package org.apache.nifi.web.security.jwt.converter;

import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.authorization.user.NiFiUser;
import org.apache.nifi.authorization.user.NiFiUserDetails;
import org.apache.nifi.authorization.user.StandardNiFiUser;
import org.apache.nifi.authorization.util.IdentityMapping;
import org.apache.nifi.authorization.util.IdentityMappingUtil;
import org.apache.nifi.authorization.util.UserGroupUtil;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.security.jwt.provider.SupportedClaim;
import org.apache.nifi.web.security.token.NiFiAuthenticationToken;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.oauth2.jwt.Jwt;

/* loaded from: input_file:org/apache/nifi/web/security/jwt/converter/StandardJwtAuthenticationConverter.class */
public class StandardJwtAuthenticationConverter implements Converter<Jwt, NiFiAuthenticationToken> {
    private final Authorizer authorizer;
    private final List<IdentityMapping> identityMappings;

    public StandardJwtAuthenticationConverter(Authorizer authorizer, NiFiProperties niFiProperties) {
        this.authorizer = authorizer;
        this.identityMappings = IdentityMappingUtil.getIdentityMappings(niFiProperties);
    }

    public NiFiAuthenticationToken convert(Jwt jwt) {
        return new NiFiAuthenticationToken(new NiFiUserDetails(getUser(jwt)));
    }

    private NiFiUser getUser(Jwt jwt) {
        String mapIdentity = IdentityMappingUtil.mapIdentity(jwt.getSubject(), this.identityMappings);
        return new StandardNiFiUser.Builder().identity(mapIdentity).groups(UserGroupUtil.getUserGroups(this.authorizer, mapIdentity)).identityProviderGroups(getProvidedGroups(jwt)).build();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v5, types: [java.util.Set] */
    private Set<String> getProvidedGroups(Jwt jwt) {
        List claimAsStringList = jwt.getClaimAsStringList(SupportedClaim.GROUPS.getClaim());
        return claimAsStringList == null ? Collections.emptySet() : new LinkedHashSet(claimAsStringList);
    }
}
