package com.microsoft.azure.spring.autoconfigure.aad;

import com.microsoft.aad.msal4j.MsalServiceException;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.Optional;
import javax.naming.ServiceUnavailableException;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;

/* loaded from: input_file:com/microsoft/azure/spring/autoconfigure/aad/AADOAuth2UserService.class */
public class AADOAuth2UserService implements OAuth2UserService<OidcUserRequest, OidcUser> {
    private static final String CONDITIONAL_ACCESS_POLICY = "conditional_access_policy";
    private static final String INVALID_REQUEST = "invalid_request";
    private static final String SERVER_ERROR = "server_error";
    private static final String DEFAULT_USERNAME_ATTR_NAME = "name";
    private AADAuthenticationProperties aadAuthProps;
    private ServiceEndpointsProperties serviceEndpointsProps;
    private OidcUserService oidcUserService = new OidcUserService();

    public AADOAuth2UserService(AADAuthenticationProperties aADAuthenticationProperties, ServiceEndpointsProperties serviceEndpointsProperties) {
        this.aadAuthProps = aADAuthenticationProperties;
        this.serviceEndpointsProps = serviceEndpointsProperties;
    }

    public OidcUser loadUser(OidcUserRequest oidcUserRequest) throws OAuth2AuthenticationException {
        OidcUser loadUser = this.oidcUserService.loadUser(oidcUserRequest);
        try {
            ClientRegistration clientRegistration = oidcUserRequest.getClientRegistration();
            AzureADGraphClient azureADGraphClient = new AzureADGraphClient(clientRegistration.getClientId(), clientRegistration.getClientSecret(), this.aadAuthProps, this.serviceEndpointsProps);
            return new DefaultOidcUser(azureADGraphClient.getGrantedAuthorities(azureADGraphClient.acquireTokenForGraphApi(oidcUserRequest.getIdToken().getTokenValue(), this.aadAuthProps.getTenantId()).accessToken()), loadUser.getIdToken(), (String) Optional.of(oidcUserRequest).map((v0) -> {
                return v0.getClientRegistration();
            }).map((v0) -> {
                return v0.getProviderDetails();
            }).map((v0) -> {
                return v0.getUserInfoEndpoint();
            }).map((v0) -> {
                return v0.getUserNameAttributeName();
            }).filter(str -> {
                return !str.isEmpty();
            }).orElse(DEFAULT_USERNAME_ATTR_NAME));
        } catch (MsalServiceException e) {
            if (e.claims() == null || e.claims().isEmpty()) {
                throw e;
            }
            throw wrapException("conditional_access_policy", "Handle conditional access policy", null, e);
        } catch (ServiceUnavailableException e2) {
            throw wrapException(SERVER_ERROR, "Failed to acquire token for Graph API.", null, e2);
        } catch (MalformedURLException e3) {
            throw wrapException(INVALID_REQUEST, "Failed to acquire token for Graph API.", null, e3);
        } catch (IOException e4) {
            throw wrapException(SERVER_ERROR, "Failed to map group to authorities.", null, e4);
        }
    }

    private OAuth2AuthenticationException wrapException(String str, String str2, String str3, Exception exc) {
        throw new OAuth2AuthenticationException(new OAuth2Error(str, str2, str3), exc);
    }
}
