package cn.kduck.security.principal.filter.extractor;

import cn.kduck.security.principal.AuthUser;
import cn.kduck.security.principal.filter.AuthUserExtractor;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;

@Order(2147483547)
/* loaded from: input_file:cn/kduck/security/principal/filter/extractor/OidcUserExtractorImpl.class */
public class OidcUserExtractorImpl extends OauthUserExtractorImpl implements AuthUserExtractor {
    private AuthenticationTrustResolver authenticationTrustResolver = new AuthenticationTrustResolverImpl();

    @Autowired
    private OAuth2AuthorizedClientRepository authorizedClientRepository;

    @Override // cn.kduck.security.principal.filter.extractor.OauthUserExtractorImpl, cn.kduck.security.principal.filter.AuthUserExtractor
    public AuthUser extract(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        OAuth2AuthenticationToken authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication instanceof OAuth2AuthenticationToken) || !isFullyAuthenticated(authentication)) {
            return null;
        }
        return super.getAuthUser(httpServletRequest, httpServletResponse, this.authorizedClientRepository.loadAuthorizedClient(authentication.getAuthorizedClientRegistrationId(), authentication, httpServletRequest).getAccessToken().getTokenValue());
    }

    private boolean isFullyAuthenticated(Authentication authentication) {
        return (this.authenticationTrustResolver.isAnonymous(authentication) || this.authenticationTrustResolver.isRememberMe(authentication)) ? false : true;
    }
}
