package org.wildfly.security.http.oidc;

import java.security.Principal;
import java.security.spec.AlgorithmParameterSpec;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.wildfly.security.auth.SupportLevel;
import org.wildfly.security.auth.server.RealmIdentity;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityRealm;
import org.wildfly.security.authz.AuthorizationIdentity;
import org.wildfly.security.authz.MapAttributes;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.evidence.Evidence;

/* loaded from: input_file:org/wildfly/security/http/oidc/OidcSecurityRealm.class */
public class OidcSecurityRealm implements SecurityRealm {
    public RealmIdentity getRealmIdentity(Principal principal) throws RealmUnavailableException {
        return principal instanceof OidcPrincipal ? createRealmIdentity((OidcPrincipal) principal) : RealmIdentity.NON_EXISTENT;
    }

    private RealmIdentity createRealmIdentity(final OidcPrincipal oidcPrincipal) {
        return new RealmIdentity() { // from class: org.wildfly.security.http.oidc.OidcSecurityRealm.1
            public Principal getRealmIdentityPrincipal() {
                return oidcPrincipal;
            }

            public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
                return SupportLevel.UNSUPPORTED;
            }

            public <C extends Credential> C getCredential(Class<C> cls) throws RealmUnavailableException {
                return null;
            }

            public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
                return SupportLevel.SUPPORTED;
            }

            public boolean verifyEvidence(Evidence evidence) throws RealmUnavailableException {
                return oidcPrincipal != null;
            }

            public boolean exists() throws RealmUnavailableException {
                return oidcPrincipal != null;
            }

            public AuthorizationIdentity getAuthorizationIdentity() throws RealmUnavailableException {
                RefreshableOidcSecurityContext refreshableOidcSecurityContext = (RefreshableOidcSecurityContext) oidcPrincipal.getOidcSecurityContext();
                MapAttributes mapAttributes = new MapAttributes();
                mapAttributes.addAll("Roles", OidcSecurityRealm.getRolesFromSecurityContext(refreshableOidcSecurityContext));
                return AuthorizationIdentity.basicIdentity(mapAttributes);
            }
        };
    }

    public SupportLevel getCredentialAcquireSupport(Class<? extends Credential> cls, String str, AlgorithmParameterSpec algorithmParameterSpec) throws RealmUnavailableException {
        return SupportLevel.UNSUPPORTED;
    }

    public SupportLevel getEvidenceVerifySupport(Class<? extends Evidence> cls, String str) throws RealmUnavailableException {
        return SupportLevel.POSSIBLY_SUPPORTED;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Set<String> getRolesFromSecurityContext(RefreshableOidcSecurityContext refreshableOidcSecurityContext) {
        HashSet hashSet = new HashSet();
        AccessToken token = refreshableOidcSecurityContext.getToken();
        OidcClientConfiguration oidcClientConfiguration = refreshableOidcSecurityContext.getOidcClientConfiguration();
        if (oidcClientConfiguration.isUseResourceRoleMappings()) {
            if (ElytronMessages.log.isTraceEnabled()) {
                ElytronMessages.log.trace("use resource role mappings");
            }
            RealmAccessClaim resourceAccessClaim = token.getResourceAccessClaim(oidcClientConfiguration.getResourceName());
            if (resourceAccessClaim != null) {
                hashSet.addAll(resourceAccessClaim.getRoles());
            }
        }
        if (oidcClientConfiguration.isUseRealmRoleMappings()) {
            if (ElytronMessages.log.isTraceEnabled()) {
                ElytronMessages.log.trace("use realm role mappings");
            }
            RealmAccessClaim realmAccessClaim = token.getRealmAccessClaim();
            if (realmAccessClaim != null) {
                hashSet.addAll(realmAccessClaim.getRoles());
            }
        }
        if (ElytronMessages.log.isTraceEnabled()) {
            ElytronMessages.log.trace("Setting roles: ");
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                ElytronMessages.log.trace("   role: " + ((String) it.next()));
            }
        }
        return hashSet;
    }
}
