package org.entur.jwt.spring.auth0;

import com.auth0.jwt.impl.NullClaim;
import com.auth0.jwt.interfaces.Claim;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.entur.jwt.spring.filter.JwtAuthorityMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:org/entur/jwt/spring/auth0/Auth0JwtAuthorityMapper.class */
public class Auth0JwtAuthorityMapper implements JwtAuthorityMapper<DecodedJWT> {
    protected static final Logger logger = LoggerFactory.getLogger(Auth0JwtAuthorityMapper.class);
    protected final boolean extractAuth0Permissions;
    protected final boolean extractKeycloakResourceAccess;

    public Auth0JwtAuthorityMapper(boolean z, boolean z2) {
        this.extractAuth0Permissions = z;
        this.extractKeycloakResourceAccess = z2;
    }

    public List<GrantedAuthority> getGrantedAuthorities(DecodedJWT decodedJWT) {
        ArrayList arrayList = new ArrayList();
        if (!this.extractKeycloakResourceAccess && !this.extractAuth0Permissions) {
            addScope(decodedJWT, arrayList);
        }
        if (this.extractAuth0Permissions) {
            addPermissions(decodedJWT, arrayList);
        }
        if (this.extractKeycloakResourceAccess) {
            addResourceAccess(decodedJWT, arrayList);
        }
        return arrayList;
    }

    private void addResourceAccess(DecodedJWT decodedJWT, List<GrantedAuthority> list) {
        Claim claim = decodedJWT.getClaim("resource_access");
        if (claim == null || (claim instanceof NullClaim)) {
            return;
        }
        for (Map.Entry entry : claim.asMap().entrySet()) {
            if (!((String) entry.getKey()).equals("account")) {
                Object value = entry.getValue();
                if (value instanceof Map) {
                    Object obj = ((Map) value).get("roles");
                    if (obj instanceof List) {
                        Iterator it = ((List) obj).iterator();
                        while (it.hasNext()) {
                            list.add(new SimpleGrantedAuthority(asRole((String) it.next())));
                        }
                    } else if (obj instanceof String[]) {
                        for (String str : (String[]) obj) {
                            list.add(new SimpleGrantedAuthority(asRole(str)));
                        }
                    } else {
                        logger.warn("Unable to map roles {} of type {} to an authority; expected List or array", obj, obj.getClass().getName());
                    }
                }
            }
        }
    }

    protected String asRole(String str) {
        return str.startsWith("ROLE_") ? str : "ROLE_" + str;
    }

    protected void addScope(DecodedJWT decodedJWT, List<GrantedAuthority> list) {
        Claim claim = decodedJWT.getClaim("scope");
        if (claim == null || (claim instanceof NullClaim)) {
            return;
        }
        for (String str : claim.asString().split("\\s")) {
            list.add(new SimpleGrantedAuthority(asScope(str)));
        }
    }

    protected String asScope(String str) {
        return str.startsWith("SCOPE_") ? str : "SCOPE_" + str;
    }

    private void addPermissions(DecodedJWT decodedJWT, List<GrantedAuthority> list) {
        Claim claim = decodedJWT.getClaim("permissions");
        if (claim == null || (claim instanceof NullClaim)) {
            return;
        }
        for (String str : (String[]) claim.asArray(String.class)) {
            list.add(new SimpleGrantedAuthority(asPermission(str)));
        }
    }

    protected String asPermission(String str) {
        return str;
    }
}
