package org.thingsboard.server.service.security.auth.oauth2;

import com.fasterxml.jackson.core.JsonProcessingException;
import jakarta.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.boot.web.client.RestTemplateCustomizer;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.stereotype.Service;
import org.thingsboard.common.util.JacksonUtil;
import org.thingsboard.server.common.data.StringUtils;
import org.thingsboard.server.common.data.oauth2.OAuth2Client;
import org.thingsboard.server.common.data.oauth2.OAuth2CustomMapperConfig;
import org.thingsboard.server.dao.oauth2.OAuth2User;
import org.thingsboard.server.queue.util.TbCoreComponent;
import org.thingsboard.server.service.security.model.SecurityUser;

@TbCoreComponent
@Service("customOAuth2ClientMapper")
/* loaded from: input_file:org/thingsboard/server/service/security/auth/oauth2/CustomOAuth2ClientMapper.class */
public class CustomOAuth2ClientMapper extends AbstractOAuth2ClientMapper implements OAuth2ClientMapper {
    private static final Logger log = LoggerFactory.getLogger(CustomOAuth2ClientMapper.class);
    private static final String PROVIDER_ACCESS_TOKEN = "provider-access-token";
    private RestTemplateBuilder restTemplateBuilder = new RestTemplateBuilder(new RestTemplateCustomizer[0]);

    @Override // org.thingsboard.server.service.security.auth.oauth2.OAuth2ClientMapper
    public SecurityUser getOrCreateUserByClientPrincipal(HttpServletRequest httpServletRequest, OAuth2AuthenticationToken oAuth2AuthenticationToken, String str, OAuth2Client oAuth2Client) {
        return getOrCreateSecurityUserFromOAuth2User(getOAuth2User(oAuth2AuthenticationToken, str, oAuth2Client.getMapperConfig().getCustom()), oAuth2Client);
    }

    private synchronized OAuth2User getOAuth2User(OAuth2AuthenticationToken oAuth2AuthenticationToken, String str, OAuth2CustomMapperConfig oAuth2CustomMapperConfig) {
        if (!StringUtils.isEmpty(oAuth2CustomMapperConfig.getUsername()) && !StringUtils.isEmpty(oAuth2CustomMapperConfig.getPassword())) {
            this.restTemplateBuilder = this.restTemplateBuilder.basicAuthentication(oAuth2CustomMapperConfig.getUsername(), oAuth2CustomMapperConfig.getPassword());
        }
        if (oAuth2CustomMapperConfig.isSendToken() && !StringUtils.isEmpty(str)) {
            this.restTemplateBuilder = this.restTemplateBuilder.defaultHeader(PROVIDER_ACCESS_TOKEN, new String[]{str});
        }
        try {
            try {
                return (OAuth2User) this.restTemplateBuilder.build().postForEntity(oAuth2CustomMapperConfig.getUrl(), JacksonUtil.getObjectMapperWithJavaTimeModule().writeValueAsString(oAuth2AuthenticationToken.getPrincipal()), OAuth2User.class, new Object[0]).getBody();
            } catch (Exception e) {
                log.error("There was an error during connection to custom mapper endpoint", e);
                throw new RuntimeException("Unable to login. Please contact your Administrator!");
            }
        } catch (JsonProcessingException e2) {
            log.error("Can't convert principal to JSON string", e2);
            throw new RuntimeException("Can't convert principal to JSON string", e2);
        }
    }
}
