package org.apereo.cas.support.oauth.profile;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import lombok.Generated;
import org.apereo.cas.audit.AuditActionResolvers;
import org.apereo.cas.audit.AuditResourceResolvers;
import org.apereo.cas.audit.AuditableActions;
import org.apereo.cas.authentication.principal.Principal;
import org.apereo.cas.services.RegisteredService;
import org.apereo.cas.support.oauth.services.OAuthRegisteredService;
import org.apereo.cas.support.oauth.util.OAuth20Utils;
import org.apereo.cas.support.oauth.web.endpoints.OAuth20ConfigurationContext;
import org.apereo.cas.ticket.accesstoken.OAuth20AccessToken;
import org.apereo.inspektr.audit.annotation.Audit;
import org.pac4j.jee.context.JEEContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.ObjectProvider;

/* loaded from: input_file:WEB-INF/lib/cas-server-support-oauth-core-api-6.6.10.jar:org/apereo/cas/support/oauth/profile/DefaultOAuth20UserProfileDataCreator.class */
public class DefaultOAuth20UserProfileDataCreator<T extends OAuth20ConfigurationContext> implements OAuth20UserProfileDataCreator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultOAuth20UserProfileDataCreator.class);
    private final ObjectProvider<T> configurationContext;

    @Override // org.apereo.cas.support.oauth.profile.OAuth20UserProfileDataCreator
    @Audit(action = AuditableActions.OAUTH2_USER_PROFILE, actionResolverName = AuditActionResolvers.OAUTH2_USER_PROFILE_ACTION_RESOLVER, resourceResolverName = AuditResourceResolvers.OAUTH2_USER_PROFILE_RESOURCE_RESOLVER)
    public Map<String, Object> createFrom(OAuth20AccessToken oAuth20AccessToken, JEEContext jEEContext) {
        OAuthRegisteredService registeredOAuthServiceByClientId = OAuth20Utils.getRegisteredOAuthServiceByClientId(this.configurationContext.getObject().getServicesManager(), oAuth20AccessToken.getClientId());
        Principal accessTokenAuthenticationPrincipal = getAccessTokenAuthenticationPrincipal(oAuth20AccessToken, jEEContext, registeredOAuthServiceByClientId);
        HashMap hashMap = new HashMap();
        hashMap.put("id", accessTokenAuthenticationPrincipal.getId());
        hashMap.put("client_id", oAuth20AccessToken.getClientId());
        hashMap.put("attributes", collectAttributes(accessTokenAuthenticationPrincipal, registeredOAuthServiceByClientId));
        finalizeProfileResponse(oAuth20AccessToken, hashMap, accessTokenAuthenticationPrincipal, registeredOAuthServiceByClientId);
        return hashMap;
    }

    protected Map<String, List<Object>> collectAttributes(Principal principal, RegisteredService registeredService) {
        return principal.getAttributes();
    }

    protected Principal getAccessTokenAuthenticationPrincipal(OAuth20AccessToken oAuth20AccessToken, JEEContext jEEContext, RegisteredService registeredService) {
        Principal principal = oAuth20AccessToken.getAuthentication().getPrincipal();
        LOGGER.debug("Preparing user profile response based on CAS principal [{}]", principal);
        Principal filter = this.configurationContext.getObject().getProfileScopeToAttributesFilter().filter(oAuth20AccessToken.getService(), principal, registeredService, oAuth20AccessToken);
        LOGGER.debug("Created CAS principal [{}] based on requested/authorized scopes", filter);
        return filter;
    }

    protected void finalizeProfileResponse(OAuth20AccessToken oAuth20AccessToken, Map<String, Object> map, Principal principal, RegisteredService registeredService) {
        if (registeredService instanceof OAuthRegisteredService) {
            map.put("service", oAuth20AccessToken.getService().getId());
        }
    }

    @Generated
    public DefaultOAuth20UserProfileDataCreator(ObjectProvider<T> objectProvider) {
        this.configurationContext = objectProvider;
    }

    @Generated
    public ObjectProvider<T> getConfigurationContext() {
        return this.configurationContext;
    }
}
