package org.keycloak.authorization.common;

import org.keycloak.authorization.attribute.Attributes;
import org.keycloak.authorization.identity.Identity;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.AccessToken;

/* loaded from: input_file:org/keycloak/authorization/common/ClientModelIdentity.class */
public class ClientModelIdentity implements Identity {
    protected final RealmModel realm;
    protected final ClientModel client;
    protected final UserModel serviceAccount;
    protected final AccessToken token;

    public ClientModelIdentity(KeycloakSession keycloakSession, ClientModel clientModel) {
        this(keycloakSession, clientModel, null);
    }

    public ClientModelIdentity(KeycloakSession keycloakSession, ClientModel clientModel, AccessToken accessToken) {
        this.realm = keycloakSession.getContext().getRealm();
        this.client = clientModel;
        this.serviceAccount = keycloakSession.users().getServiceAccount(clientModel);
        this.token = accessToken;
    }

    public String getId() {
        return this.client.getId();
    }

    public Attributes getAttributes() {
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        if (this.serviceAccount != null) {
            multivaluedHashMap.addAll(this.serviceAccount.getAttributes(), new Object[0]);
        }
        if (this.token != null) {
            multivaluedHashMap.add("scope", this.token.getScope());
        }
        return Attributes.from(multivaluedHashMap);
    }

    public boolean hasRealmRole(String str) {
        RoleModel role;
        if (this.serviceAccount == null || (role = this.realm.getRole(str)) == null) {
            return false;
        }
        return this.serviceAccount.hasRole(role);
    }

    public boolean hasClientRole(String str, String str2) {
        RoleModel role;
        if (this.serviceAccount == null || (role = this.realm.getClientByClientId(str).getRole(str2)) == null) {
            return false;
        }
        return this.serviceAccount.hasRole(role);
    }

    public boolean hasOneClientRole(String str, String... strArr) {
        if (this.serviceAccount == null) {
            return false;
        }
        ClientModel clientByClientId = this.realm.getClientByClientId(str);
        for (String str2 : strArr) {
            RoleModel role = clientByClientId.getRole(str2);
            if (role != null && this.serviceAccount.hasRole(role)) {
                return true;
            }
        }
        return false;
    }
}
