package de.muenchen.oss.digiwf.spring.security;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import net.minidev.json.JSONObject;
import org.springframework.core.convert.converter.Converter;
import org.springframework.lang.NonNull;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.core.ClaimAccessor;
import org.springframework.security.oauth2.jwt.Jwt;

@Deprecated
/* loaded from: input_file:BOOT-INF/lib/digiwf-spring-security-core-1.4.6.jar:de/muenchen/oss/digiwf/spring/security/TokenBasedAuthoritiesConverter.class */
public class TokenBasedAuthoritiesConverter implements Converter<Jwt, Collection<GrantedAuthority>> {
    private static final String ROLE_DECLARATIONS = "roles";
    private static final String REALM_ROLES_CLAIM = "realm_access";
    private static final String CLIENTS_CLAIM = "resource_access";
    private static final String USER_ROLES_CLAIM = "user_roles";
    private static final String CLIENT_ROLE_SEPARATOR = ":";

    @Override // org.springframework.core.convert.converter.Converter
    public Collection<GrantedAuthority> convert(@NonNull Jwt jwt) {
        return extractAuthorities(jwt);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v20, types: [java.util.Collection] */
    protected Collection<GrantedAuthority> extractAuthorities(Jwt jwt) {
        List<String> clientAuthorities = getClientAuthorities(jwt);
        List<String> userRolesClaimAuthorities = getUserRolesClaimAuthorities(jwt);
        Map<String, Object> claimAsMap = jwt.getClaimAsMap(REALM_ROLES_CLAIM);
        List emptyList = Collections.emptyList();
        if (claimAsMap != null && claimAsMap.containsKey(ROLE_DECLARATIONS)) {
            emptyList = (Collection) claimAsMap.get(ROLE_DECLARATIONS);
        }
        return (Collection) Stream.concat(Stream.concat(emptyList.stream(), clientAuthorities.stream()).map(str -> {
            return "ROLE_" + str;
        }), userRolesClaimAuthorities.stream()).map(SimpleGrantedAuthority::new).collect(Collectors.toList());
    }

    public static List<String> getClientAuthorities(ClaimAccessor claimAccessor) {
        ArrayList arrayList = new ArrayList();
        Map<String, Object> claimAsMap = claimAccessor.getClaimAsMap(CLIENTS_CLAIM);
        if (claimAsMap != null) {
            claimAsMap.forEach((str, obj) -> {
                arrayList.addAll(extractRoles(str, (JSONObject) obj));
            });
        }
        return arrayList;
    }

    public static List<String> getUserRolesClaimAuthorities(ClaimAccessor claimAccessor) {
        return claimAccessor.getClaimAsStringList("user_roles");
    }

    static List<String> extractRoles(String str, JSONObject jSONObject) {
        Collection collection = (Collection) jSONObject.get(ROLE_DECLARATIONS);
        return collection != null ? (List) collection.stream().map(str2 -> {
            return str + ":" + str2;
        }).collect(Collectors.toList()) : Collections.emptyList();
    }
}
