package org.apache.cxf.rs.security.oidc.rp;

import javax.ws.rs.core.SecurityContext;
import org.apache.cxf.common.security.SimpleSecurityContext;
import org.apache.cxf.jaxrs.utils.HttpUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.rs.security.oidc.common.AbstractUserInfo;
import org.apache.cxf.rs.security.oidc.common.IdToken;

/* loaded from: input_file:org/apache/cxf/rs/security/oidc/rp/OidcSecurityContext.class */
public class OidcSecurityContext extends SimpleSecurityContext implements SecurityContext {
    private OidcClientTokenContext oidcContext;
    private String roleClaim;

    public OidcSecurityContext(IdToken idToken) {
        this(new OidcClientTokenContextImpl(idToken));
    }

    public OidcSecurityContext(OidcClientTokenContext oidcClientTokenContext) {
        super(getPrincipalName(oidcClientTokenContext));
        this.oidcContext = oidcClientTokenContext;
    }

    public OidcClientTokenContext getOidcContext() {
        return this.oidcContext;
    }

    protected static String getPrincipalName(OidcClientTokenContext oidcClientTokenContext) {
        String str = null;
        if (oidcClientTokenContext.getUserInfo() != null) {
            str = getPrincipalName(oidcClientTokenContext.getUserInfo());
        }
        if (str == null && oidcClientTokenContext.getIdToken() != null) {
            str = getPrincipalName(oidcClientTokenContext.getIdToken());
        }
        return str;
    }

    protected static String getPrincipalName(AbstractUserInfo abstractUserInfo) {
        String preferredUserName = abstractUserInfo.getPreferredUserName();
        if (preferredUserName == null) {
            preferredUserName = abstractUserInfo.getGivenName();
        }
        if (preferredUserName == null) {
            preferredUserName = abstractUserInfo.getNickName();
        }
        if (preferredUserName == null) {
            preferredUserName = abstractUserInfo.getName();
        }
        if (preferredUserName == null) {
            preferredUserName = abstractUserInfo.getSubject();
        }
        return preferredUserName;
    }

    public boolean isSecure() {
        return HttpUtils.getEndpointAddress(JAXRSUtils.getCurrentMessage()).startsWith("https://");
    }

    public String getAuthenticationScheme() {
        return "OIDC";
    }

    public boolean isUserInRole(String str) {
        return (this.roleClaim == null || str == null || (!containsClaim(this.oidcContext.getIdToken(), this.roleClaim, str) && !containsClaim(this.oidcContext.getUserInfo(), this.roleClaim, str))) ? false : true;
    }

    private boolean containsClaim(AbstractUserInfo abstractUserInfo, String str, String str2) {
        return abstractUserInfo != null && abstractUserInfo.containsProperty(str) && str2.equals(abstractUserInfo.getProperty(str));
    }

    public void setRoleClaim(String str) {
        this.roleClaim = str;
    }
}
