package dev.dsf.fhir.authentication;

import dev.dsf.common.auth.DsfOpenIdCredentials;
import dev.dsf.common.auth.conf.AbstractIdentityProvider;
import dev.dsf.common.auth.conf.Identity;
import dev.dsf.common.auth.conf.IdentityProvider;
import dev.dsf.common.auth.conf.OrganizationIdentityImpl;
import dev.dsf.common.auth.conf.PractitionerIdentityImpl;
import dev.dsf.common.auth.conf.RoleConfig;
import java.security.cert.X509Certificate;
import java.util.Objects;
import java.util.Optional;
import org.hl7.fhir.r4.model.Organization;
import org.hl7.fhir.r4.model.Practitioner;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;

/* loaded from: input_file:dev/dsf/fhir/authentication/IdentityProviderImpl.class */
public class IdentityProviderImpl extends AbstractIdentityProvider implements IdentityProvider, InitializingBean {
    private static final Logger logger = LoggerFactory.getLogger(IdentityProviderImpl.class);
    private final OrganizationProvider organizationProvider;
    private final String localOrganizationIdentifierValue;

    public IdentityProviderImpl(RoleConfig roleConfig, OrganizationProvider organizationProvider, String str) {
        super(roleConfig);
        this.organizationProvider = organizationProvider;
        this.localOrganizationIdentifierValue = str;
    }

    public void afterPropertiesSet() throws Exception {
        Objects.requireNonNull(this.organizationProvider, "organizationProvider");
        Objects.requireNonNull(this.localOrganizationIdentifierValue, "localOrganizationIdentifierValue");
    }

    protected Optional<Organization> getLocalOrganization() {
        return this.organizationProvider.getLocalOrganization();
    }

    public Identity getIdentity(X509Certificate[] x509CertificateArr) {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return null;
        }
        String thumbprint = getThumbprint(x509CertificateArr[0]);
        Optional<Organization> organization = this.organizationProvider.getOrganization(x509CertificateArr[0]);
        if (organization.isPresent()) {
            return isLocalOrganization(organization.get()) ? new OrganizationIdentityImpl(true, organization.get(), FhirServerRole.LOCAL_ORGANIZATION, x509CertificateArr[0]) : new OrganizationIdentityImpl(false, organization.get(), FhirServerRole.REMOTE_ORGANIZATION, x509CertificateArr[0]);
        }
        Optional practitioner = toPractitioner(x509CertificateArr[0]);
        Optional<Organization> localOrganization = this.organizationProvider.getLocalOrganization();
        if (practitioner.isPresent() && localOrganization.isPresent()) {
            Practitioner practitioner2 = (Practitioner) practitioner.get();
            return new PractitionerIdentityImpl(localOrganization.get(), getDsfRolesFor(practitioner2, thumbprint, null, null), x509CertificateArr[0], practitioner2, getPractitionerRolesFor(practitioner2, thumbprint, null, null), (DsfOpenIdCredentials) null);
        }
        logger.warn("Certificate with thumbprint '{}' for '{}' unknown, not part of allowlist and not configured as local user or local organization", thumbprint, getDn(x509CertificateArr[0]));
        return null;
    }

    private boolean isLocalOrganization(Organization organization) {
        return organization != null && organization.getIdentifier().stream().filter(identifier -> {
            return identifier != null;
        }).filter(identifier2 -> {
            return OrganizationProvider.ORGANIZATION_IDENTIFIER_SYSTEM.equals(identifier2.getSystem());
        }).anyMatch(identifier3 -> {
            return this.localOrganizationIdentifierValue.equals(identifier3.getValue());
        });
    }
}
