration.getRegistrationId());
        UriComponents build = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(httpServletRequest)).replacePath(httpServletRequest.getContextPath()).replaceQuery((String) null).fragment((String) null).build();
        String scheme = build.getScheme();
        hashMap.put("baseScheme", scheme == null ? "" : scheme);
        String host = build.getHost();
        hashMap.put("baseHost", host == null ? "" : host);
        int port = build.getPort();
        hashMap.put("basePort", port == -1 ? "" : ":" + port);
        String path = build.getPath();
        if (StringUtils.hasLength(path) && path.charAt(0) != PATH_DELIMITER) {
            path = '/' + path;
        }
        hashMap.put("basePath", path == null ? "" : path);
        hashMap.put("baseUrl", StringUtils.isEmpty(this.baseUrl) ? build.toUriString() : this.baseUrl);
        hashMap.put("action", str == null ? "" : str);
        return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUriTemplate()).buildAndExpand(hashMap).toUriString();
    }

    private void addNonceParameters(Map<String, Object> map, Map<String, Object> map2) {
        try {
            String generateKey = this.secureKeyGenerator.generateKey();
            String createHash = createHash(generateKey);
            map.put("nonce", generateKey);
            map2.put("nonce", createHash);
        } catch (NoSuchAlgorithmException e) {
        }
    }

    private void addPkceParameters(Map<String, Object> map, Map<String, Object> map2) {
        String generateKey = this.secureKeyGenerator.generateKey();
        map.put("code_verifier", generateKey);
        try {
            map2.put("code_challenge", createHash(generateKey));
            map2.put("code_challenge_method", "S256");
        } catch (NoSuchAlgorithmException e) {
            map2.put("code_challenge", generateKey);
        }
    }

    private static String createHash(String str) throws NoSuchAlgorithmException {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(MessageDigest.getInstance("SHA-256").digest(str.getBytes(StandardCharsets.US_ASCII)));
    }
}
