package xyz.raylab.authorizationserver.oauth2.customizer.jwt.impl;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
import xyz.raylab.authorizationserver.oauth2.customizer.jwt.JwtCustomizerHandler;

/* loaded from: input_file:xyz/raylab/authorizationserver/oauth2/customizer/jwt/impl/OAuth2AuthenticationTokenJwtCustomizerHandler.class */
public class OAuth2AuthenticationTokenJwtCustomizerHandler extends AbstractJwtCustomizerHandler {
    private static final Set<String> ID_TOKEN_CLAIMS = Collections.unmodifiableSet(new HashSet(Arrays.asList("iss", "sub", "aud", "exp", "iat", "auth_time", "nonce", "acr", "amr", "azp", "at_hash", "c_hash")));

    public OAuth2AuthenticationTokenJwtCustomizerHandler(JwtCustomizerHandler jwtCustomizerHandler) {
        super(jwtCustomizerHandler);
    }

    @Override // xyz.raylab.authorizationserver.oauth2.customizer.jwt.impl.AbstractJwtCustomizerHandler
    protected void customizeJwt(JwtEncodingContext jwtEncodingContext) {
        Map<String, Object> extractClaims = extractClaims(jwtEncodingContext.getPrincipal());
        jwtEncodingContext.getClaims().claims(map -> {
            Set keySet = map.keySet();
            Objects.requireNonNull(extractClaims);
            keySet.forEach((v1) -> {
                r1.remove(v1);
            });
            Set<String> set = ID_TOKEN_CLAIMS;
            Objects.requireNonNull(extractClaims);
            set.forEach((v1) -> {
                r1.remove(v1);
            });
            map.putAll(extractClaims);
        });
    }

    private Map<String, Object> extractClaims(Authentication authentication) {
        Object principal = authentication.getPrincipal();
        return new HashMap(principal instanceof OidcUser ? ((OidcUser) principal).getIdToken().getClaims() : principal instanceof OAuth2User ? ((OAuth2User) principal).getAttributes() : Collections.emptyMap());
    }

    @Override // xyz.raylab.authorizationserver.oauth2.customizer.jwt.impl.AbstractJwtCustomizerHandler
    protected boolean supportCustomizeContext(Authentication authentication) {
        return authentication instanceof OAuth2AuthenticationToken;
    }
}
