package org.keycloak.services.resources.admin;

import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.AccessToken;

/* loaded from: input_file:wildfly-10.1.0.Final/modules/system/add-ons/keycloak/org/keycloak/keycloak-services/main/keycloak-services-2.5.5.Final.jar:org/keycloak/services/resources/admin/AdminAuth.class */
public class AdminAuth {
    private final RealmModel realm;
    private final AccessToken token;
    private final UserModel user;
    private final ClientModel client;

    public AdminAuth(RealmModel realmModel, AccessToken accessToken, UserModel userModel, ClientModel clientModel) {
        this.token = accessToken;
        this.realm = realmModel;
        this.user = userModel;
        this.client = clientModel;
    }

    public RealmModel getRealm() {
        return this.realm;
    }

    public UserModel getUser() {
        return this.user;
    }

    public ClientModel getClient() {
        return this.client;
    }

    public AccessToken getToken() {
        return this.token;
    }

    public boolean hasRealmRole(String str) {
        if (this.client instanceof ClientModel) {
            RoleModel role = this.realm.getRole(str);
            return role != null && this.user.hasRole(role) && this.client.hasScope(role);
        }
        AccessToken.Access realmAccess = this.token.getRealmAccess();
        return realmAccess != null && realmAccess.isUserInRole(str);
    }

    public boolean hasOneOfRealmRole(String... strArr) {
        for (String str : strArr) {
            if (hasRealmRole(str)) {
                return true;
            }
        }
        return false;
    }

    public boolean hasAppRole(ClientModel clientModel, String str) {
        if (this.client instanceof ClientModel) {
            RoleModel role = clientModel.getRole(str);
            return role != null && this.user.hasRole(role) && this.client.hasScope(role);
        }
        AccessToken.Access resourceAccess = this.token.getResourceAccess(clientModel.getClientId());
        return resourceAccess != null && resourceAccess.isUserInRole(str);
    }

    public boolean hasOneOfAppRole(ClientModel clientModel, String... strArr) {
        for (String str : strArr) {
            if (hasAppRole(clientModel, str)) {
                return true;
            }
        }
        return false;
    }
}
