package cat.gencat.ctti.canigo.arch.security.saml.authentication.jwt;

import cat.gencat.ctti.canigo.arch.security.provider.saml.SAMLUser;
import cat.gencat.ctti.canigo.arch.security.rest.authentication.jwt.JwtTokenHandler;
import cat.gencat.ctti.canigo.arch.security.saml.authentication.claims.enforce.SAMLJwtTokenClaimsEnforcer;
import cat.gencat.ctti.canigo.arch.security.saml.authentication.claims.select.SAMLJwtTokenClaimsSelector;
import java.util.HashMap;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:cat/gencat/ctti/canigo/arch/security/saml/authentication/jwt/SAMLJwtTokenHandler.class */
public class SAMLJwtTokenHandler extends JwtTokenHandler {
    public static final String CLAIM_KEY_MAIL = "email";
    public static final String CLAIM_KEY_NOM = "nom";
    public static final String CLAIM_KEY_COGNOMS = "cognoms";
    private SAMLJwtTokenClaimsSelector selector;
    private SAMLJwtTokenClaimsEnforcer enforcer;

    public String generateToken(UserDetails userDetails) {
        return userDetails instanceof SAMLUser ? generateTokenSAML((SAMLUser) userDetails) : super.generateToken(userDetails);
    }

    private String generateTokenSAML(SAMLUser sAMLUser) {
        HashMap hashMap = new HashMap();
        hashMap.put("sub", sAMLUser.getUsername());
        hashMap.put("authorities", StringUtils.join(sAMLUser.getAuthorities(), ','));
        if (this.selector != null) {
            hashMap.putAll(this.selector.selectClaims(sAMLUser));
        }
        if (this.enforcer != null) {
            this.enforcer.requireClaims(hashMap);
        }
        return super.generateToken(hashMap);
    }

    public void setSelector(SAMLJwtTokenClaimsSelector sAMLJwtTokenClaimsSelector) {
        this.selector = sAMLJwtTokenClaimsSelector;
    }

    public void setEnforcer(SAMLJwtTokenClaimsEnforcer sAMLJwtTokenClaimsEnforcer) {
        this.enforcer = sAMLJwtTokenClaimsEnforcer;
    }
}
