package com.daml.ledger.api.auth.interceptor;

import com.daml.ledger.api.auth.AuthService;
import com.daml.ledger.api.auth.Claim;
import com.daml.ledger.api.auth.ClaimActAsParty;
import com.daml.ledger.api.auth.ClaimAdmin$;
import com.daml.ledger.api.auth.ClaimIdentityProviderAdmin$;
import com.daml.ledger.api.auth.ClaimPublic$;
import com.daml.ledger.api.auth.ClaimReadAsParty;
import com.daml.ledger.api.auth.ClaimSet;
import com.daml.ledger.api.domain;
import com.daml.ledger.api.domain$UserRight$IdentityProviderAdmin$;
import com.daml.ledger.api.domain$UserRight$ParticipantAdmin$;
import com.daml.lf.data.Ref$;
import com.daml.logging.LoggingContext$;
import com.daml.platform.localstore.api.UserManagementStore;
import io.grpc.Context;
import scala.MatchError;
import scala.Option;
import scala.collection.IterableOnceOps;
import scala.collection.immutable.Seq;
import scala.collection.immutable.Set;
import scala.concurrent.ExecutionContext;
import scala.util.Failure;
import scala.util.Success;
import scala.util.Try;

/* compiled from: AuthorizationInterceptor.scala */
/* loaded from: input_file:com/daml/ledger/api/auth/interceptor/AuthorizationInterceptor$.class */
public final class AuthorizationInterceptor$ {
    public static final AuthorizationInterceptor$ MODULE$ = new AuthorizationInterceptor$();
    private static final Context.Key<ClaimSet> contextKeyClaimSet = Context.key("AuthServiceDecodedClaim");

    public Context.Key<ClaimSet> contextKeyClaimSet() {
        return contextKeyClaimSet;
    }

    public Try<ClaimSet> extractClaimSetFromContext() {
        ClaimSet claimSet = (ClaimSet) contextKeyClaimSet().get();
        return claimSet == null ? new Failure(new RuntimeException("Thread local context unexpectedly does not store authorization claims. Perhaps a Future was used in some intermediate computation and changed the executing thread?")) : new Success(claimSet);
    }

    public AuthorizationInterceptor apply(AuthService authService, Option<UserManagementStore> option, IdentityProviderAwareAuthService identityProviderAwareAuthService, ExecutionContext executionContext) {
        return (AuthorizationInterceptor) LoggingContext$.MODULE$.newLoggingContext(loggingContext -> {
            return new AuthorizationInterceptor(authService, option, identityProviderAwareAuthService, executionContext, loggingContext);
        });
    }

    public Seq<Claim> convertUserRightsToClaims(Set<domain.UserRight> set) {
        return ((IterableOnceOps) set.view().map(userRight -> {
            return MODULE$.userRightToClaim(userRight);
        })).toList().prepended(ClaimPublic$.MODULE$);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Claim userRightToClaim(domain.UserRight userRight) {
        if (userRight instanceof domain.UserRight.CanActAs) {
            return new ClaimActAsParty((String) Ref$.MODULE$.Party().assertFromString(((domain.UserRight.CanActAs) userRight).party()));
        }
        if (userRight instanceof domain.UserRight.CanReadAs) {
            return new ClaimReadAsParty((String) Ref$.MODULE$.Party().assertFromString(((domain.UserRight.CanReadAs) userRight).party()));
        }
        if (domain$UserRight$IdentityProviderAdmin$.MODULE$.equals(userRight)) {
            return ClaimIdentityProviderAdmin$.MODULE$;
        }
        if (domain$UserRight$ParticipantAdmin$.MODULE$.equals(userRight)) {
            return ClaimAdmin$.MODULE$;
        }
        throw new MatchError(userRight);
    }

    private AuthorizationInterceptor$() {
    }
}
