package org.minbox.framework.on.security.authorization.server.oauth2.authentication.token.customizer;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;

/* loaded from: input_file:org/minbox/framework/on/security/authorization/server/oauth2/authentication/token/customizer/OnSecurityIdentityProviderIdTokenCustomizer.class */
public final class OnSecurityIdentityProviderIdTokenCustomizer implements OnSecuritySortTokenCustomizer<JwtEncodingContext> {
    private static final Set<String> ID_TOKEN_CLAIMS = Collections.unmodifiableSet(new HashSet(Arrays.asList("iss", "sub", "aud", "exp", "iat", "auth_time", "nonce", "acr", "amr", "azp", "at_hash", "c_hash")));

    public void customize(JwtEncodingContext jwtEncodingContext) {
        if ("id_token".equals(jwtEncodingContext.getTokenType().getValue())) {
            Map<String, Object> extractClaims = extractClaims(jwtEncodingContext.getPrincipal());
            jwtEncodingContext.getClaims().claims(map -> {
                Set keySet = map.keySet();
                Objects.requireNonNull(extractClaims);
                keySet.forEach((v1) -> {
                    r1.remove(v1);
                });
                Set<String> set = ID_TOKEN_CLAIMS;
                Objects.requireNonNull(extractClaims);
                set.forEach((v1) -> {
                    r1.remove(v1);
                });
                map.putAll(extractClaims);
            });
        }
    }

    private Map<String, Object> extractClaims(Authentication authentication) {
        return new HashMap(authentication.getPrincipal() instanceof OidcUser ? ((OidcUser) authentication.getPrincipal()).getIdToken().getClaims() : authentication.getPrincipal() instanceof OAuth2User ? ((OAuth2User) authentication.getPrincipal()).getAttributes() : Collections.emptyMap());
    }
}
