package org.activiti.cloud.services.identity.keycloak;

import java.security.Principal;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import org.activiti.api.runtime.shared.security.PrincipalGroupsProvider;
import org.activiti.api.runtime.shared.security.PrincipalRolesProvider;
import org.keycloak.admin.client.resource.UserResource;

/* loaded from: input_file:BOOT-INF/lib/activiti-cloud-services-common-identity-keycloak-7.1.406.jar:org/activiti/cloud/services/identity/keycloak/KeycloakClientPrincipalDetailsProvider.class */
public class KeycloakClientPrincipalDetailsProvider implements PrincipalGroupsProvider, PrincipalRolesProvider {
    private final KeycloakInstanceWrapper keycloakInstanceWrapper;

    public KeycloakClientPrincipalDetailsProvider(KeycloakInstanceWrapper keycloakInstanceWrapper) {
        this.keycloakInstanceWrapper = keycloakInstanceWrapper;
    }

    @Override // org.activiti.api.runtime.shared.security.PrincipalGroupsProvider
    public List<String> getGroups(Principal principal) {
        return (List) userResource(principal).groups().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.collectingAndThen(Collectors.toList(), Collections::unmodifiableList));
    }

    @Override // org.activiti.api.runtime.shared.security.PrincipalRolesProvider
    public List<String> getRoles(Principal principal) {
        return (List) userResource(principal).roles().realmLevel().listEffective().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.collectingAndThen(Collectors.toList(), Collections::unmodifiableList));
    }

    protected UserResource userResource(Principal principal) {
        return this.keycloakInstanceWrapper.getRealm().users().get(subjectId(principal));
    }

    protected String subjectId(Principal principal) {
        return (String) Optional.of(principal).map((v0) -> {
            return v0.getName();
        }).orElseThrow(this::securityException);
    }

    protected SecurityException securityException() {
        return new SecurityException("Invalid Keycloak principal subject id");
    }
}
