package org.molgenis.security.oidc;

import com.google.common.collect.Streams;
import java.util.Objects;
import javax.annotation.Nullable;
import org.molgenis.security.core.runas.RunAsSystemAspect;
import org.molgenis.security.oidc.model.OidcClient;
import org.molgenis.security.settings.AuthenticationSettings;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;

/* loaded from: input_file:org/molgenis/security/oidc/DataServiceClientRegistrationRepository.class */
public class DataServiceClientRegistrationRepository implements ClientRegistrationRepository {
    private static final String DEFAULT_REDIRECT_URI_TEMPLATE = "{baseUrl}/login/oauth2/code/{registrationId}";
    private final AuthenticationSettings authenticationSettings;

    public DataServiceClientRegistrationRepository(AuthenticationSettings authenticationSettings) {
        this.authenticationSettings = (AuthenticationSettings) Objects.requireNonNull(authenticationSettings);
    }

    public ClientRegistration findByRegistrationId(String str) {
        return (ClientRegistration) RunAsSystemAspect.runAsSystem(() -> {
            OidcClient findOidcClient = findOidcClient(str);
            if (findOidcClient != null) {
                return toClientRegistration(findOidcClient);
            }
            return null;
        });
    }

    @Nullable
    private OidcClient findOidcClient(String str) {
        return (OidcClient) Streams.stream(this.authenticationSettings.getOidcClients()).filter(oidcClient -> {
            return oidcClient.getRegistrationId().equals(str);
        }).findFirst().orElse(null);
    }

    private ClientRegistration toClientRegistration(OidcClient oidcClient) {
        return ClientRegistration.withRegistrationId(oidcClient.getRegistrationId()).authorizationGrantType(toAuthorizationGrantType(oidcClient)).authorizationUri(oidcClient.getAuthorizationUri()).clientAuthenticationMethod(toClientAuthenticationMethod(oidcClient)).clientId(oidcClient.getClientId()).clientName(oidcClient.getClientName()).clientSecret(oidcClient.getClientSecret()).jwkSetUri(oidcClient.getJwkSetUri()).redirectUriTemplate(DEFAULT_REDIRECT_URI_TEMPLATE).scope(oidcClient.getScopes()).tokenUri(oidcClient.getTokenUri()).userInfoUri(oidcClient.getUserInfoUri()).userNameAttributeName(oidcClient.getUsernameAttributeName()).build();
    }

    private ClientAuthenticationMethod toClientAuthenticationMethod(OidcClient oidcClient) {
        ClientAuthenticationMethod clientAuthenticationMethod;
        String clientAuthenticationMethod2 = oidcClient.getClientAuthenticationMethod();
        boolean z = -1;
        switch (clientAuthenticationMethod2.hashCode()) {
            case 3446944:
                if (clientAuthenticationMethod2.equals("post")) {
                    z = true;
                    break;
                }
                break;
            case 93508654:
                if (clientAuthenticationMethod2.equals("basic")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                clientAuthenticationMethod = ClientAuthenticationMethod.BASIC;
                break;
            case true:
                clientAuthenticationMethod = ClientAuthenticationMethod.POST;
                break;
            default:
                clientAuthenticationMethod = new ClientAuthenticationMethod(clientAuthenticationMethod2);
                break;
        }
        return clientAuthenticationMethod;
    }

    private AuthorizationGrantType toAuthorizationGrantType(OidcClient oidcClient) {
        AuthorizationGrantType authorizationGrantType;
        String authorizationGrantType2 = oidcClient.getAuthorizationGrantType();
        boolean z = -1;
        switch (authorizationGrantType2.hashCode()) {
            case -425423387:
                if (authorizationGrantType2.equals("implicit")) {
                    z = true;
                    break;
                }
                break;
            case 1571154419:
                if (authorizationGrantType2.equals("authorization_code")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                authorizationGrantType = AuthorizationGrantType.AUTHORIZATION_CODE;
                break;
            case true:
                authorizationGrantType = AuthorizationGrantType.IMPLICIT;
                break;
            default:
                authorizationGrantType = new AuthorizationGrantType(authorizationGrantType2);
                break;
        }
        return authorizationGrantType;
    }
}
