package org.springframework.cloud.common.security.support;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.hibernate.validator.internal.metadata.core.ConstraintHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-cloud-common-security-config-web-2.11.3.jar:org/springframework/cloud/common/security/support/CustomOAuth2OidcUserService.class */
public class CustomOAuth2OidcUserService implements OAuth2UserService<OidcUserRequest, OidcUser> {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CustomOAuth2OidcUserService.class);
    final OidcUserService delegate = new OidcUserService();
    final AuthoritiesMapper authorityMapper;

    public CustomOAuth2OidcUserService(AuthoritiesMapper authoritiesMapper) {
        this.authorityMapper = authoritiesMapper;
    }

    @Override // org.springframework.security.oauth2.client.userinfo.OAuth2UserService
    public OidcUser loadUser(OidcUserRequest oidcUserRequest) throws OAuth2AuthenticationException {
        log.debug("Load user");
        OidcUser loadUser = this.delegate.loadUser(oidcUserRequest);
        OAuth2AccessToken accessToken = oidcUserRequest.getAccessToken();
        Set<GrantedAuthority> mapScopesToAuthorities = this.authorityMapper.mapScopesToAuthorities(oidcUserRequest.getClientRegistration().getRegistrationId(), accessToken.getScopes(), accessToken.getTokenValue());
        List<String> claimAsStringList = loadUser.getClaimAsStringList(ConstraintHelper.GROUPS);
        if (claimAsStringList == null) {
            claimAsStringList = loadUser.getClaimAsStringList("roles");
        }
        if (claimAsStringList == null) {
            claimAsStringList = new ArrayList();
        }
        log.debug("roleClaims: {}", claimAsStringList);
        Set<GrantedAuthority> mapClaimsToAuthorities = this.authorityMapper.mapClaimsToAuthorities(oidcUserRequest.getClientRegistration().getRegistrationId(), claimAsStringList);
        String userNameAttributeName = oidcUserRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
        log.debug("AccessToken: {}", accessToken.getTokenValue());
        HashSet hashSet = new HashSet(mapScopesToAuthorities);
        hashSet.addAll(mapClaimsToAuthorities);
        return StringUtils.hasText(userNameAttributeName) ? new DefaultOidcUser(hashSet, oidcUserRequest.getIdToken(), loadUser.getUserInfo(), userNameAttributeName) : new DefaultOidcUser(hashSet, oidcUserRequest.getIdToken(), loadUser.getUserInfo());
    }
}
