package io.camunda.tasklist.webapp.security.identity;

import io.camunda.identity.sdk.Identity;
import io.camunda.tasklist.property.TasklistProperties;
import io.camunda.tasklist.util.SpringContextHolder;
import io.camunda.tasklist.webapp.security.sso.TokenAuthentication;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/classes/io/camunda/tasklist/webapp/security/identity/IdentityAuthorizationService.class */
public class IdentityAuthorizationService {
    private final Logger logger = LoggerFactory.getLogger((Class<?>) IdentityAuthorizationService.class);

    @Autowired
    private TasklistProperties tasklistProperties;

    public List<String> getProcessDefinitionsFromAuthorization() {
        if (this.tasklistProperties.getIdentity().isResourcePermissionsEnabled() && this.tasklistProperties.getIdentity().getBaseUrl() != null) {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (authentication instanceof IdentityAuthentication) {
                return ((IdentityAuthentication) authentication).getAuthorizations().getProcessesAllowedToStart();
            }
            if (authentication instanceof JwtAuthenticationToken) {
                return new IdentityAuthorization(((Identity) SpringContextHolder.getBean(Identity.class)).authorizations().forToken(((JwtAuthenticationToken) authentication).getToken().getTokenValue())).getProcessesAllowedToStart();
            }
            if (authentication instanceof TokenAuthentication) {
                return new IdentityAuthorization(((Identity) SpringContextHolder.getBean(Identity.class)).authorizations().forToken(((TokenAuthentication) authentication).getAccessToken(), ((TokenAuthentication) authentication).getOrganization())).getProcessesAllowedToStart();
            }
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add("*");
        return arrayList;
    }

    public List<String> getUserGroups() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Identity identity = (Identity) SpringContextHolder.getBean(Identity.class);
        if (authentication instanceof IdentityAuthentication) {
            return identity.authentication().verifyToken(((IdentityAuthentication) authentication).getTokens().getAccessToken()).getUserDetails().getGroups();
        }
        if (authentication instanceof TokenAuthentication) {
            return identity.authentication().verifyToken(((TokenAuthentication) authentication).getAccessToken(), ((TokenAuthentication) authentication).getOrganization()).getUserDetails().getGroups();
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add("");
        return arrayList;
    }

    public boolean isAllowedToStartProcess(String str) {
        return !Collections.disjoint(getProcessDefinitionsFromAuthorization(), Set.of("*", str));
    }
}
