package org.openvpms.web.security.oauth;

import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.openvpms.archetype.rules.practice.PracticeService;
import org.openvpms.component.business.service.archetype.IArchetypeService;
import org.openvpms.component.model.bean.IMObjectBean;
import org.openvpms.component.model.lookup.Lookup;
import org.openvpms.component.security.crypto.PasswordEncryptor;
import org.openvpms.component.service.archetype.ArchetypeService;
import org.openvpms.component.service.lookup.LookupService;
import org.springframework.security.config.oauth2.client.CommonOAuth2Provider;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.web.util.UriComponents;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:org/openvpms/web/security/oauth/ClientRegistrationRepositoryImpl.class */
public class ClientRegistrationRepositoryImpl implements ClientRegistrationRepository {
    private final PracticeService practiceService;
    private final PasswordEncryptor encryptor;
    private final ArchetypeService service;
    private final LookupService lookupService;
    private static final char PATH_DELIMITER = '/';

    public ClientRegistrationRepositoryImpl(PracticeService practiceService, PasswordEncryptor passwordEncryptor, IArchetypeService iArchetypeService, LookupService lookupService) {
        this.practiceService = practiceService;
        this.encryptor = passwordEncryptor;
        this.service = iArchetypeService;
        this.lookupService = lookupService;
    }

    public ClientRegistration findByRegistrationId(String str) {
        ClientRegistration clientRegistration = null;
        Lookup lookup = this.lookupService.getLookup("lookup.oauth2ClientRegistration", str);
        if (lookup != null) {
            if ("gmail".equals(str)) {
                clientRegistration = createGmailRegistration(lookup);
            } else if ("outlook".equals(str)) {
                clientRegistration = createOutlookRegistration(lookup);
            }
        }
        return clientRegistration;
    }

    public String getRedirectURI(String str, HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        hashMap.put("registrationId", str);
        UriComponents build = UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(httpServletRequest)).replacePath(httpServletRequest.getContextPath()).replaceQuery((String) null).fragment((String) null).build();
        String scheme = build.getScheme();
        hashMap.put("baseScheme", scheme != null ? scheme : "");
        String host = build.getHost();
        hashMap.put("baseHost", host != null ? host : "");
        int port = build.getPort();
        hashMap.put("basePort", port == -1 ? "" : ":" + port);
        String path = build.getPath();
        if (!StringUtils.isEmpty(path) && path.charAt(0) != PATH_DELIMITER) {
            path = '/' + path;
        }
        hashMap.put("basePath", path != null ? path : "");
        hashMap.put("baseUrl", build.toUriString());
        return UriComponentsBuilder.fromUriString(getRedirectURITemplate()).buildAndExpand(hashMap).toUriString();
    }

    private String getRedirectURITemplate() {
        String baseURL = this.practiceService.getBaseURL();
        StringBuilder sb = new StringBuilder();
        if (StringUtils.isEmpty(baseURL)) {
            sb.append("{baseScheme}://{baseHost}{basePort}{basePath}/");
        } else {
            sb.append(baseURL);
            if (!baseURL.endsWith("/")) {
                sb.append('/');
            }
        }
        sb.append("oauth2/code/{registrationId}");
        return sb.toString();
    }

    private ClientRegistration createGmailRegistration(Lookup lookup) {
        return populate(CommonOAuth2Provider.GOOGLE.getBuilder("gmail"), this.service.getBean(lookup)).authorizationUri("https://accounts.google.com/o/oauth2/v2/auth?access_type=offline").scope(new String[]{"openid", "profile", "email", "https://mail.google.com/"}).build();
    }

    private ClientRegistration createOutlookRegistration(Lookup lookup) {
        IMObjectBean bean = this.service.getBean(lookup);
        String string = bean.getString("tenantId");
        return populate(ClientRegistration.withRegistrationId("outlook"), bean).clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).authorizationUri("https://login.microsoftonline.com/" + string + "/oauth2/v2.0/authorize?prompt=consent").tokenUri("https://login.microsoftonline.com/" + string + "/oauth2/v2.0/token").jwkSetUri("https://login.microsoftonline.com/" + string + "/discovery/v2.0/keys").userInfoUri("https://graph.microsoft.com/oidc/userinfo").userNameAttributeName("sub").scope(new String[]{"openid", "offline_access", "email", "profile", "https://outlook.office.com/IMAP.AccessAsUser.All", "https://outlook.office.com/SMTP.Send"}).build();
    }

    private ClientRegistration.Builder populate(ClientRegistration.Builder builder, IMObjectBean iMObjectBean) {
        String string = iMObjectBean.getString("clientSecret");
        return builder.clientId(iMObjectBean.getString("clientId")).clientSecret(string != null ? this.encryptor.decrypt(string) : null).redirectUri(getRedirectURITemplate());
    }
}
