package de.muenchen.oss.digiwf.task.service.adapter.out.auth;

import de.muenchen.oss.digiwf.spring.security.PrincipalUtil;
import de.muenchen.oss.digiwf.spring.security.SpringSecurityProperties;
import de.muenchen.oss.digiwf.task.service.application.port.out.auth.CurrentUserPort;
import de.muenchen.oss.digiwf.task.service.application.port.out.user.UserGroupResolverPort;
import io.holunda.polyflow.view.auth.User;
import io.muenchendigital.digiwf.spring.security.client.ClientParameters;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/classes/de/muenchen/oss/digiwf/task/service/adapter/out/auth/CurrentUserSpringSecurityAdapter.class */
public class CurrentUserSpringSecurityAdapter implements CurrentUserPort {
    private final UserGroupResolverPort userGroupResolver;
    private final String userNameAttribute;

    public CurrentUserSpringSecurityAdapter(UserGroupResolverPort userGroupResolverPort, SpringSecurityProperties springSecurityProperties, Environment environment) {
        this.userGroupResolver = userGroupResolverPort;
        this.userNameAttribute = ClientParameters.fromEnvironment(environment, springSecurityProperties.getClientRegistration()).getUserNameAttribute();
    }

    @Override // de.muenchen.oss.digiwf.task.service.application.port.out.auth.CurrentUserPort
    public String getCurrentUserToken() {
        Authentication currentAuth = getCurrentAuth();
        if (currentAuth instanceof JwtAuthenticationToken) {
            Object principal = currentAuth.getPrincipal();
            if (principal instanceof Jwt) {
                return ((Jwt) principal).getTokenValue();
            }
        }
        throw new AuthenticationCredentialsNotFoundException("Could not detect current authorized user");
    }

    @Override // de.muenchen.oss.digiwf.task.service.application.port.out.auth.CurrentUserPort
    public User getCurrentUser() {
        Authentication currentAuth = getCurrentAuth();
        if (currentAuth instanceof JwtAuthenticationToken) {
            Object principal = currentAuth.getPrincipal();
            if (principal instanceof Jwt) {
                String str = (String) Objects.requireNonNull((String) ((Jwt) principal).getClaims().get(this.userNameAttribute));
                Set set = (Set) this.userGroupResolver.resolveGroups(str).stream().map((v0) -> {
                    return v0.toLowerCase();
                }).collect(Collectors.toSet());
                set.addAll(PrincipalUtil.extractRoles(currentAuth));
                return new User(str, set);
            }
        }
        throw new AuthenticationCredentialsNotFoundException("Could not detect current authorized user");
    }

    @Override // de.muenchen.oss.digiwf.task.service.application.port.out.auth.CurrentUserPort
    public String getCurrentUserUsername() {
        Authentication currentAuth = getCurrentAuth();
        if (currentAuth instanceof JwtAuthenticationToken) {
            Object principal = currentAuth.getPrincipal();
            if (principal instanceof Jwt) {
                return (String) Objects.requireNonNull((String) ((Jwt) principal).getClaims().get(this.userNameAttribute));
            }
        }
        throw new AuthenticationCredentialsNotFoundException("Could not detect current authorized user");
    }

    private Authentication getCurrentAuth() {
        return SecurityContextHolder.getContext().getAuthentication();
    }
}
