package org.vaulttec.sonarqube.auth.oidc;

import com.nimbusds.openid.connect.sdk.claims.UserInfo;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.sonar.api.server.ServerSide;
import org.sonar.api.server.authentication.UserIdentity;

@ServerSide
/* loaded from: input_file:org/vaulttec/sonarqube/auth/oidc/UserIdentityFactory.class */
public class UserIdentityFactory {
    private final OidcConfiguration config;

    public UserIdentityFactory(OidcConfiguration oidcConfiguration) {
        this.config = oidcConfiguration;
    }

    public UserIdentity create(UserInfo userInfo) {
        UserIdentity.Builder email = UserIdentity.builder().setProviderId(userInfo.getSubject().getValue()).setProviderLogin(getLogin(userInfo)).setName(getName(userInfo)).setEmail(userInfo.getEmailAddress());
        if (this.config.syncGroups()) {
            email.setGroups(getGroups(userInfo));
        }
        return email.build();
    }

    private String getLogin(UserInfo userInfo) {
        String loginStrategy = this.config.loginStrategy();
        boolean z = -1;
        switch (loginStrategy.hashCode()) {
            case -1999922763:
                if (loginStrategy.equals("Preferred username")) {
                    z = false;
                    break;
                }
                break;
            case -1756661775:
                if (loginStrategy.equals("Unique")) {
                    z = 3;
                    break;
                }
                break;
            case -923893011:
                if (loginStrategy.equals("Custom claim")) {
                    z = 4;
                    break;
                }
                break;
            case 67066748:
                if (loginStrategy.equals("Email")) {
                    z = 2;
                    break;
                }
                break;
            case 120586828:
                if (loginStrategy.equals("Same as OpenID Connect login")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (userInfo.getPreferredUsername() == null) {
                    throw new IllegalStateException("Claim 'preferred_username' is missing in user info - make sure your OIDC provider supports this claim in the id token or at the user info endpoint");
                }
                return userInfo.getPreferredUsername();
            case true:
                return userInfo.getSubject().getValue();
            case true:
                if (userInfo.getEmailAddress() == null) {
                    throw new IllegalStateException("Claim 'email' is missing in user info - make sure your OIDC provider supports this claim in the id token or at the user info endpoint");
                }
                return userInfo.getEmailAddress();
            case true:
                return generateUniqueLogin(userInfo);
            case true:
                if (userInfo.getStringClaim(this.config.loginStrategyCustomClaimName()) == null) {
                    throw new IllegalStateException("Custom claim '" + this.config.loginStrategyCustomClaimName() + "' is missing in user info - make sure your OIDC provider supports this claim in the id token or at the user info endpoint");
                }
                return userInfo.getStringClaim(this.config.loginStrategyCustomClaimName());
            default:
                throw new IllegalStateException(String.format("Login strategy not supported: %s", this.config.loginStrategy()));
        }
    }

    private String generateUniqueLogin(UserInfo userInfo) {
        return String.format("%s@%s", userInfo.getSubject().getValue(), OidcIdentityProvider.KEY);
    }

    private String getName(UserInfo userInfo) {
        String name = userInfo.getName() != null ? userInfo.getName() : userInfo.getPreferredUsername();
        if (name == null) {
            throw new IllegalStateException("Claims 'name' and 'preferred_username' are missing in user info - make sure your OIDC provider supports these claims in the id token or at the user info endpoint");
        }
        return name;
    }

    private Set<String> getGroups(UserInfo userInfo) {
        List<String> stringListClaim = userInfo.getStringListClaim(this.config.syncGroupsClaimName());
        return stringListClaim != null ? new HashSet(stringListClaim) : Collections.emptySet();
    }
}
