package org.elasticsearch.xpack.security.authc.jwt;

import java.util.Collections;
import java.util.List;
import org.elasticsearch.common.settings.SecureString;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.xpack.core.security.authc.AuthenticationToken;
import org.elasticsearch.xpack.core.security.authc.RealmConfig;
import org.elasticsearch.xpack.core.security.authc.jwt.JwtRealmsServiceSettings;
import org.elasticsearch.xpack.core.ssl.SSLService;
import org.elasticsearch.xpack.security.authc.support.mapper.NativeRoleMappingStore;

/* loaded from: input_file:org/elasticsearch/xpack/security/authc/jwt/JwtRealmsService.class */
public class JwtRealmsService {
    private final List<String> principalClaimNames;

    public JwtRealmsService(Settings settings) {
        this.principalClaimNames = Collections.unmodifiableList((List) JwtRealmsServiceSettings.PRINCIPAL_CLAIMS_SETTING.get(settings));
    }

    public List<String> getPrincipalClaimNames() {
        return this.principalClaimNames;
    }

    public JwtRealm createJwtRealm(RealmConfig realmConfig, SSLService sSLService, NativeRoleMappingStore nativeRoleMappingStore) {
        return new JwtRealm(realmConfig, this, sSLService, nativeRoleMappingStore);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationToken token(ThreadContext threadContext) {
        SecureString headerValue = JwtUtil.getHeaderValue(threadContext, "Authorization", JwtRealm.HEADER_END_USER_AUTHENTICATION_SCHEME, false);
        if (headerValue == null) {
            return null;
        }
        return new JwtAuthenticationToken(this.principalClaimNames, headerValue, JwtUtil.getHeaderValue(threadContext, JwtRealm.HEADER_CLIENT_AUTHENTICATION, JwtRealm.HEADER_SHARED_SECRET_AUTHENTICATION_SCHEME, true));
    }
}
