package it.geosolutions.geostore.services.rest.security.oauth2;

import java.util.Optional;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.store.jwk.JwkTokenStore;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:WEB-INF/lib/geostore-rest-impl-1.9.0.jar:it/geosolutions/geostore/services/rest/security/oauth2/GeoStoreOAuthRestTemplate.class */
public class GeoStoreOAuthRestTemplate extends OAuth2RestTemplate {
    private JwkTokenStore store;
    public static final String ID_TOKEN_VALUE = "OpenIdConnect-IdTokenValue";
    private String idTokenParam;

    public GeoStoreOAuthRestTemplate(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, OAuth2ClientContext oAuth2ClientContext, OAuth2Configuration oAuth2Configuration) {
        this(oAuth2ProtectedResourceDetails, oAuth2ClientContext, oAuth2Configuration, "id_token");
    }

    public GeoStoreOAuthRestTemplate(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, OAuth2ClientContext oAuth2ClientContext, OAuth2Configuration oAuth2Configuration, String str) {
        super(oAuth2ProtectedResourceDetails, oAuth2ClientContext);
        this.store = new JwkTokenStore(oAuth2Configuration.getIdTokenUri());
        this.idTokenParam = str;
    }

    @Override // org.springframework.security.oauth2.client.OAuth2RestTemplate, org.springframework.security.oauth2.client.OAuth2RestOperations
    public OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException {
        OAuth2AccessToken accessToken = super.getAccessToken();
        if (accessToken != null) {
            extractIDToken(accessToken);
        }
        return accessToken;
    }

    protected void extractIDToken(OAuth2AccessToken oAuth2AccessToken) {
        Object obj = oAuth2AccessToken.getAdditionalInformation().get(this.idTokenParam);
        if (obj instanceof String) {
            String str = (String) obj;
            setAsRequestAttribute(ID_TOKEN_VALUE, str);
            if (this.store != null) {
                this.store.readAuthentication(str);
            }
        }
    }

    private void setAsRequestAttribute(String str, String str2) {
        Optional.ofNullable(RequestContextHolder.getRequestAttributes()).filter(requestAttributes -> {
            return requestAttributes instanceof ServletRequestAttributes;
        }).map(requestAttributes2 -> {
            return (ServletRequestAttributes) requestAttributes2;
        }).map((v0) -> {
            return v0.getRequest();
        }).ifPresent(httpServletRequest -> {
            httpServletRequest.setAttribute(str, str2);
        });
    }

    public OAuth2Authentication readAuthentication(String str) {
        return this.store.readAuthentication(str);
    }
}
