package io.camunda.tasklist.webapp.security.identity;

import io.camunda.identity.sdk.Identity;
import io.camunda.tasklist.property.TasklistProperties;
import io.camunda.tasklist.util.SpringContextHolder;
import io.camunda.tasklist.webapp.security.sso.TokenAuthentication;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.SwitchBootstraps;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.stereotype.Component;
import org.springframework.validation.beanvalidation.LocalValidatorFactoryBean;

@Component
/* loaded from: input_file:io/camunda/tasklist/webapp/security/identity/IdentityAuthorizationService.class */
public class IdentityAuthorizationService {
    private final Logger logger = LoggerFactory.getLogger(IdentityAuthorizationService.class);

    @Autowired
    private TasklistProperties tasklistProperties;

    @Autowired
    private LocalValidatorFactoryBean defaultValidator;

    public List<String> getUserGroups() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        Identity identity = (Identity) SpringContextHolder.getBean(Identity.class);
        if (authentication instanceof IdentityAuthentication) {
            return identity.authentication().getGroups(((IdentityAuthentication) authentication).getTokens().getAccessToken());
        }
        if (authentication instanceof TokenAuthentication) {
            return identity.authentication().getGroupsInOrganization(((TokenAuthentication) authentication).getAccessToken(), (String) null, ((TokenAuthentication) authentication).getOrganization());
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add("");
        return arrayList;
    }

    public boolean isAllowedToStartProcess(String str) {
        return !Collections.disjoint(getProcessDefinitionsFromAuthorization(), Set.of("*", str));
    }

    public List<String> getProcessReadFromAuthorization() {
        return getFromAuthorization(IdentityAuthorization.PROCESS_PERMISSION_READ);
    }

    public List<String> getProcessDefinitionsFromAuthorization() {
        return getFromAuthorization(IdentityAuthorization.PROCESS_PERMISSION_START);
    }

    private Optional<IdentityAuthorization> getIdentityAuthorization() {
        if (!this.tasklistProperties.getIdentity().isResourcePermissionsEnabled() || this.tasklistProperties.getIdentity().getBaseUrl() == null) {
            return Optional.empty();
        }
        JwtAuthenticationToken authentication = SecurityContextHolder.getContext().getAuthentication();
        Objects.requireNonNull(authentication);
        switch ((int) SwitchBootstraps.typeSwitch(MethodHandles.lookup(), "typeSwitch", MethodType.methodType(Integer.TYPE, Object.class, Integer.TYPE), IdentityAuthentication.class, JwtAuthenticationToken.class, TokenAuthentication.class).dynamicInvoker().invoke(authentication, 0) /* invoke-custom */) {
            case 0:
                return Optional.of(((IdentityAuthentication) authentication).getAuthorizations());
            case 1:
                return Optional.of(new IdentityAuthorization(((Identity) SpringContextHolder.getBean(Identity.class)).authorizations().forToken(authentication.getToken().getTokenValue())));
            case 2:
                TokenAuthentication tokenAuthentication = (TokenAuthentication) authentication;
                return Optional.of(new IdentityAuthorization(((Identity) SpringContextHolder.getBean(Identity.class)).authorizations().forToken(tokenAuthentication.getAccessToken(), tokenAuthentication.getOrganization())));
            default:
                return Optional.empty();
        }
    }

    private List<String> getFromAuthorization(String str) {
        Optional<IdentityAuthorization> identityAuthorization = getIdentityAuthorization();
        if (identityAuthorization.isEmpty()) {
            return Collections.singletonList("*");
        }
        IdentityAuthorization identityAuthorization2 = identityAuthorization.get();
        boolean z = -1;
        switch (str.hashCode()) {
            case 2511254:
                if (str.equals(IdentityAuthorization.PROCESS_PERMISSION_READ)) {
                    z = false;
                    break;
                }
                break;
            case 649107170:
                if (str.equals(IdentityAuthorization.PROCESS_PERMISSION_START)) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return identityAuthorization2.getProcessesAllowedToRead();
            case true:
                return identityAuthorization2.getProcessesAllowedToStart();
            default:
                return Collections.emptyList();
        }
    }
}
