package org.springframework.security.oauth2.server.authorization.oidc.authentication;

import org.springframework.core.convert.converter.Converter;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContextHolder;
import org.springframework.security.oauth2.server.authorization.oidc.OidcClientMetadataClaimNames;
import org.springframework.security.oauth2.server.authorization.oidc.OidcClientRegistration;
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
import org.springframework.util.CollectionUtils;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/oidc/authentication/RegisteredClientOidcClientRegistrationConverter.class */
final class RegisteredClientOidcClientRegistrationConverter implements Converter<RegisteredClient, OidcClientRegistration> {
    public OidcClientRegistration convert(RegisteredClient registeredClient) {
        OidcClientRegistration.Builder clientName = OidcClientRegistration.builder().clientId(registeredClient.getClientId()).clientIdIssuedAt(registeredClient.getClientIdIssuedAt()).clientName(registeredClient.getClientName());
        if (registeredClient.getClientSecret() != null) {
            clientName.clientSecret(registeredClient.getClientSecret());
        }
        clientName.redirectUris(list -> {
            list.addAll(registeredClient.getRedirectUris());
        });
        if (!CollectionUtils.isEmpty(registeredClient.getPostLogoutRedirectUris())) {
            clientName.postLogoutRedirectUris(list2 -> {
                list2.addAll(registeredClient.getPostLogoutRedirectUris());
            });
        }
        clientName.grantTypes(list3 -> {
            registeredClient.getAuthorizationGrantTypes().forEach(authorizationGrantType -> {
                list3.add(authorizationGrantType.getValue());
            });
        });
        if (registeredClient.getAuthorizationGrantTypes().contains(AuthorizationGrantType.AUTHORIZATION_CODE)) {
            clientName.responseType(OAuth2AuthorizationResponseType.CODE.getValue());
        }
        if (!CollectionUtils.isEmpty(registeredClient.getScopes())) {
            clientName.scopes(list4 -> {
                list4.addAll(registeredClient.getScopes());
            });
        }
        AuthorizationServerContext context = AuthorizationServerContextHolder.getContext();
        clientName.tokenEndpointAuthenticationMethod(registeredClient.getClientAuthenticationMethods().iterator().next().getValue()).idTokenSignedResponseAlgorithm(registeredClient.getTokenSettings().getIdTokenSignatureAlgorithm().getName()).registrationClientUrl(UriComponentsBuilder.fromUriString(context.getIssuer()).path(context.getAuthorizationServerSettings().getOidcClientRegistrationEndpoint()).queryParam(OidcClientMetadataClaimNames.CLIENT_ID, new Object[]{registeredClient.getClientId()}).toUriString());
        ClientSettings clientSettings = registeredClient.getClientSettings();
        if (clientSettings.getJwkSetUrl() != null) {
            clientName.jwkSetUrl(clientSettings.getJwkSetUrl());
        }
        if (clientSettings.getTokenEndpointAuthenticationSigningAlgorithm() != null) {
            clientName.tokenEndpointAuthenticationSigningAlgorithm(clientSettings.getTokenEndpointAuthenticationSigningAlgorithm().getName());
        }
        return clientName.build();
    }
}
