package net.savantly.authorization.service;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;

/* loaded from: input_file:net/savantly/authorization/service/PermissionAwareJwtAuthenticationConverter.class */
public class PermissionAwareJwtAuthenticationConverter extends JwtAuthenticationConverter {
    private static final Logger log = LoggerFactory.getLogger(PermissionAwareJwtAuthenticationConverter.class);
    private final PermissionProvider permissionProvider;
    private final String groupsClaim;

    public PermissionAwareJwtAuthenticationConverter(PermissionProvider permissionProvider) {
        this(permissionProvider, "groups");
    }

    public PermissionAwareJwtAuthenticationConverter(PermissionProvider permissionProvider, String str) {
        this.permissionProvider = permissionProvider;
        this.groupsClaim = str;
    }

    protected Collection<GrantedAuthority> extractAuthorities(Jwt jwt) {
        Collection<String> rolesFromClaims = getRolesFromClaims(jwt.getClaims());
        Collection<GrantedAuthority> collection = (Collection) rolesFromClaims.stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList());
        collection.addAll((List) getPermissionsFromRoles(rolesFromClaims).stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
        return collection;
    }

    private List<String> getPermissionsFromRoles(Collection<String> collection) {
        ArrayList arrayList = new ArrayList();
        collection.forEach(str -> {
            arrayList.addAll(this.permissionProvider.getEffectivePermissions(str));
        });
        if (log.isDebugEnabled()) {
            log.debug("role: {} effective permissions: {}", arrayList);
        }
        return arrayList;
    }

    private Collection<String> getRolesFromClaims(Map<String, Object> map) {
        return (Collection) map.getOrDefault(this.groupsClaim, new ArrayList());
    }
}
