package io.camunda.operate.webapp.security.identity;

import io.camunda.identity.sdk.Identity;
import io.camunda.operate.webapp.rest.dto.UserDto;
import io.camunda.operate.webapp.security.AbstractUserService;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Profile;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.stereotype.Component;

@Profile({"identity-auth"})
@Component
/* loaded from: input_file:io/camunda/operate/webapp/security/identity/IdentityUserService.class */
public class IdentityUserService extends AbstractUserService<AbstractAuthenticationToken> {
    private final Identity identity;
    private final PermissionConverter permissionConverter;

    @Autowired
    public IdentityUserService(Identity identity, PermissionConverter permissionConverter) {
        this.identity = identity;
        this.permissionConverter = permissionConverter;
    }

    @Override // io.camunda.operate.webapp.security.UserService
    public UserDto createUserDtoFrom(AbstractAuthenticationToken abstractAuthenticationToken) {
        if (abstractAuthenticationToken instanceof IdentityAuthentication) {
            return new UserDto().setUserId(((IdentityAuthentication) abstractAuthenticationToken).getId()).setDisplayName(abstractAuthenticationToken.getName()).setCanLogout(true).setPermissions(((IdentityAuthentication) abstractAuthenticationToken).getPermissions()).setTenants(((IdentityAuthentication) abstractAuthenticationToken).getTenants());
        }
        if (!(abstractAuthenticationToken instanceof JwtAuthenticationToken)) {
            return null;
        }
        Stream stream = this.identity.authentication().verifyToken(((Jwt) abstractAuthenticationToken.getPrincipal()).getTokenValue()).getPermissions().stream();
        PermissionConverter permissionConverter = this.permissionConverter;
        Objects.requireNonNull(permissionConverter);
        return new UserDto().setUserId(abstractAuthenticationToken.getName()).setDisplayName(abstractAuthenticationToken.getName()).setCanLogout(true).setPermissions((List) stream.map(permissionConverter::convert).collect(Collectors.toList()));
    }

    @Override // io.camunda.operate.webapp.security.AbstractUserService
    public String getUserToken(AbstractAuthenticationToken abstractAuthenticationToken) {
        throw new UnsupportedOperationException("Get token is not supported for Identity authentication");
    }
}
