package io.gravitee.am.identityprovider.azure.authentication;

import com.nimbusds.jwt.proc.JWTProcessor;
import io.gravitee.am.common.jwt.SignatureAlgorithm;
import io.gravitee.am.common.oidc.Scope;
import io.gravitee.am.identityprovider.api.IdentityProviderMapper;
import io.gravitee.am.identityprovider.api.IdentityProviderRoleMapper;
import io.gravitee.am.identityprovider.api.oidc.OpenIDConnectIdentityProviderConfiguration;
import io.gravitee.am.identityprovider.azure.AzureADIdentityProviderConfiguration;
import io.gravitee.am.identityprovider.azure.authentication.spring.AzureADAuthenticationProviderConfiguration;
import io.gravitee.am.identityprovider.common.oauth2.authentication.AbstractOpenIDConnectAuthenticationProvider;
import io.gravitee.am.identityprovider.common.oauth2.jwt.jwks.remote.RemoteJWKSourceResolver;
import io.gravitee.am.identityprovider.common.oauth2.jwt.processor.JWKSKeyProcessor;
import io.vertx.reactivex.ext.web.client.WebClient;
import java.util.HashSet;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Import;

@Import({AzureADAuthenticationProviderConfiguration.class})
/* loaded from: input_file:io/gravitee/am/identityprovider/azure/authentication/AzureADAuthenticationProvider.class */
public class AzureADAuthenticationProvider extends AbstractOpenIDConnectAuthenticationProvider {

    @Autowired
    @Qualifier("azureAdWebClient")
    private WebClient client;

    @Autowired
    private IdentityProviderMapper mapper;

    @Autowired
    private IdentityProviderRoleMapper roleMapper;

    @Autowired
    private AzureADIdentityProviderConfiguration configuration;

    /* renamed from: getConfiguration, reason: merged with bridge method [inline-methods] */
    public OpenIDConnectIdentityProviderConfiguration m0getConfiguration() {
        return this.configuration;
    }

    protected WebClient getClient() {
        return this.client;
    }

    public void setJwtProcessor(JWTProcessor jWTProcessor) {
        this.jwtProcessor = jWTProcessor;
    }

    protected IdentityProviderMapper getIdentityProviderMapper() {
        return this.mapper;
    }

    protected IdentityProviderRoleMapper getIdentityProviderRoleMapper() {
        return this.roleMapper;
    }

    private void forceOpenIdScope() {
        if (this.configuration.getScopes() == null) {
            this.configuration.setScopes(new HashSet());
        }
        this.configuration.getScopes().add(Scope.OPENID.getKey());
        this.configuration.getScopes().add(Scope.PROFILE.getKey());
        this.configuration.getScopes().add(Scope.EMAIL.getKey());
    }

    public void afterPropertiesSet() throws Exception {
        AzureADIdentityProviderConfiguration azureADIdentityProviderConfiguration = this.configuration;
        if (AzureADIdentityProviderConfiguration.CODE_PARAMETER.equals(azureADIdentityProviderConfiguration.getResponseType()) && (azureADIdentityProviderConfiguration.getClientSecret() == null || azureADIdentityProviderConfiguration.getClientSecret().isEmpty())) {
            throw new IllegalArgumentException("A client_secret must be supplied in order to use the Authorization Code flow");
        }
        forceOpenIdScope();
        generateJWTProcessor();
    }

    private void generateJWTProcessor() {
        SignatureAlgorithm signatureAlgorithm = SignatureAlgorithm.RS256;
        JWKSKeyProcessor jWKSKeyProcessor = new JWKSKeyProcessor();
        jWKSKeyProcessor.setJwkSourceResolver(new RemoteJWKSourceResolver(this.configuration.getResolverParameter()));
        this.jwtProcessor = jWKSKeyProcessor.create(signatureAlgorithm);
    }
}
