package dev.hilla.sso.starter;

import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.stream.Collectors;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
import org.springframework.util.StringUtils;

/* loaded from: input_file:dev/hilla/sso/starter/SingleSignOnUserService.class */
public class SingleSignOnUserService extends OidcUserService {
    private static final String REALM_ACCESS_CLAIM = "realm_access";
    private static final String ROLES_KEY = "roles";
    private static final String ROLE_PREFIX = "ROLE_";

    public OidcUser loadUser(OidcUserRequest oidcUserRequest) throws OAuth2AuthenticationException {
        return decorateUser(super.loadUser(oidcUserRequest), oidcUserRequest);
    }

    protected OidcUser decorateUser(OidcUser oidcUser, OidcUserRequest oidcUserRequest) {
        OidcUserInfo userInfo = oidcUser.getUserInfo();
        OidcIdToken idToken = oidcUserRequest.getIdToken();
        HashSet hashSet = new HashSet();
        hashSet.addAll(oidcUser.getAuthorities());
        if (userInfo.hasClaim(REALM_ACCESS_CLAIM)) {
            hashSet.addAll(getKeycloakRoles(userInfo, idToken));
        }
        String userNameAttributeName = oidcUserRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
        return StringUtils.hasText(userNameAttributeName) ? new DefaultOidcUser(hashSet, oidcUser.getIdToken(), oidcUser.getUserInfo(), userNameAttributeName) : new DefaultOidcUser(hashSet, oidcUser.getIdToken(), oidcUser.getUserInfo());
    }

    private List<OidcUserAuthority> getKeycloakRoles(OidcUserInfo oidcUserInfo, OidcIdToken oidcIdToken) {
        return (List) ((Collection) oidcUserInfo.getClaimAsMap(REALM_ACCESS_CLAIM).get(ROLES_KEY)).stream().map(str -> {
            return new OidcUserAuthority("ROLE_" + str, oidcIdToken, oidcUserInfo);
        }).collect(Collectors.toList());
    }
}
