package it.geosolutions.geostore.services.rest.security.oauth2;

import java.io.Serializable;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.UserAuthenticationConverter;

/* loaded from: input_file:WEB-INF/lib/geostore-rest-impl-2.2.0.jar:it/geosolutions/geostore/services/rest/security/oauth2/GeoStoreAccessTokenConverter.class */
public class GeoStoreAccessTokenConverter extends DefaultAccessTokenConverter {
    public static String ACCESS_TOKEN_CHECK_KEY = OAuth2GeoStoreAuthenticationFilter.OAUTH2_ACCESS_TOKEN_CHECK_KEY;
    protected static Logger LOGGER = LogManager.getLogger((Class<?>) GeoStoreAccessTokenConverter.class);
    protected UserAuthenticationConverter userTokenConverter;

    public GeoStoreAccessTokenConverter() {
        this("email");
    }

    public GeoStoreAccessTokenConverter(String str) {
        setUserTokenConverter(new GeoStoreAuthenticationConverter(str));
    }

    @Override // org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter
    public final void setUserTokenConverter(UserAuthenticationConverter userAuthenticationConverter) {
        this.userTokenConverter = userAuthenticationConverter;
        super.setUserTokenConverter(userAuthenticationConverter);
    }

    @Override // org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter, org.springframework.security.oauth2.provider.token.AccessTokenConverter
    public OAuth2Authentication extractAuthentication(Map<String, ?> map) {
        HashMap hashMap = new HashMap();
        Set<String> parseScopes = parseScopes(map);
        Authentication extractAuthentication = this.userTokenConverter.extractAuthentication(map);
        LOGGER.debug("User: " + extractAuthentication);
        String str = (String) map.get("client_id");
        hashMap.put("client_id", str);
        HashMap hashMap2 = new HashMap();
        try {
            hashMap2.put(ACCESS_TOKEN_CHECK_KEY, (Serializable) map);
        } catch (Exception e) {
            LOGGER.debug("Exception while trying to record the access token check info", (Throwable) e);
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet(getAud(map));
        LOGGER.debug("ResourceIds: " + linkedHashSet);
        return new OAuth2Authentication(new OAuth2Request(hashMap, str, null, true, parseScopes, linkedHashSet, null, null, hashMap2), extractAuthentication);
    }

    private Collection<String> getAud(Map<String, ?> map) {
        if (!map.containsKey("aud")) {
            return Collections.emptySet();
        }
        Object obj = map.get("aud");
        return obj instanceof Collection ? (Collection) obj : Collections.singletonList(String.valueOf(obj));
    }

    private Set<String> parseScopes(Map<String, ?> map) {
        Object obj = map.containsKey("scope") ? map.get("scope") : "";
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        if (String.class.isAssignableFrom(obj.getClass())) {
            Collections.addAll(linkedHashSet, ((String) obj).split(" "));
        } else if (Collection.class.isAssignableFrom(obj.getClass())) {
            linkedHashSet.addAll((Collection) obj);
        }
        return linkedHashSet;
    }
}
