package dev.hilla.sso.starter;

import com.vaadin.sso.starter.SingleSignOnProperties;
import dev.hilla.sso.starter.BackChannelLogoutSubscription;
import jakarta.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.util.UriComponentsBuilder;
import reactor.core.publisher.Flux;

@Component
/* loaded from: input_file:dev/hilla/sso/starter/SingleSignOnContext.class */
public class SingleSignOnContext {
    private static final String ROLE_PREFIX = "ROLE_";
    private static final int ROLE_PREFIX_LENGTH = ROLE_PREFIX.length();
    private final ClientRegistrationRepository clientRegistrationRepository;
    private final SingleSignOnProperties properties;
    private final BackChannelLogoutSubscription backChannelLogoutSubscription;

    public SingleSignOnContext(ClientRegistrationRepository clientRegistrationRepository, SingleSignOnProperties singleSignOnProperties, BackChannelLogoutSubscription backChannelLogoutSubscription) {
        Objects.requireNonNull(clientRegistrationRepository);
        Objects.requireNonNull(singleSignOnProperties);
        Objects.requireNonNull(backChannelLogoutSubscription);
        this.clientRegistrationRepository = clientRegistrationRepository;
        this.properties = singleSignOnProperties;
        this.backChannelLogoutSubscription = backChannelLogoutSubscription;
    }

    public static Optional<OidcUser> getOidcUser() {
        Optional map = Optional.of(SecurityContextHolder.getContext()).map((v0) -> {
            return v0.getAuthentication();
        }).map((v0) -> {
            return v0.getPrincipal();
        });
        Class<OidcUser> cls = OidcUser.class;
        Objects.requireNonNull(OidcUser.class);
        Optional filter = map.filter(cls::isInstance);
        Class<OidcUser> cls2 = OidcUser.class;
        Objects.requireNonNull(OidcUser.class);
        return filter.map(cls2::cast);
    }

    static Optional<HttpServletRequest> getCurrentHttpRequest() {
        Optional ofNullable = Optional.ofNullable(RequestContextHolder.getRequestAttributes());
        Class<ServletRequestAttributes> cls = ServletRequestAttributes.class;
        Objects.requireNonNull(ServletRequestAttributes.class);
        Optional filter = ofNullable.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<ServletRequestAttributes> cls2 = ServletRequestAttributes.class;
        Objects.requireNonNull(ServletRequestAttributes.class);
        return filter.map((v1) -> {
            return r1.cast(v1);
        }).map((v0) -> {
            return v0.getRequest();
        });
    }

    public List<String> getRegisteredProviders() {
        Optional of = Optional.of(this.clientRegistrationRepository);
        Class<InMemoryClientRegistrationRepository> cls = InMemoryClientRegistrationRepository.class;
        Objects.requireNonNull(InMemoryClientRegistrationRepository.class);
        Optional filter = of.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<InMemoryClientRegistrationRepository> cls2 = InMemoryClientRegistrationRepository.class;
        Objects.requireNonNull(InMemoryClientRegistrationRepository.class);
        return (List) filter.map((v1) -> {
            return r1.cast(v1);
        }).map(inMemoryClientRegistrationRepository -> {
            ArrayList arrayList = new ArrayList();
            inMemoryClientRegistrationRepository.iterator().forEachRemaining(clientRegistration -> {
                arrayList.add(clientRegistration.getRegistrationId());
            });
            return arrayList;
        }).orElse(List.of());
    }

    public boolean isBackChannelLogoutEnabled() {
        return this.properties.isBackChannelLogout();
    }

    public Optional<String> getLogoutUrl() {
        Optional map = Optional.of(SecurityContextHolder.getContext()).map((v0) -> {
            return v0.getAuthentication();
        });
        Class<OAuth2AuthenticationToken> cls = OAuth2AuthenticationToken.class;
        Objects.requireNonNull(OAuth2AuthenticationToken.class);
        Optional filter = map.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<OAuth2AuthenticationToken> cls2 = OAuth2AuthenticationToken.class;
        Objects.requireNonNull(OAuth2AuthenticationToken.class);
        return filter.map((v1) -> {
            return r1.cast(v1);
        }).map(oAuth2AuthenticationToken -> {
            return buildLogoutUrl(oAuth2AuthenticationToken);
        });
    }

    private String buildLogoutUrl(OAuth2AuthenticationToken oAuth2AuthenticationToken) {
        return UriComponentsBuilder.fromUriString(this.clientRegistrationRepository.findByRegistrationId(oAuth2AuthenticationToken.getAuthorizedClientRegistrationId()).getProviderDetails().getConfigurationMetadata().get("end_session_endpoint").toString()).queryParam("id_token_hint", new Object[]{oAuth2AuthenticationToken.getPrincipal().getIdToken().getTokenValue()}).queryParam("post_logout_redirect_uri", new Object[]{getPostLogoutRedirectUri()}).toUriString();
    }

    private String getPostLogoutRedirectUri() {
        String logoutRedirectRoute = this.properties.getLogoutRedirectRoute();
        return logoutRedirectRoute.contains("{baseUrl}") ? (String) getCurrentHttpRequest().map(httpServletRequest -> {
            return UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(httpServletRequest)).replacePath(httpServletRequest.getContextPath()).replaceQuery((String) null).fragment((String) null).build().toUriString();
        }).map(str -> {
            return logoutRedirectRoute.replace("{baseUrl}", str);
        }).orElse(logoutRedirectRoute) : logoutRedirectRoute;
    }

    public Flux<BackChannelLogoutSubscription.Message> getBackChannelLogoutFlux() {
        return this.backChannelLogoutSubscription.getFluxForUser(SecurityContextHolder.getContext().getAuthentication().getPrincipal());
    }

    public SingleSignOnData getSingleSignOnData() {
        SingleSignOnData singleSignOnData = new SingleSignOnData();
        singleSignOnData.setLoginUrl(this.properties.getLoginRoute());
        singleSignOnData.setRegisteredProviders(getRegisteredProviders());
        getOidcUser().ifPresent(oidcUser -> {
            singleSignOnData.setAuthenticated(true);
            singleSignOnData.setRoles(userRoles(oidcUser));
            singleSignOnData.setLogoutUrl(getLogoutUrl().orElseThrow());
            singleSignOnData.setBackChannelLogoutEnabled(isBackChannelLogoutEnabled());
        });
        return singleSignOnData;
    }

    public static List<String> userRoles(OidcUser oidcUser) {
        return oidcUser.getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).filter(str -> {
            return str.startsWith(ROLE_PREFIX);
        }).map(str2 -> {
            return str2.substring(ROLE_PREFIX_LENGTH);
        }).toList();
    }
}
