package org.georchestra.gateway.security.oauth2;

import com.google.common.annotations.VisibleForTesting;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Consumer;
import java.util.function.Predicate;
import java.util.stream.Stream;
import lombok.NonNull;
import org.georchestra.gateway.security.ldap.LdapConfigProperties;
import org.georchestra.security.model.GeorchestraUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.core.oidc.AddressStandardClaim;
import org.springframework.security.oauth2.core.oidc.StandardClaimAccessor;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;

@EnableConfigurationProperties({LdapConfigProperties.class})
/* loaded from: input_file:BOOT-INF/classes/org/georchestra/gateway/security/oauth2/OpenIdConnectUserMapper.class */
public class OpenIdConnectUserMapper extends OAuth2UserMapper {
    private static final Logger log = LoggerFactory.getLogger("org.georchestra.gateway.security.oauth2");

    @NonNull
    private final OpenIdConnectCustomClaimsConfigProperties nonStandardClaimsConfig;

    @Override // org.georchestra.gateway.security.oauth2.OAuth2UserMapper
    protected Predicate<OAuth2AuthenticationToken> tokenFilter() {
        return oAuth2AuthenticationToken -> {
            return oAuth2AuthenticationToken.getPrincipal() instanceof OidcUser;
        };
    }

    @Override // org.georchestra.gateway.security.GeorchestraUserMapperExtension, org.springframework.core.Ordered
    public int getOrder() {
        return Integer.MIN_VALUE;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.georchestra.gateway.security.oauth2.OAuth2UserMapper
    public Optional<GeorchestraUser> map(OAuth2AuthenticationToken oAuth2AuthenticationToken) {
        GeorchestraUser orElseGet = super.map(oAuth2AuthenticationToken).orElseGet(GeorchestraUser::new);
        OidcUser oidcUser = (OidcUser) oAuth2AuthenticationToken.getPrincipal();
        try {
            applyStandardClaims(oidcUser, orElseGet);
            applyNonStandardClaims(oidcUser.getClaims(), orElseGet);
            orElseGet.setUsername((oAuth2AuthenticationToken.getAuthorizedClientRegistrationId() + "_" + orElseGet.getUsername()).replaceAll("[^a-zA-Z0-9-_]", "_").toLowerCase());
            return Optional.of(orElseGet);
        } catch (Exception e) {
            log.error("Error mapping non-standard OIDC claims for authenticated user", (Throwable) e);
            throw new IllegalStateException(e);
        }
    }

    @VisibleForTesting
    void applyNonStandardClaims(Map<String, Object> map, GeorchestraUser georchestraUser) {
        Optional flatMap = this.nonStandardClaimsConfig.id().map(jsonPathExtractor -> {
            return jsonPathExtractor.extract(map);
        }).map((v0) -> {
            return v0.stream();
        }).flatMap((v0) -> {
            return v0.findFirst();
        });
        Objects.requireNonNull(georchestraUser);
        flatMap.ifPresent(georchestraUser::setId);
        this.nonStandardClaimsConfig.roles().ifPresent(rolesMapping -> {
            rolesMapping.apply(map, georchestraUser);
        });
        Optional flatMap2 = this.nonStandardClaimsConfig.organization().map(jsonPathExtractor2 -> {
            return jsonPathExtractor2.extract(map);
        }).map((v0) -> {
            return v0.stream();
        }).flatMap((v0) -> {
            return v0.findFirst();
        });
        Objects.requireNonNull(georchestraUser);
        flatMap2.ifPresent(georchestraUser::setOrganization);
    }

    @VisibleForTesting
    void applyStandardClaims(StandardClaimAccessor standardClaimAccessor, GeorchestraUser georchestraUser) {
        String subject = standardClaimAccessor.getSubject();
        String preferredUsername = standardClaimAccessor.getPreferredUsername();
        String givenName = standardClaimAccessor.getGivenName();
        String familyName = standardClaimAccessor.getFamilyName();
        String email = standardClaimAccessor.getEmail();
        String phoneNumber = standardClaimAccessor.getPhoneNumber();
        AddressStandardClaim address = standardClaimAccessor.getAddress();
        String formatted = address == null ? null : address.getFormatted();
        Objects.requireNonNull(georchestraUser);
        apply(georchestraUser::setId, subject);
        Objects.requireNonNull(georchestraUser);
        apply(georchestraUser::setUsername, preferredUsername, subject);
        Objects.requireNonNull(georchestraUser);
        apply(georchestraUser::setFirstName, givenName);
        Objects.requireNonNull(georchestraUser);
        apply(georchestraUser::setLastName, familyName);
        Objects.requireNonNull(georchestraUser);
        apply(georchestraUser::setEmail, email);
        Objects.requireNonNull(georchestraUser);
        apply(georchestraUser::setTelephoneNumber, phoneNumber);
        Objects.requireNonNull(georchestraUser);
        apply(georchestraUser::setPostalAddress, formatted);
    }

    @Override // org.georchestra.gateway.security.oauth2.OAuth2UserMapper
    protected void apply(Consumer<String> consumer, String... strArr) {
        Optional findFirst = Stream.of((Object[]) strArr).filter((v0) -> {
            return Objects.nonNull(v0);
        }).findFirst();
        Objects.requireNonNull(consumer);
        findFirst.ifPresent((v1) -> {
            r1.accept(v1);
        });
    }

    @Override // org.georchestra.gateway.security.oauth2.OAuth2UserMapper
    protected Logger logger() {
        return log;
    }

    public OpenIdConnectUserMapper(@NonNull OpenIdConnectCustomClaimsConfigProperties openIdConnectCustomClaimsConfigProperties) {
        if (openIdConnectCustomClaimsConfigProperties == null) {
            throw new NullPointerException("nonStandardClaimsConfig is marked non-null but is null");
        }
        this.nonStandardClaimsConfig = openIdConnectCustomClaimsConfigProperties;
    }
}
