package de.muenchen.oss.digiwf.spring.security.authentication;

import de.muenchen.oss.digiwf.spring.security.PrincipalUtil;
import de.muenchen.oss.digiwf.spring.security.SecurityConfiguration;
import de.muenchen.oss.digiwf.spring.security.SpringSecurityProperties;
import io.muenchendigital.digiwf.spring.security.client.ClientParameters;
import java.util.HashSet;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Profile;
import org.springframework.core.env.Environment;
import org.springframework.lang.NonNull;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.stereotype.Component;

@Profile({SecurityConfiguration.SECURITY})
@Component
/* loaded from: input_file:BOOT-INF/lib/digiwf-spring-security-core-1.0.1.jar:de/muenchen/oss/digiwf/spring/security/authentication/UserAuthenticationProviderImpl.class */
public class UserAuthenticationProviderImpl implements UserAuthenticationProvider {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) UserAuthenticationProviderImpl.class);
    private final String userNameAttribute;
    public static final String NAME_UNAUTHENTICATED_USER = "unauthenticated";

    public UserAuthenticationProviderImpl(SpringSecurityProperties springSecurityProperties, Environment environment) {
        this.userNameAttribute = ClientParameters.fromEnvironment(environment, springSecurityProperties.getClientRegistration()).getUserNameAttribute();
    }

    @Override // de.muenchen.oss.digiwf.spring.security.authentication.UserAuthenticationProvider
    @NonNull
    public String getLoggedInUser() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return ((authentication instanceof AbstractAuthenticationToken) && (authentication.getPrincipal() instanceof Jwt)) ? (String) ((Jwt) authentication.getPrincipal()).getClaims().get(this.userNameAttribute) : NAME_UNAUTHENTICATED_USER;
    }

    @Override // de.muenchen.oss.digiwf.spring.security.authentication.UserAuthenticationProvider
    @NonNull
    public Set<String> getLoggedInUserRoles() {
        return new HashSet(PrincipalUtil.extractRoles(SecurityContextHolder.getContext().getAuthentication()));
    }
}
