package org.wildfly.security.http.oidc;

import java.security.Principal;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import java.util.stream.Collectors;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.authz.RoleDecoder;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.evidence.Evidence;

/* loaded from: input_file:org/wildfly/security/http/oidc/OidcSecurityRealm.class */
public class OidcSecurityRealm implements SecurityRealm {
    @Override // org.wildfly.security.auth.server.SecurityRealm
    public RealmIdentity getRealmIdentity(Principal principal) throws RealmUnavailableException {
        return principal instanceof OidcPrincipal ? createRealmIdentity((OidcPrincipal) principal) : RealmIdentity.NON_EXISTENT;
    }

    private RealmIdentity createRealmIdentity(final OidcPrincipal oidcPrincipal) {
        return new RealmIdentity() { // from class: org.wildfly.security.http.oidc.OidcSecurityRealm.1
            @Override // org.wildfly.security.auth.server.RealmIdentity
            public Principal getRealmIdentityPrincipal() {
                return oidcPrincipal;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
                return SupportLevel.UNSUPPORTED;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public <C extends Credential> C getCredential(Class<C> cls) throws RealmUnavailableException {
                return null;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
                return SupportLevel.SUPPORTED;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
                return oidcPrincipal != null;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public boolean exists() throws RealmUnavailableException {
                return oidcPrincipal != null;
            }

            @Override // org.wildfly.security.auth.server.RealmIdentity
            public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
                RefreshableOidcSecurityContext refreshableOidcSecurityContext = (RefreshableOidcSecurityContext) oidcPrincipal.getOidcSecurityContext();
                MapAttributes mapAttributes = new MapAttributes();
                mapAttributes.addAll(RoleDecoder.KEY_ROLES, OidcSecurityRealm.getRolesFromSecurityContext(refreshableOidcSecurityContext));
                return AuthorizationIdentity.basicIdentity(mapAttributes);
            }
        };
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
        return SupportLevel.UNSUPPORTED;
    }

    @Override // org.wildfly.security.auth.server.SecurityRealm
    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
        return SupportLevel.POSSIBLY_SUPPORTED;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Set<String> getRolesFromSecurityContext(RefreshableOidcSecurityContext refreshableOidcSecurityContext) {
        Set<String> set = null;
        AccessToken token = refreshableOidcSecurityContext.getToken();
        if (refreshableOidcSecurityContext.getOidcClientConfiguration().isUseResourceRoleMappings()) {
            if (ElytronMessages.log.isTraceEnabled()) {
                ElytronMessages.log.trace("useResourceRoleMappings");
            }
            RealmAccessClaim resourceAccessClaim = token.getResourceAccessClaim(refreshableOidcSecurityContext.getOidcClientConfiguration().getResourceName());
            if (resourceAccessClaim != null) {
                set = (Set) resourceAccessClaim.getRoles().stream().collect(Collectors.toSet());
            }
        }
        if (refreshableOidcSecurityContext.getOidcClientConfiguration().isUseRealmRoleMappings()) {
            if (ElytronMessages.log.isTraceEnabled()) {
                ElytronMessages.log.trace("use realm role mappings");
            }
            RealmAccessClaim realmAccessClaim = token.getRealmAccessClaim();
            if (realmAccessClaim != null) {
                set = (Set) realmAccessClaim.getRoles().stream().collect(Collectors.toSet());
            }
        }
        if (set == null) {
            set = Collections.emptySet();
        }
        if (ElytronMessages.log.isTraceEnabled()) {
            ElytronMessages.log.trace("Setting roles: ");
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                ElytronMessages.log.trace("   role: " + it.next());
            }
        }
        return set;
    }
}
