package io.camunda.authentication.filters;

import io.camunda.authentication.entity.CamundaUser;
import io.camunda.authentication.tenant.TenantAttributeHolder;
import io.camunda.security.configuration.MultiTenancyConfiguration;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.SwitchBootstraps;
import java.security.Principal;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.annotation.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:io/camunda/authentication/filters/TenantRequestAttributeFilter.class */
public class TenantRequestAttributeFilter extends OncePerRequestFilter {
    private static final Logger LOG = LoggerFactory.getLogger(TenantRequestAttributeFilter.class);
    private final MultiTenancyConfiguration multiTenancyCfg;

    public TenantRequestAttributeFilter(MultiTenancyConfiguration multiTenancyConfiguration) {
        this.multiTenancyCfg = multiTenancyConfiguration;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        Set<String> tenantIds = getTenantIds(httpServletRequest.getUserPrincipal());
        if (tenantIds == null) {
            throw new InternalAuthenticationServiceException("cannot find tenants for request");
        }
        LOG.debug("Authenticated tenants: {}", tenantIds);
        TenantAttributeHolder.setTenantIds(tenantIds);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    @Nullable
    private Set<String> getTenantIds(Principal principal) {
        if (!this.multiTenancyCfg.isEnabled()) {
            return Set.of("<default>");
        }
        Objects.requireNonNull(principal);
        switch ((int) SwitchBootstraps.typeSwitch(MethodHandles.lookup(), "typeSwitch", MethodType.methodType(Integer.TYPE, Object.class, Integer.TYPE), UsernamePasswordAuthenticationToken.class, OAuth2AuthenticationToken.class).dynamicInvoker().invoke(principal, 0) /* invoke-custom */) {
            case 0:
                Object principal2 = ((UsernamePasswordAuthenticationToken) principal).getPrincipal();
                if (principal2 instanceof CamundaUser) {
                    return (Set) ((CamundaUser) principal2).getTenants().stream().map((v0) -> {
                        return v0.tenantId();
                    }).collect(Collectors.toSet());
                }
                LOG.error("cannot find tenants: principal is not a camunda user");
                return null;
            case 1:
                LOG.error("cannot find tenants: tenant mapping isn't implemented for oidc");
                return null;
            default:
                LOG.error("cannot find tenants: unsupported principal type {}", principal.getClass().getName());
                return null;
        }
    }
}
