package org.springframework.security.oauth2.oidc.client.user;

import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import java.util.stream.Stream;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationException;
import org.springframework.security.oauth2.client.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.client.user.OAuth2UserService;
import org.springframework.security.oauth2.client.user.UserInfoRetriever;
import org.springframework.security.oauth2.client.user.nimbus.NimbusUserInfoRetriever;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.oidc.client.authentication.OidcClientAuthenticationToken;
import org.springframework.security.oauth2.oidc.core.UserInfo;
import org.springframework.security.oauth2.oidc.core.user.DefaultOidcUser;
import org.springframework.security.oauth2.oidc.core.user.OidcUserAuthority;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/oauth2/oidc/client/user/OidcUserService.class */
public class OidcUserService implements OAuth2UserService {
    private UserInfoRetriever userInfoRetriever = new NimbusUserInfoRetriever();
    private final Set<String> userInfoScopes = new HashSet(Arrays.asList("profile", "email", "address", "phone"));

    @Override // org.springframework.security.oauth2.client.user.OAuth2UserService
    public OAuth2User loadUser(OAuth2ClientAuthenticationToken oAuth2ClientAuthenticationToken) throws OAuth2AuthenticationException {
        if (!OidcClientAuthenticationToken.class.isAssignableFrom(oAuth2ClientAuthenticationToken.getClass())) {
            return null;
        }
        OidcClientAuthenticationToken oidcClientAuthenticationToken = (OidcClientAuthenticationToken) oAuth2ClientAuthenticationToken;
        UserInfo userInfo = null;
        if (shouldRetrieveUserInfo(oidcClientAuthenticationToken)) {
            userInfo = new UserInfo(getUserInfoRetriever().retrieve(oidcClientAuthenticationToken));
        }
        OidcUserAuthority oidcUserAuthority = new OidcUserAuthority(oidcClientAuthenticationToken.getIdToken(), userInfo);
        HashSet hashSet = new HashSet();
        hashSet.add(oidcUserAuthority);
        return new DefaultOidcUser(hashSet, oidcClientAuthenticationToken.getIdToken(), userInfo);
    }

    protected UserInfoRetriever getUserInfoRetriever() {
        return this.userInfoRetriever;
    }

    public final void setUserInfoRetriever(UserInfoRetriever userInfoRetriever) {
        Assert.notNull(userInfoRetriever, "userInfoRetriever cannot be null");
        this.userInfoRetriever = userInfoRetriever;
    }

    private boolean shouldRetrieveUserInfo(OidcClientAuthenticationToken oidcClientAuthenticationToken) {
        if (StringUtils.isEmpty(oidcClientAuthenticationToken.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri()) || !AuthorizationGrantType.AUTHORIZATION_CODE.equals(oidcClientAuthenticationToken.getClientRegistration().getAuthorizationGrantType())) {
            return false;
        }
        Stream<String> stream = oidcClientAuthenticationToken.getAuthorizedScope().stream();
        Set<String> set = this.userInfoScopes;
        set.getClass();
        return stream.anyMatch((v1) -> {
            return r1.contains(v1);
        });
    }
}
