package io.personium.plugin.auth.oidc;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.RequiredTypeException;
import io.personium.plugin.base.auth.AuthPluginException;
import io.personium.plugin.base.auth.AuthenticatedIdentity;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.Marker;

/* loaded from: input_file:io/personium/plugin/auth/oidc/GenericOIDCAuthPlugin.class */
public class GenericOIDCAuthPlugin extends OIDCAuthPluginBase {
    static Logger log = LoggerFactory.getLogger((Class<?>) GenericOIDCAuthPlugin.class);
    final String configurationEndpointURL;
    final List<String> trustedClientIds;
    final String pluginName;
    final String accountType;
    final String accountNameKey;
    final String grantType;

    public GenericOIDCAuthPlugin(String str, List<String> list, String str2, String str3, String str4, String str5) throws AuthPluginException {
        super(str);
        this.configurationEndpointURL = str;
        this.trustedClientIds = list;
        this.pluginName = str2;
        this.accountType = str3;
        this.accountNameKey = str4;
        this.grantType = str5;
    }

    @Override // io.personium.plugin.auth.oidc.OIDCAuthPluginBase
    public String toString() {
        return this.pluginName;
    }

    public String getAccountType() {
        return this.accountType;
    }

    public String getGrantType() {
        return this.grantType;
    }

    @Override // io.personium.plugin.auth.oidc.OIDCAuthPluginBase
    protected AuthenticatedIdentity parseClaimsToAuthenticatedIdentity(Claims claims) {
        AuthenticatedIdentity authenticatedIdentity = new AuthenticatedIdentity();
        String str = (String) claims.get(this.accountNameKey);
        if (str == null) {
            return null;
        }
        authenticatedIdentity.setAccountName(str);
        authenticatedIdentity.setAccountType(this.accountType);
        return authenticatedIdentity;
    }

    @Override // io.personium.plugin.auth.oidc.OIDCAuthPluginBase
    protected boolean isProviderClientIdTrusted(Claims claims) {
        if (this.trustedClientIds.contains(Marker.ANY_MARKER)) {
            return true;
        }
        ArrayList arrayList = new ArrayList();
        try {
            ArrayList arrayList2 = (ArrayList) claims.get(Claims.AUDIENCE, ArrayList.class);
            if (arrayList2 != null) {
                arrayList.addAll(arrayList2);
            }
        } catch (RequiredTypeException e) {
            arrayList.add(claims.getAudience());
        }
        Iterator<String> it = this.trustedClientIds.iterator();
        while (it.hasNext()) {
            if (arrayList.contains(it.next())) {
                return true;
            }
        }
        return false;
    }
}
