package io.dialob.security.aws.elb;

import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.proc.JWTProcessor;
import io.dialob.security.spring.tenant.ImmutableGroupGrantedAuthority;
import java.text.ParseException;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.springframework.lang.NonNull;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails;

/* loaded from: input_file:BOOT-INF/lib/dialob-security-aws-2.1.17.jar:io/dialob/security/aws/elb/ElbBasedPreAuthenticatedWebAuthenticationDetailsSource.class */
public class ElbBasedPreAuthenticatedWebAuthenticationDetailsSource implements AuthenticationDetailsSource<HttpServletRequest, PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails> {
    private final GrantedAuthoritiesMapper grantedAuthoritiesMapper;
    private final JWTProcessor jwtProcessor;
    private String credentialsRequestHeader = "X-Amzn-Oidc-Data";
    private String groupsClaim = "cognito:groups";

    public ElbBasedPreAuthenticatedWebAuthenticationDetailsSource(@NonNull GrantedAuthoritiesMapper grantedAuthoritiesMapper, @NonNull JWTProcessor jWTProcessor) {
        this.grantedAuthoritiesMapper = grantedAuthoritiesMapper;
        this.jwtProcessor = jWTProcessor;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.springframework.security.authentication.AuthenticationDetailsSource
    public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails buildDetails(HttpServletRequest httpServletRequest) {
        try {
            String header = httpServletRequest.getHeader(this.credentialsRequestHeader);
            if (StringUtils.isBlank(header)) {
                return new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(httpServletRequest, Collections.emptyList());
            }
            JWTClaimsSet process = this.jwtProcessor.process(header, (String) null);
            Collection emptyList = Collections.emptyList();
            List<String> stringListClaim = process.getStringListClaim(this.groupsClaim);
            if (stringListClaim != null) {
                emptyList = this.grantedAuthoritiesMapper.mapAuthorities((Collection) stringListClaim.stream().map(str -> {
                    return ImmutableGroupGrantedAuthority.of(str, str);
                }).collect(Collectors.toList()));
            }
            return new PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(httpServletRequest, emptyList);
        } catch (JOSEException | BadJOSEException | ParseException e) {
            throw new PreAuthenticatedCredentialsNotFoundException("Could not parse token :" + e.getMessage());
        }
    }

    public void setCredentialsRequestHeader(String str) {
        this.credentialsRequestHeader = str;
    }

    public String getCredentialsRequestHeader() {
        return this.credentialsRequestHeader;
    }

    public void setGroupsClaim(String str) {
        this.groupsClaim = str;
    }

    public String getGroupsClaim() {
        return this.groupsClaim;
    }
}
