package org.keycloak.adapters;

import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import java.util.UUID;
import org.jboss.logging.Logger;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.IDToken;

/* loaded from: input_file:BOOT-INF/lib/keycloak-adapter-core-20.0.3.jar:org/keycloak/adapters/AdapterUtils.class */
public class AdapterUtils {
    private static Logger log = Logger.getLogger((Class<?>) AdapterUtils.class);

    public static String generateId() {
        return UUID.randomUUID().toString();
    }

    public static Set<String> getRolesFromSecurityContext(RefreshableKeycloakSecurityContext refreshableKeycloakSecurityContext) {
        Set<String> set = null;
        AccessToken token = refreshableKeycloakSecurityContext.getToken();
        if (refreshableKeycloakSecurityContext.getDeployment().isUseResourceRoleMappings()) {
            if (log.isTraceEnabled()) {
                log.trace("useResourceRoleMappings");
            }
            AccessToken.Access resourceAccess = token.getResourceAccess(refreshableKeycloakSecurityContext.getDeployment().getResourceName());
            if (resourceAccess != null) {
                set = resourceAccess.getRoles();
            }
        } else {
            if (log.isTraceEnabled()) {
                log.trace("use realm role mappings");
            }
            AccessToken.Access realmAccess = token.getRealmAccess();
            if (realmAccess != null) {
                set = realmAccess.getRoles();
            }
        }
        if (set == null) {
            set = Collections.emptySet();
        }
        if (log.isTraceEnabled()) {
            log.trace("Setting roles: ");
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                log.trace("   role: " + it.next());
            }
        }
        return set;
    }

    public static String getPrincipalName(KeycloakDeployment keycloakDeployment, AccessToken accessToken) {
        String principalAttribute = keycloakDeployment.getPrincipalAttribute() != null ? keycloakDeployment.getPrincipalAttribute() : "sub";
        String str = null;
        if ("sub".equals(principalAttribute)) {
            str = accessToken.getSubject();
        } else if ("email".equals(principalAttribute)) {
            str = accessToken.getEmail();
        } else if (IDToken.PREFERRED_USERNAME.equals(principalAttribute)) {
            str = accessToken.getPreferredUsername();
        } else if ("name".equals(principalAttribute)) {
            str = accessToken.getName();
        } else if (IDToken.GIVEN_NAME.equals(principalAttribute)) {
            str = accessToken.getGivenName();
        } else if (IDToken.FAMILY_NAME.equals(principalAttribute)) {
            str = accessToken.getFamilyName();
        } else if (IDToken.NICKNAME.equals(principalAttribute)) {
            str = accessToken.getNickName();
        }
        if (str == null) {
            str = accessToken.getSubject();
        }
        return str;
    }

    public static KeycloakPrincipal<RefreshableKeycloakSecurityContext> createPrincipal(KeycloakDeployment keycloakDeployment, RefreshableKeycloakSecurityContext refreshableKeycloakSecurityContext) {
        return new KeycloakPrincipal<>(getPrincipalName(keycloakDeployment, refreshableKeycloakSecurityContext.getToken()), refreshableKeycloakSecurityContext);
    }
}
