package org.activiti.cloud.services.identity.keycloak.mapper;

import com.nimbusds.jose.shaded.json.JSONObject;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.activiti.cloud.identity.model.UserApplicationAccess;
import org.activiti.cloud.identity.model.UserRoles;
import org.springframework.security.oauth2.jwt.Jwt;

/* loaded from: input_file:org/activiti/cloud/services/identity/keycloak/mapper/KeycloakTokenToUserRoles.class */
public class KeycloakTokenToUserRoles {
    public static final String ROLES = "roles";
    public static final String RESOURCE = "resource_access";
    public static final String REALM = "realm_access";

    public UserRoles toUserRoles(Jwt jwt) {
        UserRoles userRoles = new UserRoles();
        if (jwt != null) {
            userRoles.setApplicationAccess(getResourceRoles(jwt));
            userRoles.setGlobalAccess(new UserRoles.UserGlobalAccess(getGlobalRoles(jwt)));
        }
        return userRoles;
    }

    private List<UserApplicationAccess> getResourceRoles(Jwt jwt) {
        return (List) ((Set) Optional.ofNullable(jwt.getClaimAsMap(RESOURCE)).map((v0) -> {
            return v0.entrySet();
        }).orElse(Collections.emptySet())).stream().map(entry -> {
            return new UserApplicationAccess((String) entry.getKey(), getRoles((JSONObject) entry.getValue()));
        }).collect(Collectors.toList());
    }

    public List<String> getGlobalRoles(Jwt jwt) {
        return jwt.getClaim(REALM) != null ? getRoles((JSONObject) jwt.getClaim(REALM)) : Collections.emptyList();
    }

    private List<String> getRoles(JSONObject jSONObject) {
        return (List) Optional.ofNullable((List) jSONObject.get(ROLES)).orElse(Collections.emptyList());
    }
}
