package de.muenchen.oss.digiwf.spring.security.authentication;

import de.muenchen.oss.digiwf.spring.security.SecurityConfiguration;
import de.muenchen.oss.digiwf.spring.security.SpringSecurityProperties;
import javax.annotation.PostConstruct;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Profile;
import org.springframework.lang.NonNull;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.stereotype.Component;

@Profile({SecurityConfiguration.SECURITY})
@Component
/* loaded from: input_file:BOOT-INF/lib/digiwf-spring-security-core-0.18.2.jar:de/muenchen/oss/digiwf/spring/security/authentication/UserAuthenticationProviderImpl.class */
public class UserAuthenticationProviderImpl implements UserAuthenticationProvider {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) UserAuthenticationProviderImpl.class);
    private final SpringSecurityProperties springSecurityProperties;
    private final ClientRegistrationRepository clientRegistrationRepository;
    private String userNameAttribute;
    public static final String NAME_UNAUTHENTICATED_USER = "unauthenticated";

    @PostConstruct
    public void getUsernameAttributeName() {
        try {
            this.userNameAttribute = this.clientRegistrationRepository.findByRegistrationId(this.springSecurityProperties.getClientRegistration()).getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
        } catch (Exception e) {
            this.userNameAttribute = "user_name";
            log.error("Error reading username attribute for configured client registration " + this.springSecurityProperties.getClientRegistration() + ". Falling back to " + this.userNameAttribute, (Throwable) e);
        }
    }

    @Override // de.muenchen.oss.digiwf.spring.security.authentication.UserAuthenticationProvider
    @NonNull
    public String getLoggedInUser() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return authentication.getPrincipal() instanceof Jwt ? (String) ((Jwt) authentication.getPrincipal()).getClaims().get(this.userNameAttribute) : NAME_UNAUTHENTICATED_USER;
    }

    public UserAuthenticationProviderImpl(SpringSecurityProperties springSecurityProperties, ClientRegistrationRepository clientRegistrationRepository) {
        this.springSecurityProperties = springSecurityProperties;
        this.clientRegistrationRepository = clientRegistrationRepository;
    }
}
