package org.wildfly.security.soteria.original;

import com.nimbusds.jose.Algorithm;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import jakarta.security.enterprise.credential.Credential;
import jakarta.security.enterprise.identitystore.CredentialValidationResult;
import jakarta.security.enterprise.identitystore.IdentityStore;
import jakarta.security.enterprise.identitystore.openid.AccessToken;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.glassfish.soteria.mechanisms.openid.domain.AccessTokenImpl;
import org.glassfish.soteria.mechanisms.openid.domain.IdentityTokenImpl;
import org.glassfish.soteria.mechanisms.openid.domain.OpenIdConfiguration;

@ApplicationScoped
/* loaded from: input_file:org/wildfly/security/soteria/original/OpenIdIdentityStore.class */
public class OpenIdIdentityStore implements IdentityStore {
    private static final Logger LOGGER = Logger.getLogger(OpenIdIdentityStore.class.getName());

    @Inject
    private OpenIdContextImpl context;

    @Inject
    private TokenController tokenController;

    @Inject
    private OpenIdConfiguration configuration;

    public CredentialValidationResult validate(OpenIdCredential openIdCredential) {
        HttpMessageContext httpContext = openIdCredential.getHttpContext();
        IdentityTokenImpl identityTokenImpl = openIdCredential.getIdentityTokenImpl();
        Algorithm algorithm = identityTokenImpl.getTokenJWT().getHeader().getAlgorithm();
        this.context.setIdentityToken(identityTokenImpl.withClaims(Objects.isNull(this.context.getIdentityToken()) ? this.tokenController.validateIdToken(identityTokenImpl, httpContext) : this.tokenController.validateRefreshedIdToken(this.context.getIdentityToken(), identityTokenImpl)));
        AccessToken accessToken = (AccessTokenImpl) openIdCredential.getAccessToken();
        if (Objects.nonNull(accessToken)) {
            this.tokenController.validateAccessToken(accessToken, algorithm, this.context.getIdentityToken().getClaims());
            this.context.setAccessToken(accessToken);
        }
        String callerName = getCallerName();
        Set<String> callerGroups = getCallerGroups();
        LOGGER.log(Level.FINER, () -> {
            return "Returning caller name: " + callerName;
        });
        LOGGER.log(Level.FINE, () -> {
            return "Returning caller: " + callerGroups;
        });
        return new CredentialValidationResult(callerName, callerGroups);
    }

    public CredentialValidationResult validate(Credential credential) {
        return credential instanceof OpenIdCredential ? validate((OpenIdCredential) credential) : CredentialValidationResult.NOT_VALIDATED_RESULT;
    }

    private String getCallerName() {
        String callerNameClaim = this.configuration.getClaimsConfiguration().getCallerNameClaim();
        String str = (String) this.context.getIdentityToken().getJwtClaims().getStringClaim(callerNameClaim).orElse(null);
        if (str == null) {
            str = (String) this.context.getAccessToken().getJwtClaims().getStringClaim(callerNameClaim).orElse(null);
        }
        if (str == null) {
            str = (String) this.context.getClaims().getStringClaim(callerNameClaim).orElse(null);
        }
        if (str == null) {
            str = this.context.getSubject();
        }
        return str;
    }

    private Set<String> getCallerGroups() {
        String callerGroupsClaim = this.configuration.getClaimsConfiguration().getCallerGroupsClaim();
        List arrayStringClaim = this.context.getAccessToken().getJwtClaims().getArrayStringClaim(callerGroupsClaim);
        if (!arrayStringClaim.isEmpty()) {
            return new HashSet(arrayStringClaim);
        }
        List arrayStringClaim2 = this.context.getIdentityToken().getJwtClaims().getArrayStringClaim(callerGroupsClaim);
        if (!arrayStringClaim2.isEmpty()) {
            return new HashSet(arrayStringClaim2);
        }
        List arrayStringClaim3 = this.context.getClaims().getArrayStringClaim(callerGroupsClaim);
        return !arrayStringClaim3.isEmpty() ? new HashSet(arrayStringClaim3) : Collections.emptySet();
    }
}
