package org.springframework.cloud.common.security.support;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.security.oauth2.resource.AuthoritiesExtractor;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.client.OAuth2RestOperations;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/cloud/common/security/support/DefaultAuthoritiesExtractor.class */
public class DefaultAuthoritiesExtractor implements AuthoritiesExtractor {
    private static final Logger logger = LoggerFactory.getLogger(DefaultAuthoritiesExtractor.class);
    private final boolean mapOauthScopesToAuthorities;
    private final Map<CoreSecurityRoles, String> roleMappings;
    private String rolePrefix;
    private String oauthScopePrefix;
    private final OAuth2RestOperations restTemplate;

    public DefaultAuthoritiesExtractor(boolean z, Map<String, String> map, OAuth2RestOperations oAuth2RestOperations) {
        this.rolePrefix = SecurityConfigUtils.ROLE_PREFIX;
        this.oauthScopePrefix = "dataflow.";
        this.mapOauthScopesToAuthorities = z;
        this.roleMappings = prepareRoleMappings(map);
        this.restTemplate = oAuth2RestOperations;
    }

    public DefaultAuthoritiesExtractor() {
        this.rolePrefix = SecurityConfigUtils.ROLE_PREFIX;
        this.oauthScopePrefix = "dataflow.";
        this.mapOauthScopesToAuthorities = false;
        this.roleMappings = prepareRoleMappings(null);
        this.restTemplate = null;
    }

    public List<GrantedAuthority> extractAuthorities(Map<String, Object> map) {
        List<GrantedAuthority> list;
        Assert.notNull(map, "The map argument must not be null.");
        ArrayList arrayList = new ArrayList();
        if (this.mapOauthScopesToAuthorities) {
            Set scope = this.restTemplate.getAccessToken().getScope();
            list = new ArrayList();
            if (scope != null && !scope.isEmpty()) {
                for (Map.Entry<CoreSecurityRoles, String> entry : this.roleMappings.entrySet()) {
                    CoreSecurityRoles key = entry.getKey();
                    String value = entry.getValue();
                    Iterator it = scope.iterator();
                    while (it.hasNext()) {
                        if (((String) it.next()).equalsIgnoreCase(value)) {
                            SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(this.rolePrefix + key.getKey());
                            arrayList.add(simpleGrantedAuthority.getAuthority());
                            list.add(simpleGrantedAuthority);
                        }
                    }
                }
                logger.info("Adding roles {} to user {}", StringUtils.collectionToCommaDelimitedString(arrayList), map);
            }
        } else {
            list = (List) this.roleMappings.entrySet().stream().map(entry2 -> {
                arrayList.add(((CoreSecurityRoles) entry2.getKey()).getKey());
                return new SimpleGrantedAuthority(this.rolePrefix + ((CoreSecurityRoles) entry2.getKey()).getKey());
            }).collect(Collectors.toList());
            logger.info("Adding ALL roles {} to user {}", StringUtils.collectionToCommaDelimitedString(arrayList), map);
        }
        return list;
    }

    private Map<CoreSecurityRoles, String> prepareRoleMappings(Map<String, String> map) {
        HashMap hashMap = new HashMap(0);
        if (CollectionUtils.isEmpty(map)) {
            for (CoreSecurityRoles coreSecurityRoles : CoreSecurityRoles.values()) {
                hashMap.put(coreSecurityRoles, this.oauthScopePrefix + coreSecurityRoles.getKey());
            }
            return hashMap;
        }
        ArrayList arrayList = new ArrayList(0);
        for (CoreSecurityRoles coreSecurityRoles2 : CoreSecurityRoles.values()) {
            String str = map.get((this.rolePrefix.length() <= 0 || coreSecurityRoles2.getKey().startsWith(this.rolePrefix)) ? coreSecurityRoles2.getKey() : this.rolePrefix + coreSecurityRoles2.getKey());
            if (str == null) {
                arrayList.add(coreSecurityRoles2);
            } else {
                hashMap.put(coreSecurityRoles2, str);
            }
        }
        if (arrayList.isEmpty()) {
            return hashMap;
        }
        Object[] objArr = new Object[3];
        objArr[0] = Integer.valueOf(arrayList.size());
        objArr[1] = arrayList.size() > 1 ? "roles are" : "role is";
        objArr[2] = StringUtils.collectionToDelimitedString(arrayList, ", ");
        throw new IllegalArgumentException(String.format("The following %s %s not mapped: %s.", objArr));
    }

    public void setRolePrefix(String str) {
        Assert.notNull(str, "rolePrefix cannot be null");
        this.rolePrefix = str;
    }
}
