package org.keycloak.adapters.undertow;

import io.undertow.security.idm.Account;
import java.io.Serializable;
import java.security.Principal;
import java.util.Collections;
import java.util.Set;
import org.jboss.logging.Logger;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.adapters.KeycloakAccount;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.RefreshableKeycloakSecurityContext;
import org.keycloak.representations.AccessToken;

/* loaded from: input_file:WEB-INF/lib/keycloak-undertow-adapter-1.0-final.jar:org/keycloak/adapters/undertow/KeycloakUndertowAccount.class */
public class KeycloakUndertowAccount implements Account, Serializable, KeycloakAccount {
    protected static Logger log = Logger.getLogger(KeycloakUndertowAccount.class);
    protected RefreshableKeycloakSecurityContext session;
    protected KeycloakPrincipal principal;
    protected Set<String> accountRoles;

    public KeycloakUndertowAccount(KeycloakPrincipal keycloakPrincipal, RefreshableKeycloakSecurityContext refreshableKeycloakSecurityContext, KeycloakDeployment keycloakDeployment) {
        this.principal = keycloakPrincipal;
        this.session = refreshableKeycloakSecurityContext;
        setRoles(refreshableKeycloakSecurityContext.getToken());
    }

    protected void setRoles(AccessToken accessToken) {
        Set<String> set = null;
        if (this.session.getDeployment().isUseResourceRoleMappings()) {
            if (log.isTraceEnabled()) {
                log.trace("useResourceRoleMappings");
            }
            AccessToken.Access resourceAccess = accessToken.getResourceAccess(this.session.getDeployment().getResourceName());
            if (resourceAccess != null) {
                set = resourceAccess.getRoles();
            }
        } else {
            if (log.isTraceEnabled()) {
                log.trace("use realm role mappings");
            }
            AccessToken.Access realmAccess = accessToken.getRealmAccess();
            if (realmAccess != null) {
                set = realmAccess.getRoles();
            }
        }
        if (set == null) {
            set = Collections.emptySet();
        }
        this.accountRoles = set;
    }

    @Override // org.keycloak.adapters.KeycloakAccount
    public Principal getPrincipal() {
        return this.principal;
    }

    @Override // org.keycloak.adapters.KeycloakAccount
    public Set<String> getRoles() {
        return this.accountRoles;
    }

    @Override // org.keycloak.adapters.KeycloakAccount
    public RefreshableKeycloakSecurityContext getKeycloakSecurityContext() {
        return this.session;
    }

    public void setDeployment(KeycloakDeployment keycloakDeployment) {
        this.session.setDeployment(keycloakDeployment);
    }

    public boolean isActive() {
        if (this.session.isActive()) {
            log.debug("session is active");
            return true;
        }
        log.debug("session is not active try refresh");
        this.session.refreshExpiredToken();
        if (!this.session.isActive()) {
            log.debug("session is not active return with failure");
            return false;
        }
        log.debug("refresh succeeded");
        setRoles(this.session.getToken());
        return true;
    }
}
