package org.alfresco.hxi_connector.live_ingester.adapters.config.auth;

import java.time.Instant;
import java.util.Set;
import org.alfresco.hxi_connector.live_ingester.adapters.auth.AuthenticationClient;
import org.alfresco.hxi_connector.live_ingester.adapters.auth.AuthenticationResult;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesMapper;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
import org.springframework.security.oauth2.core.user.OAuth2User;

/* loaded from: input_file:BOOT-INF/classes/org/alfresco/hxi_connector/live_ingester/adapters/config/auth/HxOAuth2AuthenticationProvider.class */
public class HxOAuth2AuthenticationProvider implements AuthenticationProvider {
    private final OAuth2ClientProperties oAuth2ClientProperties;
    private final AuthenticationClient hxAuthenticationClient;

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        OAuth2AuthenticationToken oAuth2AuthenticationToken = (OAuth2AuthenticationToken) authentication;
        String authorizedClientRegistrationId = oAuth2AuthenticationToken.getAuthorizedClientRegistrationId();
        ClientRegistration clientRegistration = new OAuth2ClientPropertiesMapper(this.oAuth2ClientProperties).asClientRegistrations().get(authorizedClientRegistrationId);
        String tokenUri = this.oAuth2ClientProperties.getProvider().get(authorizedClientRegistrationId).getTokenUri();
        AuthenticationResult authenticate = this.hxAuthenticationClient.authenticate(tokenUri, clientRegistration);
        OAuth2AuthorizationExchange oAuth2AuthorizationExchange = new OAuth2AuthorizationExchange(OAuth2AuthorizationRequest.authorizationCode().authorizationUri(tokenUri).clientId(clientRegistration.getClientId()).build(), OAuth2AuthorizationResponse.success(String.valueOf(authenticate.statusCode())).redirectUri(tokenUri).build());
        OAuth2User principal = oAuth2AuthenticationToken.getPrincipal();
        return new OAuth2LoginAuthenticationToken(clientRegistration, oAuth2AuthorizationExchange, principal, principal.getAuthorities(), new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, authenticate.accessToken(), Instant.now(), Instant.now().plus(authenticate.expiresIn(), authenticate.temporalUnit()), Set.of(authenticate.scope())));
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return OAuth2AuthenticationToken.class.isAssignableFrom(cls);
    }

    public HxOAuth2AuthenticationProvider(OAuth2ClientProperties oAuth2ClientProperties, AuthenticationClient authenticationClient) {
        this.oAuth2ClientProperties = oAuth2ClientProperties;
        this.hxAuthenticationClient = authenticationClient;
    }
}
