package de.muenchen.oss.digiwf.spring.security.client;

import de.muenchen.oss.digiwf.spring.security.SpringSecurityProperties;
import jakarta.annotation.PostConstruct;
import java.util.function.Supplier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.stereotype.Component;

@ConditionalOnProperty(value = {"digiwf.security.service-account"}, matchIfMissing = true)
@Component
/* loaded from: input_file:BOOT-INF/lib/digiwf-spring-security-core-1.5.0.jar:de/muenchen/oss/digiwf/spring/security/client/OAuth2AccessTokenSupplier.class */
public class OAuth2AccessTokenSupplier implements Supplier<OAuth2AccessToken> {
    private final SpringSecurityProperties springSecurityProperties;
    private final OAuth2AuthorizedClientManager authorizedClientManager;
    private static final String ACCESS_ROLE = "clientrole_user";
    private AnonymousAuthenticationToken anonymousUserToken;

    @PostConstruct
    void init() {
        this.anonymousUserToken = new AnonymousAuthenticationToken(this.springSecurityProperties.getClientRegistrationServiceAccount(), this.springSecurityProperties.getClientRegistrationServiceAccount(), AuthorityUtils.createAuthorityList("ROLE_clientrole_user"));
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // java.util.function.Supplier
    public OAuth2AccessToken get() {
        OAuth2AuthorizedClient authorize = this.authorizedClientManager.authorize(OAuth2AuthorizeRequest.withClientRegistrationId(this.springSecurityProperties.getClientRegistrationServiceAccount()).principal(this.anonymousUserToken).build());
        if (authorize == null) {
            throw new IllegalStateException("Client credentials authorization using client registration '" + this.springSecurityProperties.getClientRegistrationServiceAccount() + "' failed.");
        }
        return authorize.getAccessToken();
    }

    public OAuth2AccessTokenSupplier(SpringSecurityProperties springSecurityProperties, OAuth2AuthorizedClientManager oAuth2AuthorizedClientManager) {
        this.springSecurityProperties = springSecurityProperties;
        this.authorizedClientManager = oAuth2AuthorizedClientManager;
    }
}
