package org.bremersee.security.authentication;

import com.jayway.jsonpath.Configuration;
import com.jayway.jsonpath.JsonPath;
import com.jayway.jsonpath.Option;
import com.jayway.jsonpath.Predicate;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import net.minidev.json.JSONValue;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/bremersee/security/authentication/KeycloakJwtConverter.class */
public class KeycloakJwtConverter implements Converter<Jwt, JwtAuthenticationToken> {
    private static final String JSON_ROLES_PATH = "$.realm_access.roles";
    private static final Configuration jsonPathConf = Configuration.builder().options(new Option[]{Option.SUPPRESS_EXCEPTIONS}).build();

    public JwtAuthenticationToken convert(Jwt jwt) {
        List list = (List) JsonPath.parse(JSONValue.toJSONString(jwt.getClaims()), jsonPathConf).read(JSON_ROLES_PATH, List.class, new Predicate[0]);
        return new KeycloakJwtAuthenticationToken(jwt, (list == null || list.isEmpty()) ? Collections.emptySet() : (Set) list.stream().map(this::buildGrantedAuthority).collect(Collectors.toSet()));
    }

    private GrantedAuthority buildGrantedAuthority(Object obj) {
        SimpleGrantedAuthority simpleGrantedAuthority;
        if ((obj instanceof String) && StringUtils.hasText((String) obj)) {
            simpleGrantedAuthority = new SimpleGrantedAuthority(((String) obj).startsWith("ROLE_") ? (String) obj : "ROLE_" + obj);
        } else {
            simpleGrantedAuthority = new SimpleGrantedAuthority("ROLE_NULL");
        }
        return simpleGrantedAuthority;
    }
}
