package io.gardenerframework.camellia.authentication.server.main.spring.oauth2;

import io.gardenerframework.camellia.authentication.server.common.annotation.AuthenticationServerEngineComponent;
import io.gardenerframework.camellia.authentication.server.main.oauth2.OidcUserInfoClaimsCustomizer;
import io.gardenerframework.camellia.authentication.server.main.schema.UserAuthenticatedAuthentication;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.function.Function;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.oidc.authentication.OidcUserInfoAuthenticationContext;

@AuthenticationServerEngineComponent
/* loaded from: input_file:io/gardenerframework/camellia/authentication/server/main/spring/oauth2/OidcUserInfoMapper.class */
public class OidcUserInfoMapper implements Function<OidcUserInfoAuthenticationContext, OidcUserInfo> {
    private static final Logger log = LoggerFactory.getLogger(OidcUserInfoMapper.class);
    private static final List<String> EMAIL_CLAIMS = Arrays.asList("email", "email_verified");
    private static final List<String> PHONE_CLAIMS = Arrays.asList("phone_number", "phone_number_verified");
    private static final List<String> PROFILE_CLAIMS = Arrays.asList("name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at");
    private final Collection<OidcUserInfoClaimsCustomizer> customizers;

    private static Map<String, Object> getClaimsRequestedByScope(Map<String, Object> map, Set<String> set) {
        HashSet hashSet = new HashSet(32);
        hashSet.add("sub");
        if (set.contains("address")) {
            hashSet.add("address");
        }
        if (set.contains("email")) {
            hashSet.addAll(EMAIL_CLAIMS);
        }
        if (set.contains("phone")) {
            hashSet.addAll(PHONE_CLAIMS);
        }
        if (set.contains("profile")) {
            hashSet.addAll(PROFILE_CLAIMS);
        }
        HashMap hashMap = new HashMap(map);
        hashMap.keySet().removeIf(str -> {
            return !hashSet.contains(str);
        });
        return hashMap;
    }

    @Override // java.util.function.Function
    public OidcUserInfo apply(OidcUserInfoAuthenticationContext oidcUserInfoAuthenticationContext) {
        OAuth2Authorization authorization = oidcUserInfoAuthenticationContext.getAuthorization();
        UserAuthenticatedAuthentication userAuthenticatedAuthentication = (UserAuthenticatedAuthentication) authorization.getAttribute(Principal.class.getName());
        OidcIdToken token = authorization.getToken(OidcIdToken.class).getToken();
        OAuth2AccessToken accessToken = oidcUserInfoAuthenticationContext.getAccessToken();
        Map<String, Object> claimsRequestedByScope = getClaimsRequestedByScope(token.getClaims(), accessToken.getScopes());
        this.customizers.forEach(oidcUserInfoClaimsCustomizer -> {
            oidcUserInfoClaimsCustomizer.customize(oidcUserInfoAuthenticationContext.getAuthentication(), ((UserAuthenticatedAuthentication) Objects.requireNonNull(userAuthenticatedAuthentication)).getPrincipal(), claimsRequestedByScope, accessToken.getScopes());
        });
        return new OidcUserInfo(claimsRequestedByScope);
    }

    public OidcUserInfoMapper(Collection<OidcUserInfoClaimsCustomizer> collection) {
        this.customizers = collection;
    }
}
