package de.muenchen.oss.digiwf.cockpit.security.camunda;

import de.muenchen.oss.digiwf.spring.security.JwtClaims;
import de.muenchen.oss.digiwf.spring.security.SecurityConfiguration;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.camunda.bpm.engine.identity.Group;
import org.camunda.bpm.engine.identity.GroupQuery;
import org.camunda.bpm.engine.identity.NativeUserQuery;
import org.camunda.bpm.engine.identity.Tenant;
import org.camunda.bpm.engine.identity.TenantQuery;
import org.camunda.bpm.engine.identity.User;
import org.camunda.bpm.engine.identity.UserQuery;
import org.camunda.bpm.engine.impl.GroupQueryImpl;
import org.camunda.bpm.engine.impl.Page;
import org.camunda.bpm.engine.impl.TenantQueryImpl;
import org.camunda.bpm.engine.impl.UserQueryImpl;
import org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider;
import org.camunda.bpm.engine.impl.interceptor.CommandContext;
import org.camunda.bpm.engine.impl.persistence.AbstractManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;

/* loaded from: input_file:BOOT-INF/lib/digiwf-engine-cockpit-1.4.4.jar:de/muenchen/oss/digiwf/cockpit/security/camunda/OAuthIdentityServiceProvider.class */
public class OAuthIdentityServiceProvider extends AbstractManager implements ReadOnlyIdentityProvider {

    /* loaded from: input_file:BOOT-INF/lib/digiwf-engine-cockpit-1.4.4.jar:de/muenchen/oss/digiwf/cockpit/security/camunda/OAuthIdentityServiceProvider$NoTenantQueryImpl.class */
    static class NoTenantQueryImpl extends TenantQueryImpl {
        NoTenantQueryImpl() {
        }

        @Override // org.camunda.bpm.engine.impl.AbstractQuery
        public long executeCount(CommandContext commandContext) {
            return 0L;
        }

        @Override // org.camunda.bpm.engine.impl.AbstractQuery
        public List<Tenant> executeList(CommandContext commandContext, Page page) {
            return Collections.emptyList();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/digiwf-engine-cockpit-1.4.4.jar:de/muenchen/oss/digiwf/cockpit/security/camunda/OAuthIdentityServiceProvider$OAuthGroup.class */
    public static class OAuthGroup implements Group {
        private final String id;
        private final String name;
        private final String type;

        OAuthGroup(String str, String str2, String str3) {
            this.id = str;
            this.name = str2;
            this.type = str3;
        }

        @Override // org.camunda.bpm.engine.identity.Group
        public String getId() {
            return this.id;
        }

        @Override // org.camunda.bpm.engine.identity.Group
        public void setId(String str) {
            throw new UnsupportedOperationException("Can't set group id");
        }

        @Override // org.camunda.bpm.engine.identity.Group
        public String getName() {
            return this.name;
        }

        @Override // org.camunda.bpm.engine.identity.Group
        public void setName(String str) {
            throw new UnsupportedOperationException("Can't set group name");
        }

        @Override // org.camunda.bpm.engine.identity.Group
        public String getType() {
            return this.type;
        }

        @Override // org.camunda.bpm.engine.identity.Group
        public void setType(String str) {
            throw new UnsupportedOperationException("Can't set group type");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/digiwf-engine-cockpit-1.4.4.jar:de/muenchen/oss/digiwf/cockpit/security/camunda/OAuthIdentityServiceProvider$OAuthGroupQueryImpl.class */
    public static class OAuthGroupQueryImpl extends GroupQueryImpl {
        private final OAuthIdentityServiceProvider oAuthIdentityServiceProvider;

        public OAuthGroupQueryImpl(OAuthIdentityServiceProvider oAuthIdentityServiceProvider) {
            this.oAuthIdentityServiceProvider = oAuthIdentityServiceProvider;
        }

        @Override // org.camunda.bpm.engine.impl.AbstractQuery
        public long executeCount(CommandContext commandContext) {
            return this.oAuthIdentityServiceProvider.count(this);
        }

        @Override // org.camunda.bpm.engine.impl.AbstractQuery
        public List<Group> executeList(CommandContext commandContext, Page page) {
            return this.oAuthIdentityServiceProvider.list(this);
        }

        @Override // org.camunda.bpm.engine.impl.AbstractQuery, org.camunda.bpm.engine.query.Query
        public Group singleResult() {
            return this.oAuthIdentityServiceProvider.single(this);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/digiwf-engine-cockpit-1.4.4.jar:de/muenchen/oss/digiwf/cockpit/security/camunda/OAuthIdentityServiceProvider$OAuthUser.class */
    public static class OAuthUser implements User {
        private final String id;
        private final String firstName;
        private final String lastName;
        private final String emailAddress;

        OAuthUser(String str, String str2, String str3, String str4) {
            this.id = str;
            this.firstName = str2;
            this.lastName = str3;
            this.emailAddress = str4;
        }

        @Override // org.camunda.bpm.engine.identity.User
        public String getId() {
            return this.id;
        }

        @Override // org.camunda.bpm.engine.identity.User
        public void setId(String str) {
            throw new UnsupportedOperationException("Can't change user attributes");
        }

        @Override // org.camunda.bpm.engine.identity.User
        public String getFirstName() {
            return this.firstName;
        }

        @Override // org.camunda.bpm.engine.identity.User
        public void setFirstName(String str) {
            throw new UnsupportedOperationException("Can't change user attributes");
        }

        @Override // org.camunda.bpm.engine.identity.User
        public void setLastName(String str) {
            throw new UnsupportedOperationException("Can't change user attributes");
        }

        @Override // org.camunda.bpm.engine.identity.User
        public String getLastName() {
            return this.lastName;
        }

        @Override // org.camunda.bpm.engine.identity.User
        public void setEmail(String str) {
            throw new UnsupportedOperationException("Can't change user attributes");
        }

        @Override // org.camunda.bpm.engine.identity.User
        public String getEmail() {
            return this.emailAddress;
        }

        @Override // org.camunda.bpm.engine.identity.User
        public String getPassword() {
            throw new UnsupportedOperationException("Can't read user's password");
        }

        @Override // org.camunda.bpm.engine.identity.User
        public void setPassword(String str) {
            throw new UnsupportedOperationException("Can't change user attributes");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/digiwf-engine-cockpit-1.4.4.jar:de/muenchen/oss/digiwf/cockpit/security/camunda/OAuthIdentityServiceProvider$OAuthUserQueryImpl.class */
    public static class OAuthUserQueryImpl extends UserQueryImpl {
        private final OAuthIdentityServiceProvider oAuthIdentityServiceProvider;

        public OAuthUserQueryImpl(OAuthIdentityServiceProvider oAuthIdentityServiceProvider) {
            this.oAuthIdentityServiceProvider = oAuthIdentityServiceProvider;
        }

        @Override // org.camunda.bpm.engine.impl.AbstractQuery
        public long executeCount(CommandContext commandContext) {
            return this.oAuthIdentityServiceProvider.count(this);
        }

        @Override // org.camunda.bpm.engine.impl.AbstractQuery
        public List<User> executeList(CommandContext commandContext, Page page) {
            return this.oAuthIdentityServiceProvider.list(this);
        }

        @Override // org.camunda.bpm.engine.impl.AbstractQuery, org.camunda.bpm.engine.query.Query
        public User singleResult() {
            return this.oAuthIdentityServiceProvider.single(this);
        }
    }

    @Override // org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider
    public User findUserById(String str) {
        return createUserQuery().userId(str).singleResult();
    }

    @Override // org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider
    public UserQuery createUserQuery() {
        return new OAuthUserQueryImpl(this);
    }

    @Override // org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider
    public UserQuery createUserQuery(CommandContext commandContext) {
        return new OAuthUserQueryImpl(this);
    }

    @Override // org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider
    public NativeUserQuery createNativeUserQuery() {
        return null;
    }

    @Override // org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider
    public boolean checkPassword(String str, String str2) {
        return false;
    }

    @Override // org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider
    public Group findGroupById(String str) {
        return createGroupQuery().groupId(str).singleResult();
    }

    @Override // org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider
    public GroupQuery createGroupQuery() {
        return new OAuthGroupQueryImpl(this);
    }

    @Override // org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider
    public GroupQuery createGroupQuery(CommandContext commandContext) {
        return new OAuthGroupQueryImpl(this);
    }

    @Override // org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider
    public Tenant findTenantById(String str) {
        return new NoTenantQueryImpl().tenantId(str).singleResult();
    }

    @Override // org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider
    public TenantQuery createTenantQuery() {
        return new NoTenantQueryImpl();
    }

    @Override // org.camunda.bpm.engine.impl.identity.ReadOnlyIdentityProvider
    public TenantQuery createTenantQuery(CommandContext commandContext) {
        return new NoTenantQueryImpl();
    }

    private User single(OAuthUserQueryImpl oAuthUserQueryImpl) {
        return (User) getJwtAuthenticationToken().map(jwtAuthenticationToken -> {
            return new OAuthUser((String) jwtAuthenticationToken.getTokenAttributes().get(JwtClaims.USER_ID), (String) jwtAuthenticationToken.getTokenAttributes().getOrDefault("given_name", ""), (String) jwtAuthenticationToken.getTokenAttributes().getOrDefault("family_name", jwtAuthenticationToken.getTokenAttributes().get(JwtClaims.USER_ID)), (String) jwtAuthenticationToken.getTokenAttributes().getOrDefault("email", jwtAuthenticationToken.getTokenAttributes().get(JwtClaims.USER_ID)));
        }).orElse(null);
    }

    private Group single(OAuthGroupQueryImpl oAuthGroupQueryImpl) {
        return list(oAuthGroupQueryImpl).stream().filter(group -> {
            return group.getId().equals(oAuthGroupQueryImpl.getId());
        }).findFirst().orElse(null);
    }

    private List<Group> list(OAuthGroupQueryImpl oAuthGroupQueryImpl) {
        return (List) getJwtAuthenticationToken().map(jwtAuthenticationToken -> {
            return (List) jwtAuthenticationToken.getAuthorities().stream().map((v0) -> {
                return v0.getAuthority();
            }).map(str -> {
                return StringUtils.removeStart(str, SecurityConfiguration.SPRING_ROLE_PREFIX);
            }).map(str2 -> {
                return new OAuthGroup(str2, str2, "oauth");
            }).collect(Collectors.toList());
        }).orElse(Collections.emptyList());
    }

    private List<User> list(OAuthUserQueryImpl oAuthUserQueryImpl) {
        return Collections.singletonList(single(oAuthUserQueryImpl));
    }

    private long count(OAuthUserQueryImpl oAuthUserQueryImpl) {
        return list(oAuthUserQueryImpl).size();
    }

    private long count(OAuthGroupQueryImpl oAuthGroupQueryImpl) {
        return list(oAuthGroupQueryImpl).size();
    }

    private Optional<JwtAuthenticationToken> getJwtAuthenticationToken() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return authentication instanceof JwtAuthenticationToken ? Optional.of((JwtAuthenticationToken) authentication) : Optional.empty();
    }
}
