package io.camunda.operate.webapp.security.sso;

import com.auth0.jwt.interfaces.Claim;
import io.camunda.operate.property.OperateProperties;
import io.camunda.operate.webapp.rest.dto.UserDto;
import io.camunda.operate.webapp.security.AbstractUserService;
import io.camunda.operate.webapp.security.Permission;
import io.camunda.operate.webapp.security.sso.model.ClusterMetadata;
import java.util.List;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Profile;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.stereotype.Component;

@Profile({"sso-auth"})
@Component
/* loaded from: input_file:io/camunda/operate/webapp/security/sso/SSOUserService.class */
public class SSOUserService extends AbstractUserService<AbstractAuthenticationToken> {

    @Autowired
    private OperateProperties operateProperties;

    @Autowired
    private C8ConsoleService c8ConsoleService;

    @Override // io.camunda.operate.webapp.security.UserService
    public UserDto createUserDtoFrom(AbstractAuthenticationToken abstractAuthenticationToken) {
        if (abstractAuthenticationToken instanceof TokenAuthentication) {
            return getUserDtoFor((TokenAuthentication) abstractAuthenticationToken);
        }
        if (abstractAuthenticationToken instanceof JwtAuthenticationToken) {
            return getUserDtoFor((JwtAuthenticationToken) abstractAuthenticationToken);
        }
        return null;
    }

    @Override // io.camunda.operate.webapp.security.AbstractUserService
    public String getUserToken(AbstractAuthenticationToken abstractAuthenticationToken) {
        if (abstractAuthenticationToken instanceof TokenAuthentication) {
            return ((TokenAuthentication) abstractAuthenticationToken).getNewTokenByRefreshToken();
        }
        throw new UnsupportedOperationException("Not supported for token class: " + abstractAuthenticationToken.getClass().getName());
    }

    private UserDto getUserDtoFor(JwtAuthenticationToken jwtAuthenticationToken) {
        return new UserDto().setUserId(jwtAuthenticationToken.getName()).setDisplayName(jwtAuthenticationToken.getName()).setCanLogout(false).setPermissions(List.of(Permission.READ, Permission.WRITE));
    }

    private UserDto getUserDtoFor(TokenAuthentication tokenAuthentication) {
        Map<String, Claim> claims = tokenAuthentication.getClaims();
        String asString = claims.containsKey(this.operateProperties.getAuth0().getNameKey()) ? claims.get(this.operateProperties.getAuth0().getNameKey()).asString() : "No name";
        ClusterMetadata clusterMetadata = this.c8ConsoleService.getClusterMetadata();
        Map<ClusterMetadata.AppName, String> of = Map.of();
        if (clusterMetadata != null) {
            of = clusterMetadata.getUrls();
        }
        return new UserDto().setUserId(tokenAuthentication.getName()).setDisplayName(asString).setCanLogout(false).setPermissions(tokenAuthentication.getPermissions()).setRoles(tokenAuthentication.getRoles(this.operateProperties.getAuth0().getOrganizationsKey())).setSalesPlanType(tokenAuthentication.getSalesPlanType()).setC8Links(of);
    }
}
