package org.springframework.security.oauth2.client.userinfo;

import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Map;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.core.convert.converter.Converter;
import org.springframework.http.RequestEntity;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestClientException;
import org.springframework.web.client.RestOperations;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.client.UnknownContentTypeException;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-6.5.1.jar:org/springframework/security/oauth2/client/userinfo/DefaultOAuth2UserService.class */
public class DefaultOAuth2UserService implements OAuth2UserService<OAuth2UserRequest, OAuth2User> {
    private static final String MISSING_USER_INFO_URI_ERROR_CODE = "missing_user_info_uri";
    private static final String MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE = "missing_user_name_attribute";
    private static final String INVALID_USER_INFO_RESPONSE_ERROR_CODE = "invalid_user_info_response";
    private static final ParameterizedTypeReference<Map<String, Object>> PARAMETERIZED_RESPONSE_TYPE = new ParameterizedTypeReference<Map<String, Object>>() { // from class: org.springframework.security.oauth2.client.userinfo.DefaultOAuth2UserService.1
    };
    private Converter<OAuth2UserRequest, RequestEntity<?>> requestEntityConverter = new OAuth2UserRequestEntityConverter();
    private Converter<OAuth2UserRequest, Converter<Map<String, Object>, Map<String, Object>>> attributesConverter = oAuth2UserRequest -> {
        return map -> {
            return map;
        };
    };
    private RestOperations restOperations;

    public DefaultOAuth2UserService() {
        RestTemplate restTemplate = new RestTemplate();
        restTemplate.setErrorHandler(new OAuth2ErrorResponseErrorHandler());
        this.restOperations = restTemplate;
    }

    @Override // org.springframework.security.oauth2.client.userinfo.OAuth2UserService
    public OAuth2User loadUser(OAuth2UserRequest oAuth2UserRequest) throws OAuth2AuthenticationException {
        Assert.notNull(oAuth2UserRequest, "userRequest cannot be null");
        String userNameAttributeName = getUserNameAttributeName(oAuth2UserRequest);
        ResponseEntity<Map<String, Object>> response = getResponse(oAuth2UserRequest, this.requestEntityConverter.convert(oAuth2UserRequest));
        OAuth2AccessToken accessToken = oAuth2UserRequest.getAccessToken();
        Map<String, Object> convert = this.attributesConverter.convert(oAuth2UserRequest).convert(response.getBody());
        return new DefaultOAuth2User(getAuthorities(accessToken, convert, userNameAttributeName), convert, userNameAttributeName);
    }

    public void setAttributesConverter(Converter<OAuth2UserRequest, Converter<Map<String, Object>, Map<String, Object>>> converter) {
        Assert.notNull(converter, "attributesConverter cannot be null");
        this.attributesConverter = converter;
    }

    private ResponseEntity<Map<String, Object>> getResponse(OAuth2UserRequest oAuth2UserRequest, RequestEntity<?> requestEntity) {
        try {
            return this.restOperations.exchange(requestEntity, PARAMETERIZED_RESPONSE_TYPE);
        } catch (OAuth2AuthorizationException e) {
            OAuth2Error error = e.getError();
            StringBuilder sb = new StringBuilder();
            sb.append("Error details: [");
            sb.append("UserInfo Uri: ").append(oAuth2UserRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri());
            sb.append(", Error Code: ").append(error.getErrorCode());
            if (error.getDescription() != null) {
                sb.append(", Error Description: ").append(error.getDescription());
            }
            sb.append("]");
            OAuth2Error oAuth2Error = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, "An error occurred while attempting to retrieve the UserInfo Resource: " + sb.toString(), null);
            throw new OAuth2AuthenticationException(oAuth2Error, oAuth2Error.toString(), e);
        } catch (UnknownContentTypeException e2) {
            OAuth2Error oAuth2Error2 = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, "An error occurred while attempting to retrieve the UserInfo Resource from '" + oAuth2UserRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri() + "': response contains invalid content type '" + e2.getContentType().toString() + "'. The UserInfo Response should return a JSON object (content type 'application/json') that contains a collection of name and value pairs of the claims about the authenticated End-User. Please ensure the UserInfo Uri in UserInfoEndpoint for Client Registration '" + oAuth2UserRequest.getClientRegistration().getRegistrationId() + "' conforms to the UserInfo Endpoint, as defined in OpenID Connect 1.0: 'https://openid.net/specs/openid-connect-core-1_0.html#UserInfo'", null);
            throw new OAuth2AuthenticationException(oAuth2Error2, oAuth2Error2.toString(), e2);
        } catch (RestClientException e3) {
            OAuth2Error oAuth2Error3 = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, "An error occurred while attempting to retrieve the UserInfo Resource: " + e3.getMessage(), null);
            throw new OAuth2AuthenticationException(oAuth2Error3, oAuth2Error3.toString(), e3);
        }
    }

    private String getUserNameAttributeName(OAuth2UserRequest oAuth2UserRequest) {
        if (!StringUtils.hasText(oAuth2UserRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri())) {
            OAuth2Error oAuth2Error = new OAuth2Error(MISSING_USER_INFO_URI_ERROR_CODE, "Missing required UserInfo Uri in UserInfoEndpoint for Client Registration: " + oAuth2UserRequest.getClientRegistration().getRegistrationId(), null);
            throw new OAuth2AuthenticationException(oAuth2Error, oAuth2Error.toString());
        }
        String userNameAttributeName = oAuth2UserRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
        if (StringUtils.hasText(userNameAttributeName)) {
            return userNameAttributeName;
        }
        OAuth2Error oAuth2Error2 = new OAuth2Error(MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE, "Missing required \"user name\" attribute name in UserInfoEndpoint for Client Registration: " + oAuth2UserRequest.getClientRegistration().getRegistrationId(), null);
        throw new OAuth2AuthenticationException(oAuth2Error2, oAuth2Error2.toString());
    }

    private Collection<GrantedAuthority> getAuthorities(OAuth2AccessToken oAuth2AccessToken, Map<String, Object> map, String str) {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        linkedHashSet.add(new OAuth2UserAuthority(map, str));
        Iterator<String> it = oAuth2AccessToken.getScopes().iterator();
        while (it.hasNext()) {
            linkedHashSet.add(new SimpleGrantedAuthority("SCOPE_" + it.next()));
        }
        return linkedHashSet;
    }

    public final void setRequestEntityConverter(Converter<OAuth2UserRequest, RequestEntity<?>> converter) {
        Assert.notNull(converter, "requestEntityConverter cannot be null");
        this.requestEntityConverter = converter;
    }

    public final void setRestOperations(RestOperations restOperations) {
        Assert.notNull(restOperations, "restOperations cannot be null");
        this.restOperations = restOperations;
    }
}
