package io.quarkus.elytron.security.oauth2.runtime.auth;

import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import io.undertow.security.idm.IdentityManager;
import java.util.List;
import org.jboss.logging.Logger;
import org.wildfly.security.auth.server.RealmUnavailableException;
import org.wildfly.security.auth.server.SecurityDomain;
import org.wildfly.security.auth.server.SecurityIdentity;
import org.wildfly.security.evidence.BearerTokenEvidence;

/* loaded from: input_file:io/quarkus/elytron/security/oauth2/runtime/auth/OAuth2IdentityManager.class */
public class OAuth2IdentityManager implements IdentityManager {
    private static Logger log = Logger.getLogger(OAuth2IdentityManager.class);
    private final SecurityDomain domain;
    private String roleClaim;

    public OAuth2IdentityManager(SecurityDomain securityDomain, String str) {
        this.domain = securityDomain;
        this.roleClaim = str;
    }

    public Account verify(Account account) {
        return account;
    }

    public Account verify(String str, Credential credential) {
        return null;
    }

    public Account verify(Credential credential) {
        log.debugf("verify, credential=%s", credential);
        try {
            if (credential instanceof Oauth2Credential) {
                try {
                    SecurityIdentity authenticate = this.domain.authenticate(new BearerTokenEvidence(((Oauth2Credential) credential).getBearerToken()));
                    String[] extractRoles = extractRoles(authenticate);
                    log.debugf("authenticate, result=%s", authenticate);
                    if (authenticate != null) {
                        return new OAuth2Account(authenticate, extractRoles);
                    }
                } catch (RealmUnavailableException e) {
                    log.debugf(e, "failed, credential=%s", credential);
                }
            }
            return null;
        } catch (Exception e2) {
            log.warnf(e2, "Failed to verify credential=%s", credential);
            return null;
        }
    }

    private String[] extractRoles(SecurityIdentity securityIdentity) {
        ElytronOAuth2CallerPrincipal elytronOAuth2CallerPrincipal = (ElytronOAuth2CallerPrincipal) securityIdentity.getPrincipal();
        Object obj = elytronOAuth2CallerPrincipal.getClaims().get(this.roleClaim);
        if (obj instanceof List) {
            return (String[]) ((List) obj).toArray(new String[0]);
        }
        String str = (String) elytronOAuth2CallerPrincipal.getClaims().get(this.roleClaim);
        if (str == null) {
            return null;
        }
        return str.split(" ");
    }
}
