package org.activiti.cloud.services.common.security.jwt;

import java.time.Instant;
import java.util.Collection;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;

/* loaded from: input_file:org/activiti/cloud/services/common/security/jwt/JwtUserInfoUriAuthenticationConverter.class */
public class JwtUserInfoUriAuthenticationConverter implements Converter<Jwt, AbstractAuthenticationToken> {
    private final Converter<Jwt, Collection<GrantedAuthority>> jwtGrantedAuthoritiesConverter;
    private ClientRegistration clientRegistration;
    private OAuth2UserService oAuth2UserService;
    private String usernameClaim = "preferred_username";

    public JwtUserInfoUriAuthenticationConverter(Converter<Jwt, Collection<GrantedAuthority>> converter, ClientRegistration clientRegistration, OAuth2UserService oAuth2UserService) {
        this.jwtGrantedAuthoritiesConverter = converter;
        this.clientRegistration = clientRegistration;
        this.oAuth2UserService = oAuth2UserService;
    }

    public AbstractAuthenticationToken convert(Jwt jwt) {
        return new JwtAuthenticationToken(jwt, (Collection) this.jwtGrantedAuthoritiesConverter.convert(jwt), getPrincipalClaimName(jwt));
    }

    public void setUsernameClaim(String str) {
        this.usernameClaim = str;
    }

    public String getPrincipalClaimName(Jwt jwt) {
        Instant issuedAt = jwt.getIssuedAt();
        Instant expiresAt = jwt.getExpiresAt();
        String claimAsString = jwt.getClaimAsString(this.usernameClaim);
        if (claimAsString == null) {
            claimAsString = (String) this.oAuth2UserService.loadUser(new OAuth2UserRequest(this.clientRegistration, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, jwt.getTokenValue(), issuedAt, expiresAt))).getAttribute(this.usernameClaim);
        }
        return claimAsString;
    }
}
