package org.springframework.cloud.common.security.support;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.hibernate.validator.internal.metadata.core.ConstraintHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-cloud-common-security-config-web-2.11.3.jar:org/springframework/cloud/common/security/support/MappingJwtGrantedAuthoritiesConverter.class */
public final class MappingJwtGrantedAuthoritiesConverter implements Converter<Jwt, Collection<GrantedAuthority>> {
    private static final String DEFAULT_AUTHORITY_PREFIX = "SCOPE_";
    private String authoritiesClaimName;
    private String groupAuthoritiesClaimName;
    private static final Logger log = LoggerFactory.getLogger((Class<?>) MappingJwtGrantedAuthoritiesConverter.class);
    private static final Collection<String> WELL_KNOWN_SCOPES_CLAIM_NAMES = Arrays.asList("scope", "scp");
    private static final Collection<String> WELL_KNOWN_GROUPS_CLAIM_NAMES = Arrays.asList(ConstraintHelper.GROUPS, "roles");
    private String authorityPrefix = DEFAULT_AUTHORITY_PREFIX;
    private Map<String, String> roleAuthoritiesMapping = new HashMap();
    private Map<String, String> groupAuthoritiesMapping = new HashMap();

    @Override // org.springframework.core.convert.converter.Converter
    public Collection<GrantedAuthority> convert(Jwt jwt) {
        log.debug("JWT: {}", jwt.getTokenValue());
        Set set = (Set) getAuthorities(jwt).stream().flatMap(str -> {
            return (this.roleAuthoritiesMapping.isEmpty() && this.groupAuthoritiesMapping.isEmpty()) ? Stream.of(str) : Stream.concat(this.roleAuthoritiesMapping.entrySet().stream().filter(entry -> {
                return ((String) entry.getValue()).equals(str);
            }).map(entry2 -> {
                return (String) entry2.getKey();
            }).distinct(), this.groupAuthoritiesMapping.entrySet().stream().filter(entry3 -> {
                return ((String) entry3.getValue()).equals(str);
            }).map(entry4 -> {
                return (String) entry4.getKey();
            }).distinct());
        }).distinct().map(str2 -> {
            return new SimpleGrantedAuthority(this.authorityPrefix + str2);
        }).collect(Collectors.toSet());
        log.debug("JWT granted: {}", set);
        return set;
    }

    public void setAuthorityPrefix(String str) {
        Assert.notNull(str, "authorityPrefix cannot be null");
        this.authorityPrefix = str;
    }

    public void setAuthoritiesClaimName(String str) {
        Assert.hasText(str, "authoritiesClaimName cannot be empty");
        this.authoritiesClaimName = str;
    }

    public void setAuthoritiesMapping(Map<String, String> map) {
        Assert.notNull(map, "authoritiesMapping cannot be null");
        this.roleAuthoritiesMapping = map;
    }

    public void setGroupAuthoritiesClaimName(String str) {
        this.groupAuthoritiesClaimName = str;
    }

    public void setGroupAuthoritiesMapping(Map<String, String> map) {
        this.groupAuthoritiesMapping = map;
    }

    private String getAuthoritiesClaimName(Jwt jwt) {
        if (this.authoritiesClaimName != null) {
            return this.authoritiesClaimName;
        }
        for (String str : WELL_KNOWN_SCOPES_CLAIM_NAMES) {
            if (jwt.hasClaim(str)) {
                return str;
            }
        }
        return null;
    }

    private String getGroupAuthoritiesClaimName(Jwt jwt) {
        if (this.groupAuthoritiesClaimName != null) {
            return this.groupAuthoritiesClaimName;
        }
        for (String str : WELL_KNOWN_GROUPS_CLAIM_NAMES) {
            if (jwt.hasClaim(str)) {
                return str;
            }
        }
        return null;
    }

    private Collection<String> getAuthorities(Jwt jwt) {
        String authoritiesClaimName = getAuthoritiesClaimName(jwt);
        String groupAuthoritiesClaimName = getGroupAuthoritiesClaimName(jwt);
        List<String> list = null;
        List<String> list2 = null;
        if (authoritiesClaimName != null && !ObjectUtils.isArray(jwt.getClaim(authoritiesClaimName))) {
            list = jwt.getClaimAsStringList(authoritiesClaimName);
        }
        if (groupAuthoritiesClaimName != null && !ObjectUtils.isArray(jwt.getClaim(groupAuthoritiesClaimName))) {
            list2 = jwt.getClaimAsStringList(groupAuthoritiesClaimName);
        }
        ArrayList arrayList = new ArrayList();
        if (list != null) {
            arrayList.addAll((List) list.stream().flatMap(str -> {
                return Arrays.stream(str.split(" "));
            }).filter(str2 -> {
                return StringUtils.hasText(str2);
            }).collect(Collectors.toList()));
        }
        if (list2 != null) {
            arrayList.addAll(list2);
        }
        return arrayList;
    }
}
