package digital.nedra.commons.starter.security.oauth2.bearer.configuration;

import com.nimbusds.jose.shaded.json.JSONArray;
import com.nimbusds.jose.shaded.json.JSONObject;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;

/* loaded from: input_file:digital/nedra/commons/starter/security/oauth2/bearer/configuration/KeycloakJwtGrantedAuthoritiesConvertor.class */
public class KeycloakJwtGrantedAuthoritiesConvertor implements Converter<Jwt, Collection<GrantedAuthority>> {
    private final JwtGrantedAuthoritiesConverter delegate = new JwtGrantedAuthoritiesConverter();
    private static final String REALM_ACCESS = "realm_access";
    private static final String ROLES = "roles";
    private static final String ROLES_PREFIX = "ROLE_";

    public Collection<GrantedAuthority> convert(Jwt jwt) {
        Collection convert = this.delegate.convert(jwt);
        convert.addAll(extractKeycloakRoles(jwt));
        return Collections.unmodifiableCollection(convert);
    }

    private List<SimpleGrantedAuthority> extractKeycloakRoles(Jwt jwt) {
        if (jwt.getClaim(REALM_ACCESS) == null) {
            return List.of();
        }
        JSONObject jSONObject = (JSONObject) jwt.getClaim(REALM_ACCESS);
        return jSONObject.get(ROLES) == null ? List.of() : (List) ((JSONArray) jSONObject.get(ROLES)).stream().map(obj -> {
            return "ROLE_" + obj;
        }).map(SimpleGrantedAuthority::new).collect(Collectors.toList());
    }
}
