package org.flowable.ui.common.security;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashSet;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;

/* loaded from: input_file:WEB-INF/lib/flowable-ui-common-6.7.2.jar:org/flowable/ui/common/security/FlowableOAuth2GrantedAuthoritiesMapper.class */
public class FlowableOAuth2GrantedAuthoritiesMapper implements GrantedAuthoritiesMapper {
    protected final String authoritiesAttribute;
    protected final String groupsAttribute;
    protected final Collection<GrantedAuthority> defaultAuthorities = new LinkedHashSet();

    public FlowableOAuth2GrantedAuthoritiesMapper(String str, String str2, Collection<String> collection, Collection<String> collection2) {
        this.authoritiesAttribute = str;
        this.groupsAttribute = str2;
        if (collection != null) {
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                this.defaultAuthorities.add(new SimpleGrantedAuthority(it.next()));
            }
        }
        if (collection2 != null) {
            Iterator<String> it2 = collection2.iterator();
            while (it2.hasNext()) {
                this.defaultAuthorities.add(SecurityUtils.createGroupAuthority(it2.next()));
            }
        }
    }

    @Override // org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper
    public Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> collection) {
        ArrayList arrayList = new ArrayList(collection);
        OAuth2UserAuthority oAuth2UserAuthority = getOAuth2UserAuthority(collection);
        if (oAuth2UserAuthority instanceof OidcUserAuthority) {
            OidcUserAuthority oidcUserAuthority = (OidcUserAuthority) oAuth2UserAuthority;
            if (StringUtils.isNotBlank(this.authoritiesAttribute)) {
                Iterator<String> it = asStringCollection(oidcUserAuthority.getUserInfo().getClaim(this.authoritiesAttribute)).iterator();
                while (it.hasNext()) {
                    arrayList.add(new SimpleGrantedAuthority(it.next()));
                }
            }
            if (StringUtils.isNotBlank(this.groupsAttribute)) {
                Iterator<String> it2 = asStringCollection(oidcUserAuthority.getUserInfo().getClaim(this.groupsAttribute)).iterator();
                while (it2.hasNext()) {
                    arrayList.add(SecurityUtils.createGroupAuthority(it2.next()));
                }
            }
        } else if (oAuth2UserAuthority != null) {
            if (StringUtils.isNotBlank(this.authoritiesAttribute)) {
                Iterator<String> it3 = asStringCollection(oAuth2UserAuthority.getAttributes().get(this.authoritiesAttribute)).iterator();
                while (it3.hasNext()) {
                    arrayList.add(new SimpleGrantedAuthority(it3.next()));
                }
            }
            if (StringUtils.isNotBlank(this.groupsAttribute)) {
                Iterator<String> it4 = asStringCollection(oAuth2UserAuthority.getAttributes().get(this.groupsAttribute)).iterator();
                while (it4.hasNext()) {
                    arrayList.add(SecurityUtils.createGroupAuthority(it4.next()));
                }
            }
        }
        arrayList.addAll(this.defaultAuthorities);
        return arrayList;
    }

    protected Collection<String> asStringCollection(Object obj) {
        return obj instanceof Collection ? (Collection) obj : obj instanceof String ? Arrays.asList(((String) obj).split(",")) : Collections.emptyList();
    }

    protected OAuth2UserAuthority getOAuth2UserAuthority(Collection<? extends GrantedAuthority> collection) {
        for (GrantedAuthority grantedAuthority : collection) {
            if (grantedAuthority instanceof OAuth2UserAuthority) {
                return (OAuth2UserAuthority) grantedAuthority;
            }
        }
        return null;
    }
}
