package org.crue.hercules.sgi.framework.security.oauth2.client.oicd.userinfo;

import java.util.HashSet;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.jwt.JwtException;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/crue/hercules/sgi/framework/security/oauth2/client/oicd/userinfo/KeycloakOidcUserService.class */
public class KeycloakOidcUserService extends OidcUserService {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(KeycloakOidcUserService.class);
    private static final OAuth2Error INVALID_REQUEST = new OAuth2Error("invalid_request");
    private final JwtDecoder jwtDecoder;
    private final Converter<Jwt, ? extends AbstractAuthenticationToken> jwtAuthenticationConverter;

    public OidcUser loadUser(OidcUserRequest oidcUserRequest) throws OAuth2AuthenticationException {
        log.debug("loadUser(OidcUserRequest userRequest) - start");
        OidcUser loadUser = super.loadUser(oidcUserRequest);
        OAuth2AccessToken accessToken = oidcUserRequest.getAccessToken();
        HashSet hashSet = new HashSet();
        AbstractAuthenticationToken convert = convert(parseJwt(accessToken.getTokenValue()));
        if (convert != null) {
            hashSet.addAll(convert.getAuthorities());
        }
        String userNameAttributeName = oidcUserRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
        DefaultOidcUser defaultOidcUser = StringUtils.hasText(userNameAttributeName) ? new DefaultOidcUser(hashSet, loadUser.getIdToken(), loadUser.getUserInfo(), userNameAttributeName) : new DefaultOidcUser(hashSet, loadUser.getIdToken(), loadUser.getUserInfo());
        log.debug("loadUser(OidcUserRequest userRequest) - end");
        return defaultOidcUser;
    }

    private Jwt parseJwt(String str) {
        log.debug("parseJwt(String accessTokenValue) - start");
        try {
            Jwt decode = this.jwtDecoder.decode(str);
            log.debug("parseJwt(String accessTokenValue) - end");
            return decode;
        } catch (JwtException e) {
            log.error("invalid_request", e);
            throw new OAuth2AuthenticationException(INVALID_REQUEST, e);
        }
    }

    private AbstractAuthenticationToken convert(Jwt jwt) {
        log.debug("convert(Jwt jwt) - start");
        AbstractAuthenticationToken abstractAuthenticationToken = (AbstractAuthenticationToken) this.jwtAuthenticationConverter.convert(jwt);
        log.debug("convert(Jwt jwt) - end");
        return abstractAuthenticationToken;
    }

    @Generated
    public KeycloakOidcUserService(JwtDecoder jwtDecoder, Converter<Jwt, ? extends AbstractAuthenticationToken> converter) {
        this.jwtDecoder = jwtDecoder;
        this.jwtAuthenticationConverter = converter;
    }
}
