package org.marmotgraph.commons;

import jakarta.servlet.http.HttpServletRequest;
import java.util.Map;
import org.marmotgraph.commons.controller.CoreController;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.core.env.ConfigurableEnvironment;
import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.web.reactive.function.client.ClientRequest;
import org.springframework.web.reactive.function.client.ExchangeStrategies;
import org.springframework.web.reactive.function.client.WebClient;

@Configuration
/* loaded from: input_file:org/marmotgraph/commons/OauthClient.class */
public class OauthClient {
    private static final String AUTHORIZATION = "Authorization";
    private static final String USER_AUTHORIZATION = "User-Authorization";
    private final ExchangeStrategies exchangeStrategies = ExchangeStrategies.builder().codecs(clientCodecConfigurer -> {
        clientCodecConfigurer.defaultCodecs().maxInMemorySize(1024000000);
    }).build();
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @Bean
    ClientRegistrationRepository clientRegistrationRepository(CoreController coreController, CommonConfig commonConfig) {
        Map<String, Object> authenticationInformation = coreController.getAuthenticationInformation();
        return new InMemoryClientRegistrationRepository(new ClientRegistration[]{ClientRegistration.withRegistrationId("marmotgraph").authorizationUri(authenticationInformation.get("authorization_endpoint").toString()).tokenUri(authenticationInformation.get("token_endpoint").toString()).issuerUri(authenticationInformation.get("issuer").toString()).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).clientId(commonConfig.getClientId()).clientSecret(commonConfig.getClientSecret()).build()});
    }

    @Bean
    @Primary
    @Qualifier("dualAuth")
    WebClient dualAuthWebClient(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientService oAuth2AuthorizedClientService, HttpServletRequest httpServletRequest, ConfigurableEnvironment configurableEnvironment) {
        ServletOAuth2AuthorizedClientExchangeFilterFunction servletOAuth2AuthorizedClientExchangeFilterFunction = new ServletOAuth2AuthorizedClientExchangeFilterFunction(new AuthorizedClientServiceOAuth2AuthorizedClientManager(clientRegistrationRepository, oAuth2AuthorizedClientService));
        servletOAuth2AuthorizedClientExchangeFilterFunction.setAuthorizationFailureHandler(new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler((str, authentication, map) -> {
            this.logger.info("Resource server authorization failure for clientRegistrationId={}", str);
            oAuth2AuthorizedClientService.removeAuthorizedClient(str, authentication.getName());
        }));
        servletOAuth2AuthorizedClientExchangeFilterFunction.setDefaultClientRegistrationId("marmotgraph");
        return WebClient.builder().exchangeStrategies(this.exchangeStrategies).apply(servletOAuth2AuthorizedClientExchangeFilterFunction.oauth2Configuration()).filter((clientRequest, exchangeFunction) -> {
            return exchangeFunction.exchange(ClientRequest.from(clientRequest).headers(httpHeaders -> {
                httpHeaders.put("Client-Authorization", httpHeaders.get(AUTHORIZATION));
                httpHeaders.put(AUTHORIZATION, httpHeaders.get(USER_AUTHORIZATION));
                httpHeaders.remove(USER_AUTHORIZATION);
            }).build());
        }).defaultRequest(requestHeadersSpec -> {
            requestHeadersSpec.header(USER_AUTHORIZATION, new String[]{httpServletRequest.getHeader(AUTHORIZATION)});
        }).build();
    }

    @Bean
    @Qualifier("singleAuth")
    WebClient singleAuth(HttpServletRequest httpServletRequest) {
        return WebClient.builder().exchangeStrategies(this.exchangeStrategies).defaultRequest(requestHeadersSpec -> {
            requestHeadersSpec.header(AUTHORIZATION, new String[]{httpServletRequest.getHeader(AUTHORIZATION)});
        }).build();
    }
}
