package io.camunda.authentication;

import io.camunda.authentication.entity.AuthenticationContext;
import io.camunda.authentication.entity.CamundaOidcUser;
import io.camunda.security.entity.AuthenticationMethod;
import io.camunda.service.AuthorizationServices;
import io.camunda.service.GroupServices;
import io.camunda.service.MappingServices;
import io.camunda.service.RoleServices;
import io.camunda.service.TenantServices;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserService;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.stereotype.Service;

@ConditionalOnAuthenticationMethod(AuthenticationMethod.OIDC)
@Service
/* loaded from: input_file:io/camunda/authentication/CamundaOidcUserService.class */
public class CamundaOidcUserService extends OidcUserService {
    private static final Logger LOG = LoggerFactory.getLogger(CamundaOidcUserService.class);
    private final MappingServices mappingServices;
    private final TenantServices tenantServices;
    private final RoleServices roleServices;
    private final GroupServices groupServices;
    private final AuthorizationServices authorizationServices;

    public CamundaOidcUserService(MappingServices mappingServices, TenantServices tenantServices, RoleServices roleServices, GroupServices groupServices, AuthorizationServices authorizationServices) {
        this.mappingServices = mappingServices;
        this.tenantServices = tenantServices;
        this.roleServices = roleServices;
        this.groupServices = groupServices;
        this.authorizationServices = authorizationServices;
    }

    public OidcUser loadUser(OidcUserRequest oidcUserRequest) throws OAuth2AuthenticationException {
        OidcUser loadUser = super.loadUser(oidcUserRequest);
        Map claims = oidcUserRequest.getIdToken().getClaims();
        Set set = (Set) this.mappingServices.getMatchingMappings(claims).stream().map((v0) -> {
            return v0.mappingKey();
        }).collect(Collectors.toSet());
        Set set2 = (Set) set.stream().map((v0) -> {
            return String.valueOf(v0);
        }).collect(Collectors.toSet());
        if (set.isEmpty()) {
            LOG.debug("No mappings found for these claims: {}", claims);
        }
        List rolesByMemberKeys = this.roleServices.getRolesByMemberKeys(set);
        return new CamundaOidcUser(loadUser, set, new AuthenticationContext(rolesByMemberKeys, this.authorizationServices.getAuthorizedApplications((Set) Stream.concat(rolesByMemberKeys.stream().map(roleEntity -> {
            return roleEntity.roleKey().toString();
        }), set.stream().map((v0) -> {
            return String.valueOf(v0);
        })).collect(Collectors.toSet())), this.tenantServices.getTenantsByMemberIds(set2).stream().map(TenantServices.TenantDTO::fromEntity).toList(), this.groupServices.getGroupsByMemberKeys(set).stream().map((v0) -> {
            return v0.name();
        }).toList()));
    }
}
