package org.cattleframework.oauth.authorization.portal.token;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.cattleframework.form.authorization.authentication.LoginedAuthenticationToken;
import org.cattleframework.form.authorization.authentication.UserInfo;
import org.cattleframework.form.authorization.service.UserService;
import org.cattleframework.web.security.CattleAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;

/* loaded from: input_file:org/cattleframework/oauth/authorization/portal/token/IdentityTokenCustomizer.class */
public class IdentityTokenCustomizer implements OAuth2TokenCustomizer<JwtEncodingContext> {
    private final UserService userService;

    public IdentityTokenCustomizer(UserService userService) {
        this.userService = userService;
    }

    public void customize(JwtEncodingContext jwtEncodingContext) {
        if (OAuth2TokenType.ACCESS_TOKEN.equals(jwtEncodingContext.getTokenType()) || "id_token".equals(jwtEncodingContext.getTokenType().getValue())) {
            Map<String, Object> extractClaims = extractClaims(jwtEncodingContext.getPrincipal());
            jwtEncodingContext.getClaims().claims(map -> {
                Set keySet = extractClaims.keySet();
                Objects.requireNonNull(map);
                keySet.forEach((v1) -> {
                    r1.remove(v1);
                });
                map.putAll(extractClaims);
            });
        }
    }

    private Map<String, Object> extractClaims(Authentication authentication) {
        Map emptyMap;
        if (authentication instanceof LoginedAuthenticationToken) {
            LoginedAuthenticationToken loginedAuthenticationToken = (LoginedAuthenticationToken) authentication;
            UserInfo userInfo = this.userService.getUserInfo(loginedAuthenticationToken.getUserId());
            emptyMap = new HashMap(3);
            emptyMap.put("sub", loginedAuthenticationToken.getUsername());
            emptyMap.put("name", loginedAuthenticationToken.getName());
            try {
                emptyMap.put("sid", createHash(loginedAuthenticationToken.getUserSessionIdentity()));
                if (userInfo != null) {
                    if (StringUtils.isNotBlank(userInfo.getPhone())) {
                        emptyMap.put("phone_number", userInfo.getPhone());
                    }
                    if (StringUtils.isNotBlank(userInfo.getEmail())) {
                        emptyMap.put("email", userInfo.getEmail());
                    }
                }
            } catch (NoSuchAlgorithmException e) {
                throw new CattleAuthenticationException("Failed to compute hash for Session ID.", e);
            }
        } else {
            emptyMap = Collections.emptyMap();
        }
        return new HashMap(emptyMap);
    }

    private static String createHash(String str) throws NoSuchAlgorithmException {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(MessageDigest.getInstance("SHA-256").digest(str.getBytes(StandardCharsets.US_ASCII)));
    }
}
