package org.apache.geode.tools.pulse.internal.security;

import java.util.Collections;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.context.annotation.PropertySource;
import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.oidc.web.logout.OidcClientInitiatedLogoutSuccessHandler;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.AuthenticatedPrincipalOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.oidc.OidcScopes;

@Profile({"pulse.authentication.oauth"})
@Configuration
@PropertySource({"classpath:pulse.properties"})
/* loaded from: input_file:WEB-INF/classes/org/apache/geode/tools/pulse/internal/security/OAuthClientConfig.class */
public class OAuthClientConfig {

    @Value("${pulse.oauth.providerId}")
    private String providerId;

    @Value("${pulse.oauth.providerName}")
    private String providerName;

    @Value("${pulse.oauth.clientId}")
    private String clientId;

    @Value("${pulse.oauth.clientSecret}")
    private String clientSecret;

    @Value("${pulse.oauth.authorizationUri}")
    private String authorizationUri;

    @Value("${pulse.oauth.tokenUri}")
    private String tokenUri;

    @Value("${pulse.oauth.userInfoUri}")
    private String userInfoUri;

    @Value("${pulse.oauth.jwkSetUri}")
    private String jwkSetUri;

    @Value("${pulse.oauth.endSessionEndpoint}")
    private String endSessionEndpoint;

    @Value("${pulse.oauth.userNameAttributeName}")
    private String userNameAttributeName;

    @Bean
    ClientRegistration clientRegistration() {
        return ClientRegistration.withRegistrationId(this.providerId).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).redirectUriTemplate("{baseUrl}/login/oauth2/code/{registrationId}").clientId(this.clientId).clientSecret(this.clientSecret).scope(OidcScopes.OPENID, "CLUSTER:READ", "CLUSTER:WRITE", "DATA:READ", "DATA:WRITE").authorizationUri(this.authorizationUri).tokenUri(this.tokenUri).userInfoUri(this.userInfoUri).jwkSetUri(this.jwkSetUri).providerConfigurationMetadata(Collections.singletonMap("end_session_endpoint", this.endSessionEndpoint)).clientName(this.providerName).userNameAttributeName(this.userNameAttributeName).build();
    }

    @Bean
    public ClientRegistrationRepository clientRegistrationRepository(ClientRegistration clientRegistration) {
        return new InMemoryClientRegistrationRepository(clientRegistration);
    }

    @Bean
    public OAuth2AuthorizedClientService authorizedClientService(ClientRegistrationRepository clientRegistrationRepository) {
        return new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository);
    }

    @Bean
    public OAuth2AuthorizedClientRepository authorizedClientRepository(OAuth2AuthorizedClientService oAuth2AuthorizedClientService) {
        return new AuthenticatedPrincipalOAuth2AuthorizedClientRepository(oAuth2AuthorizedClientService);
    }

    @Bean
    public OidcClientInitiatedLogoutSuccessHandler oidcLogoutHandler(ClientRegistrationRepository clientRegistrationRepository) {
        return new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
    }
}
