package io.camunda.tasklist.webapp.security.oauth;

import io.camunda.identity.sdk.Identity;
import io.camunda.tasklist.property.TasklistProperties;
import io.camunda.tasklist.util.SpringContextHolder;
import io.camunda.tasklist.webapp.security.tenant.TasklistTenant;
import io.camunda.tasklist.webapp.security.tenant.TenantAwareAuthentication;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import org.apache.commons.collections4.CollectionUtils;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;

/* loaded from: input_file:io/camunda/tasklist/webapp/security/oauth/IdentityTenantAwareJwtAuthenticationToken.class */
public class IdentityTenantAwareJwtAuthenticationToken extends JwtAuthenticationToken implements TenantAwareAuthentication {
    private static final long serialVersionUID = 1;
    private List<TasklistTenant> tenants;

    public IdentityTenantAwareJwtAuthenticationToken(Jwt jwt, Collection<? extends GrantedAuthority> collection, String str) {
        super(jwt, collection, str);
        this.tenants = Collections.emptyList();
    }

    @Override // io.camunda.tasklist.webapp.security.tenant.TenantAwareAuthentication
    public List<TasklistTenant> getTenants() {
        if (CollectionUtils.isEmpty(this.tenants) && isMultiTenancyEnabled()) {
            this.tenants = retrieveTenants();
        }
        return this.tenants;
    }

    private List<TasklistTenant> retrieveTenants() {
        try {
            List forToken = getIdentity().tenants().forToken(getToken().getTokenValue());
            return CollectionUtils.isEmpty(forToken) ? Collections.emptyList() : forToken.stream().map(tenant -> {
                return new TasklistTenant(tenant.getTenantId(), tenant.getName());
            }).sorted(TENANT_NAMES_COMPARATOR).toList();
        } catch (Exception e) {
            throw new InsufficientAuthenticationException(e.getMessage(), e);
        }
    }

    private Identity getIdentity() {
        return (Identity) SpringContextHolder.getBean(Identity.class);
    }

    private boolean isMultiTenancyEnabled() {
        return ((TasklistProperties) SpringContextHolder.getBean(TasklistProperties.class)).getMultiTenancy().isEnabled();
    }
}
