package ca.ibodrov.mica.server;

import ca.ibodrov.mica.server.oidc.OidcAuthenticationToken;
import ca.ibodrov.mica.server.oidc.OidcUserInfo;
import com.walmartlabs.concord.server.security.PrincipalUtils;
import java.util.List;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAccount;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;

/* loaded from: input_file:ca/ibodrov/mica/server/MicaRealm.class */
public class MicaRealm extends AuthorizingRealm {
    public boolean supports(AuthenticationToken authenticationToken) {
        return authenticationToken instanceof OidcAuthenticationToken;
    }

    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        if (((MicaPrincipal) principalCollection.oneByType(MicaPrincipal.class)) == null) {
            return null;
        }
        return PrincipalUtils.toAuthorizationInfo(principalCollection);
    }

    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        OidcUserInfo userInfo = ((OidcAuthenticationToken) authenticationToken).userInfo();
        return new SimpleAccount(List.of(new MicaPrincipal(userInfo.email()), authenticationToken), userInfo, "mica-oidc");
    }
}
