package nl.nlportal.haalcentraal.client.tokenexchange;

import com.fasterxml.jackson.annotation.JsonProperty;
import com.fasterxml.jackson.annotation.JsonValue;
import java.net.URI;
import java.util.Collection;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.text.StringsKt;
import mu.KLogger;
import mu.KotlinLogging;
import nl.nlportal.haalcentraal.client.HaalCentraalClientProvider;
import nl.nlportal.haalcentraal.client.tokenexchange.KeyCloakUserTokenExchangeFilter;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.http.HttpHeaders;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.reactive.function.BodyInserters;
import org.springframework.web.reactive.function.client.ClientRequest;
import org.springframework.web.reactive.function.client.ClientResponse;
import org.springframework.web.reactive.function.client.ExchangeFunction;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;

/* compiled from: KeyCloakUserTokenExchangeFilter.kt */
@Metadata(mv = {2, 1, 0}, k = 1, xi = 82, d1 = {"��<\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0004\u0018�� \u00152\u00020\u0001:\u0002\u0014\u0015B\u0017\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005¢\u0006\u0004\b\u0006\u0010\u0007J\u001e\u0010\b\u001a\b\u0012\u0004\u0012\u00020\n0\t2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\r\u001a\u00020\u000eH\u0016J\u0012\u0010\u000f\u001a\u0004\u0018\u00010\u00102\u0006\u0010\u000b\u001a\u00020\fH\u0002J\u0016\u0010\u0011\u001a\b\u0012\u0004\u0012\u00020\u00120\t2\u0006\u0010\u0013\u001a\u00020\u0010H\u0002R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0016"}, d2 = {"Lnl/nlportal/haalcentraal/client/tokenexchange/KeyCloakUserTokenExchangeFilter;", "Lnl/nlportal/haalcentraal/client/tokenexchange/UserTokenExchangeFilter;", "webClient", "Lorg/springframework/web/reactive/function/client/WebClient;", "targetAudience", "", "<init>", "(Lorg/springframework/web/reactive/function/client/WebClient;Ljava/lang/String;)V", "filter", "Lreactor/core/publisher/Mono;", "Lorg/springframework/web/reactive/function/client/ClientResponse;", "request", "Lorg/springframework/web/reactive/function/client/ClientRequest;", "next", "Lorg/springframework/web/reactive/function/client/ExchangeFunction;", "getJwtAuthentication", "Lorg/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationToken;", "exchangeToken", "Lnl/nlportal/haalcentraal/client/tokenexchange/KeyCloakUserTokenExchangeFilter$TokenResponse;", "authentication", "TokenResponse", "Companion", "haalcentraal"})
@SourceDebugExtension({"SMAP\nKeyCloakUserTokenExchangeFilter.kt\nKotlin\n*S Kotlin\n*F\n+ 1 KeyCloakUserTokenExchangeFilter.kt\nnl/nlportal/haalcentraal/client/tokenexchange/KeyCloakUserTokenExchangeFilter\n+ 2 WebClientExtensions.kt\norg/springframework/web/reactive/function/client/WebClientExtensionsKt\n*L\n1#1,110:1\n120#2:111\n*S KotlinDebug\n*F\n+ 1 KeyCloakUserTokenExchangeFilter.kt\nnl/nlportal/haalcentraal/client/tokenexchange/KeyCloakUserTokenExchangeFilter\n*L\n98#1:111\n*E\n"})
/* loaded from: input_file:nl/nlportal/haalcentraal/client/tokenexchange/KeyCloakUserTokenExchangeFilter.class */
public final class KeyCloakUserTokenExchangeFilter implements UserTokenExchangeFilter {

    @NotNull
    private final WebClient webClient;

    @NotNull
    private final String targetAudience;

    @NotNull
    public static final Companion Companion = new Companion(null);

    @NotNull
    private static final KLogger logger = KotlinLogging.INSTANCE.logger(new Function0<Unit>() { // from class: nl.nlportal.haalcentraal.client.tokenexchange.KeyCloakUserTokenExchangeFilter$Companion$logger$1
        public final void invoke() {
        }

        /* renamed from: invoke, reason: collision with other method in class */
        public /* bridge */ /* synthetic */ Object m6invoke() {
            invoke();
            return Unit.INSTANCE;
        }
    });

    /* compiled from: KeyCloakUserTokenExchangeFilter.kt */
    @Metadata(mv = {2, 1, 0}, k = 1, xi = 82, d1 = {"��\u0012\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0003\n\u0002\u0018\u0002\n��\b\u0086\u0003\u0018��2\u00020\u0001B\t\b\u0002¢\u0006\u0004\b\u0002\u0010\u0003R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n��¨\u0006\u0006"}, d2 = {"Lnl/nlportal/haalcentraal/client/tokenexchange/KeyCloakUserTokenExchangeFilter$Companion;", "", "<init>", "()V", "logger", "Lmu/KLogger;", "haalcentraal"})
    /* loaded from: input_file:nl/nlportal/haalcentraal/client/tokenexchange/KeyCloakUserTokenExchangeFilter$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    /* compiled from: KeyCloakUserTokenExchangeFilter.kt */
    @Metadata(mv = {2, 1, 0}, k = 1, xi = 82, d1 = {"��\"\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0010\u000e\n\u0002\b\u0007\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\u0002\b\u0086\b\u0018��2\u00020\u0001B\u0011\u0012\b\b\u0001\u0010\u0002\u001a\u00020\u0003¢\u0006\u0004\b\u0004\u0010\u0005J\t\u0010\b\u001a\u00020\u0003HÆ\u0003J\u0013\u0010\t\u001a\u00020��2\b\b\u0003\u0010\u0002\u001a\u00020\u0003HÆ\u0001J\u0013\u0010\n\u001a\u00020\u000b2\b\u0010\f\u001a\u0004\u0018\u00010\u0001HÖ\u0003J\t\u0010\r\u001a\u00020\u000eHÖ\u0001J\t\u0010\u000f\u001a\u00020\u0003HÖ\u0001R\u0016\u0010\u0002\u001a\u00020\u00038\u0006X\u0087\u0004¢\u0006\b\n��\u001a\u0004\b\u0006\u0010\u0007¨\u0006\u0010"}, d2 = {"Lnl/nlportal/haalcentraal/client/tokenexchange/KeyCloakUserTokenExchangeFilter$TokenResponse;", "", "accessToken", "", "<init>", "(Ljava/lang/String;)V", "getAccessToken", "()Ljava/lang/String;", "component1", "copy", "equals", "", "other", "hashCode", "", "toString", "haalcentraal"})
    /* loaded from: input_file:nl/nlportal/haalcentraal/client/tokenexchange/KeyCloakUserTokenExchangeFilter$TokenResponse.class */
    public static final class TokenResponse {

        @JsonValue
        @NotNull
        private final String accessToken;

        public TokenResponse(@JsonProperty("access_token") @NotNull String str) {
            Intrinsics.checkNotNullParameter(str, "accessToken");
            this.accessToken = str;
        }

        @NotNull
        public final String getAccessToken() {
            return this.accessToken;
        }

        @NotNull
        public final String component1() {
            return this.accessToken;
        }

        @NotNull
        public final TokenResponse copy(@JsonProperty("access_token") @NotNull String str) {
            Intrinsics.checkNotNullParameter(str, "accessToken");
            return new TokenResponse(str);
        }

        public static /* synthetic */ TokenResponse copy$default(TokenResponse tokenResponse, String str, int i, Object obj) {
            if ((i & 1) != 0) {
                str = tokenResponse.accessToken;
            }
            return tokenResponse.copy(str);
        }

        @NotNull
        public String toString() {
            return "TokenResponse(accessToken=" + this.accessToken + ")";
        }

        public int hashCode() {
            return this.accessToken.hashCode();
        }

        public boolean equals(@Nullable Object obj) {
            if (this == obj) {
                return true;
            }
            return (obj instanceof TokenResponse) && Intrinsics.areEqual(this.accessToken, ((TokenResponse) obj).accessToken);
        }
    }

    public KeyCloakUserTokenExchangeFilter(@NotNull WebClient webClient, @NotNull String str) {
        Intrinsics.checkNotNullParameter(webClient, "webClient");
        Intrinsics.checkNotNullParameter(str, "targetAudience");
        this.webClient = webClient;
        this.targetAudience = str;
    }

    @NotNull
    public Mono<ClientResponse> filter(@NotNull final ClientRequest clientRequest, @NotNull final ExchangeFunction exchangeFunction) {
        Intrinsics.checkNotNullParameter(clientRequest, "request");
        Intrinsics.checkNotNullParameter(exchangeFunction, "next");
        Collection collection = (Collection) clientRequest.headers().get("Authorization");
        if (collection == null || collection.isEmpty()) {
            JwtAuthenticationToken jwtAuthentication = getJwtAuthentication(clientRequest);
            if (jwtAuthentication != null) {
                Mono<TokenResponse> exchangeToken = exchangeToken(jwtAuthentication);
                Function1<TokenResponse, Mono<? extends ClientResponse>> function1 = new Function1<TokenResponse, Mono<? extends ClientResponse>>() { // from class: nl.nlportal.haalcentraal.client.tokenexchange.KeyCloakUserTokenExchangeFilter$filter$1$1
                    /* JADX INFO: Access modifiers changed from: package-private */
                    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
                    {
                        super(1);
                    }

                    @Nullable
                    public final Mono<? extends ClientResponse> invoke(@Nullable KeyCloakUserTokenExchangeFilter.TokenResponse tokenResponse) {
                        KLogger kLogger;
                        KLogger kLogger2;
                        String accessToken = tokenResponse.getAccessToken();
                        if (accessToken == null) {
                            kLogger = KeyCloakUserTokenExchangeFilter.logger;
                            kLogger.error(new Function0<Object>() { // from class: nl.nlportal.haalcentraal.client.tokenexchange.KeyCloakUserTokenExchangeFilter$filter$1$1.2
                                @Nullable
                                public final Object invoke() {
                                    return "Token exchange failed: access token was null!";
                                }
                            });
                            return exchangeFunction.exchange(clientRequest);
                        }
                        kLogger2 = KeyCloakUserTokenExchangeFilter.logger;
                        kLogger2.debug(new Function0<Object>() { // from class: nl.nlportal.haalcentraal.client.tokenexchange.KeyCloakUserTokenExchangeFilter$filter$1$1.1
                            @Nullable
                            public final Object invoke() {
                                return "Setting accessToken from token exchange...";
                            }
                        });
                        ClientRequest build = ClientRequest.from(clientRequest).headers((v1) -> {
                            invoke$lambda$0(r1, v1);
                        }).build();
                        Intrinsics.checkNotNullExpressionValue(build, "build(...)");
                        return exchangeFunction.exchange(build);
                    }

                    private static final void invoke$lambda$0(String str, HttpHeaders httpHeaders) {
                        Intrinsics.checkNotNullParameter(str, "$accessToken");
                        httpHeaders.setBearerAuth(str);
                    }
                };
                Mono<ClientResponse> flatMap = exchangeToken.flatMap((v1) -> {
                    return filter$lambda$1$lambda$0(r1, v1);
                });
                Intrinsics.checkNotNullExpressionValue(flatMap, "flatMap(...)");
                return flatMap;
            }
        } else {
            logger.debug(new Function0<Object>() { // from class: nl.nlportal.haalcentraal.client.tokenexchange.KeyCloakUserTokenExchangeFilter$filter$2
                @Nullable
                public final Object invoke() {
                    return "Authorization was already set. Skipping user token exchange.";
                }
            });
        }
        Mono<ClientResponse> exchange = exchangeFunction.exchange(clientRequest);
        Intrinsics.checkNotNullExpressionValue(exchange, "exchange(...)");
        return exchange;
    }

    private final JwtAuthenticationToken getJwtAuthentication(ClientRequest clientRequest) {
        final Object orElse = clientRequest.attribute(HaalCentraalClientProvider.AUTHENTICATION_ATTRIBUTE_NAME).orElse(null);
        if (orElse instanceof JwtAuthenticationToken) {
            return (JwtAuthenticationToken) orElse;
        }
        if (orElse == null) {
            logger.debug(new Function0<Object>() { // from class: nl.nlportal.haalcentraal.client.tokenexchange.KeyCloakUserTokenExchangeFilter$getJwtAuthentication$1
                @Nullable
                public final Object invoke() {
                    return "Current authentication object was null!";
                }
            });
            return null;
        }
        logger.debug(new Function0<Object>() { // from class: nl.nlportal.haalcentraal.client.tokenexchange.KeyCloakUserTokenExchangeFilter$getJwtAuthentication$2
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Nullable
            public final Object invoke() {
                return "Current authentication object was not of type JwtAuthenticationToken: " + orElse.getClass().getName() + "!";
            }
        });
        return null;
    }

    private final Mono<TokenResponse> exchangeToken(final JwtAuthenticationToken jwtAuthenticationToken) {
        Jwt token = jwtAuthenticationToken.getToken();
        logger.debug(new Function0<Object>() { // from class: nl.nlportal.haalcentraal.client.tokenexchange.KeyCloakUserTokenExchangeFilter$exchangeToken$1
            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(0);
            }

            @Nullable
            public final Object invoke() {
                return "Exchanging token for " + jwtAuthenticationToken.getName();
            }
        });
        WebClient.RequestBodyUriSpec post = this.webClient.post();
        String url = token.getIssuer().toString();
        Intrinsics.checkNotNullExpressionValue(url, "toString(...)");
        WebClient.RequestBodySpec uri = post.uri(URI.create(StringsKt.trimEnd(url, new char[]{'/'}) + "/protocol/openid-connect/token"));
        MultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("client_id", token.getClaim("azp"));
        linkedMultiValueMap.add("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange");
        linkedMultiValueMap.add("subject_token", token.getTokenValue());
        linkedMultiValueMap.add("requested_token_type", "urn:ietf:params:oauth:token-type:access_token");
        linkedMultiValueMap.add("audience", this.targetAudience);
        WebClient.ResponseSpec retrieve = uri.body(BodyInserters.fromFormData(linkedMultiValueMap)).retrieve();
        Intrinsics.checkNotNullExpressionValue(retrieve, "retrieve(...)");
        Mono<TokenResponse> bodyToMono = retrieve.bodyToMono(new ParameterizedTypeReference<TokenResponse>() { // from class: nl.nlportal.haalcentraal.client.tokenexchange.KeyCloakUserTokenExchangeFilter$exchangeToken$$inlined$bodyToMono$1
        });
        Intrinsics.checkNotNullExpressionValue(bodyToMono, "bodyToMono(object : Para…zedTypeReference<T>() {})");
        return bodyToMono;
    }

    private static final Mono filter$lambda$1$lambda$0(Function1 function1, Object obj) {
        Intrinsics.checkNotNullParameter(function1, "$tmp0");
        return (Mono) function1.invoke(obj);
    }
}
