package org.apache.sling.auth.oauth_client.impl;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.jcr.Credentials;
import org.apache.jackrabbit.oak.spi.security.authentication.credentials.CredentialsSupport;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.apache.jackrabbit.oak.spi.security.authentication.external.PrincipalNameResolver;
import org.apache.sling.auth.oauth_client.spi.OidcAuthCredentials;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:org/apache/sling/auth/oauth_client/impl/OidcIdentityProvider.class */
class OidcIdentityProvider implements ExternalIdentityProvider, PrincipalNameResolver, CredentialsSupport {
    private final String name;

    /* loaded from: input_file:org/apache/sling/auth/oauth_client/impl/OidcIdentityProvider$OidcGroup.class */
    private final class OidcGroup extends OidcIdentity implements ExternalGroup {
        OidcGroup(@NotNull ExternalIdentityRef externalIdentityRef) {
            super(externalIdentityRef);
        }

        @NotNull
        public Iterable<ExternalIdentityRef> getDeclaredGroups() {
            return Collections.emptyList();
        }

        @NotNull
        public Map<String, ?> getProperties() {
            return Collections.emptyMap();
        }

        @NotNull
        public Iterable<ExternalIdentityRef> getDeclaredMembers() {
            return Collections.emptyList();
        }
    }

    /* loaded from: input_file:org/apache/sling/auth/oauth_client/impl/OidcIdentityProvider$OidcGroupRef.class */
    static class OidcGroupRef extends ExternalIdentityRef {
        private OidcGroupRef(@NotNull String str, @NotNull String str2) {
            super(str, str2);
        }
    }

    /* loaded from: input_file:org/apache/sling/auth/oauth_client/impl/OidcIdentityProvider$OidcIdentity.class */
    private static abstract class OidcIdentity implements ExternalIdentity {
        private final ExternalIdentityRef ref;

        private OidcIdentity(@NotNull ExternalIdentityRef externalIdentityRef) {
            this.ref = externalIdentityRef;
        }

        @NotNull
        public ExternalIdentityRef getExternalId() {
            return this.ref;
        }

        @NotNull
        public String getId() {
            return this.ref.getId();
        }

        @NotNull
        public String getPrincipalName() {
            return getId();
        }

        @Nullable
        public String getIntermediatePath() {
            return "";
        }
    }

    /* loaded from: input_file:org/apache/sling/auth/oauth_client/impl/OidcIdentityProvider$OidcUser.class */
    private final class OidcUser extends OidcIdentity implements ExternalUser {
        private final OidcAuthCredentials creds;
        private final Iterable<String> groups;

        private OidcUser(@NotNull OidcAuthCredentials oidcAuthCredentials) {
            super(new ExternalIdentityRef(oidcAuthCredentials.getUserId(), oidcAuthCredentials.getIdp()));
            this.creds = oidcAuthCredentials;
            this.groups = oidcAuthCredentials.getGroups();
        }

        @NotNull
        public Iterable<ExternalIdentityRef> getDeclaredGroups() {
            ArrayList arrayList = new ArrayList();
            this.groups.forEach(str -> {
                arrayList.add(new OidcGroupRef(str, this.creds.getIdp()));
            });
            return arrayList;
        }

        @NotNull
        public Map<String, ?> getProperties() {
            return this.creds.getAttributes();
        }

        @Override // org.apache.sling.auth.oauth_client.impl.OidcIdentityProvider.OidcIdentity
        @NotNull
        public ExternalIdentityRef getExternalId() {
            return new ExternalIdentityRef(this.creds.getUserId(), this.creds.getIdp());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public OidcIdentityProvider(@NotNull String str) {
        this.name = str;
    }

    @NotNull
    public Set<Class> getCredentialClasses() {
        return Collections.singleton(OidcAuthCredentials.class);
    }

    @Nullable
    public String getUserId(@NotNull Credentials credentials) {
        if (validCredentials(credentials)) {
            return ((OidcAuthCredentials) credentials).getUserId();
        }
        return null;
    }

    @NotNull
    public Map<String, ?> getAttributes(@NotNull Credentials credentials) {
        return validCredentials(credentials) ? Collections.singletonMap(".token", "") : Collections.emptyMap();
    }

    public boolean setAttributes(@NotNull Credentials credentials, @NotNull Map<String, ?> map) {
        if (!validCredentials(credentials)) {
            return false;
        }
        OidcAuthCredentials oidcAuthCredentials = (OidcAuthCredentials) credentials;
        map.keySet().forEach(str -> {
            oidcAuthCredentials.setAttribute(str, (String) map.get(str));
        });
        return true;
    }

    @NotNull
    public String getName() {
        return this.name;
    }

    @Nullable
    public ExternalIdentity getIdentity(@NotNull ExternalIdentityRef externalIdentityRef) {
        if (isSameIdp(externalIdentityRef) && (externalIdentityRef instanceof OidcGroupRef)) {
            return new OidcGroup(externalIdentityRef);
        }
        return null;
    }

    @Nullable
    public ExternalUser getUser(@NotNull String str) {
        throw new UnsupportedOperationException();
    }

    @Nullable
    public ExternalUser authenticate(@NotNull Credentials credentials) {
        if (validCredentials(credentials)) {
            return new OidcUser((OidcAuthCredentials) credentials);
        }
        return null;
    }

    @Nullable
    public ExternalGroup getGroup(@NotNull String str) {
        throw new UnsupportedOperationException();
    }

    @NotNull
    public Iterator<ExternalUser> listUsers() {
        throw new UnsupportedOperationException();
    }

    @NotNull
    public Iterator<ExternalGroup> listGroups() {
        throw new UnsupportedOperationException();
    }

    @NotNull
    public String fromExternalIdentityRef(@NotNull ExternalIdentityRef externalIdentityRef) throws ExternalIdentityException {
        if (isSameIdp(externalIdentityRef)) {
            return externalIdentityRef.getId();
        }
        throw new ExternalIdentityException("Foreign IDP " + externalIdentityRef.getString());
    }

    private boolean validCredentials(@NotNull Credentials credentials) {
        if (credentials instanceof OidcAuthCredentials) {
            return isSameIdp((OidcAuthCredentials) credentials);
        }
        return false;
    }

    private boolean isSameIdp(@NotNull OidcAuthCredentials oidcAuthCredentials) {
        return this.name.equals(oidcAuthCredentials.getIdp());
    }

    private boolean isSameIdp(@NotNull ExternalIdentityRef externalIdentityRef) {
        return this.name.equals(externalIdentityRef.getProviderName());
    }
}
