package de.muenchen.oss.digiwf.spring.security;

import com.github.benmanes.caffeine.cache.Caffeine;
import com.github.benmanes.caffeine.cache.Ticker;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.cache.Cache;
import org.springframework.cache.caffeine.CaffeineCache;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.util.MultiValueMap;
import org.springframework.util.ObjectUtils;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:BOOT-INF/lib/digiwf-spring-security-core-0.18.2.jar:de/muenchen/oss/digiwf/spring/security/UserInfoAuthoritiesService.class */
public class UserInfoAuthoritiesService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) UserInfoAuthoritiesService.class);
    private static final String NAME_AUTHENTICATION_CACHE = "authentication_cache";
    private static final int AUTHENTICATION_CACHE_ENTRY_SECONDS_TO_EXPIRE = 60;
    private static final String CLAIM_AUTHORITIES = "authorities";
    private static final String CLAIM_ROLES = "user_roles";
    private final String userInfoUri;
    private final RestTemplate restTemplate;
    private final Cache cache = new CaffeineCache(NAME_AUTHENTICATION_CACHE, Caffeine.newBuilder().expireAfterWrite(60, TimeUnit.SECONDS).ticker(Ticker.systemTicker()).build());

    public UserInfoAuthoritiesService(String str, RestTemplateBuilder restTemplateBuilder) {
        this.userInfoUri = str;
        this.restTemplate = restTemplateBuilder.build();
    }

    public Collection<SimpleGrantedAuthority> loadAuthorities(Jwt jwt) {
        Cache.ValueWrapper valueWrapper = this.cache.get(jwt.getSubject());
        if (valueWrapper != null) {
            Collection<SimpleGrantedAuthority> collection = (Collection) valueWrapper.get();
            log.debug("Resolved authorities (from cache): {}", collection);
            return collection;
        }
        log.debug("Fetching user-info for token subject: {}", jwt.getSubject());
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.set("Authorization", "Bearer " + jwt.getTokenValue());
        HttpEntity<?> httpEntity = new HttpEntity<>((MultiValueMap<String, String>) httpHeaders);
        ArrayList arrayList = new ArrayList();
        try {
            Map map = (Map) this.restTemplate.exchange(this.userInfoUri, HttpMethod.GET, httpEntity, Map.class, new Object[0]).getBody();
            log.debug("Response from user-info Endpoint: {}", map);
            if (map != null && map.containsKey(CLAIM_AUTHORITIES)) {
                arrayList.addAll(asAuthorities(map.get(CLAIM_AUTHORITIES)));
            }
            if (map != null && map.containsKey(CLAIM_ROLES)) {
                arrayList.addAll(asAuthorities(map.get(CLAIM_ROLES)));
            }
            log.debug("Resolved Authorities (from /userinfo Endpoint): {}", arrayList);
            this.cache.put(jwt.getSubject(), arrayList);
        } catch (Exception e) {
            log.error(String.format("Could not fetch user details from %s - user is granted NO authorities", this.userInfoUri), (Throwable) e);
        }
        return arrayList;
    }

    private static List<SimpleGrantedAuthority> asAuthorities(Object obj) {
        ArrayList arrayList = new ArrayList();
        if (obj instanceof Collection) {
            obj = ((Collection) obj).toArray(new Object[0]);
        }
        if (ObjectUtils.isArray(obj)) {
            arrayList.addAll((Collection) Stream.of((Object[]) obj).map((v0) -> {
                return v0.toString();
            }).map(SimpleGrantedAuthority::new).collect(Collectors.toList()));
        }
        return arrayList;
    }
}
