package org.mitre.openid.connect.client;

import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import org.mitre.openid.connect.model.OIDCAuthenticationToken;
import org.mitre.openid.connect.model.UserInfo;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:org/mitre/openid/connect/client/OIDCAuthenticationProvider.class */
public class OIDCAuthenticationProvider implements AuthenticationProvider, InitializingBean {
    private UserInfoFetcher userInfoFetcher = new UserInfoFetcher();
    private GrantedAuthoritiesMapper authoritiesMapper = new NamedAdminAuthoritiesMapper();

    public void afterPropertiesSet() throws Exception {
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        if (!supports(authentication.getClass()) || !(authentication instanceof OIDCAuthenticationToken)) {
            return null;
        }
        OIDCAuthenticationToken oIDCAuthenticationToken = (OIDCAuthenticationToken) authentication;
        ArrayList newArrayList = Lists.newArrayList(new SubjectIssuerGrantedAuthority[]{new SubjectIssuerGrantedAuthority(oIDCAuthenticationToken.getSub(), oIDCAuthenticationToken.getIssuer())});
        UserInfo loadUserInfo = this.userInfoFetcher.loadUserInfo(oIDCAuthenticationToken);
        if (loadUserInfo == null || Strings.isNullOrEmpty(loadUserInfo.getSub()) || loadUserInfo.getSub().equals(oIDCAuthenticationToken.getSub())) {
            return new OIDCAuthenticationToken(oIDCAuthenticationToken.getSub(), oIDCAuthenticationToken.getIssuer(), loadUserInfo, this.authoritiesMapper.mapAuthorities(newArrayList), oIDCAuthenticationToken.getIdTokenValue(), oIDCAuthenticationToken.getAccessTokenValue(), oIDCAuthenticationToken.getRefreshTokenValue());
        }
        throw new UsernameNotFoundException("user_id mismatch between id_token and user_info call: " + loadUserInfo.getSub() + " / " + oIDCAuthenticationToken.getSub());
    }

    public void setAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
        this.authoritiesMapper = grantedAuthoritiesMapper;
    }

    public boolean supports(Class<?> cls) {
        return OIDCAuthenticationToken.class.isAssignableFrom(cls);
    }
}
