package io.camunda.tasklist.webapp.security.sso;

import com.auth0.jwt.interfaces.Claim;
import io.camunda.tasklist.property.TasklistProperties;
import io.camunda.tasklist.util.CollectionUtil;
import io.camunda.tasklist.webapp.graphql.entity.C8AppLink;
import io.camunda.tasklist.webapp.graphql.entity.UserDTO;
import io.camunda.tasklist.webapp.security.Permission;
import io.camunda.tasklist.webapp.security.TasklistProfileService;
import io.camunda.tasklist.webapp.security.UserReader;
import io.camunda.tasklist.webapp.security.identity.IdentityAuthorizationService;
import io.camunda.tasklist.webapp.security.sso.model.C8ConsoleService;
import io.camunda.tasklist.webapp.security.sso.model.ClusterMetadata;
import jakarta.json.Json;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Profile;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.stereotype.Component;

@Profile({TasklistProfileService.SSO_AUTH_PROFILE})
@Component
/* loaded from: input_file:io/camunda/tasklist/webapp/security/sso/SSOUserReader.class */
public class SSOUserReader implements UserReader {

    @Autowired
    private TasklistProperties tasklistProperties;

    @Autowired
    private C8ConsoleService c8ConsoleService;

    @Autowired
    private IdentityAuthorizationService identityAuthorizationService;

    @Override // io.camunda.tasklist.webapp.security.UserReader
    public Optional<UserDTO> getCurrentUserBy(Authentication authentication) {
        if (!(authentication instanceof TokenAuthentication)) {
            if (!(authentication instanceof JwtAuthenticationToken)) {
                return Optional.empty();
            }
            JwtAuthenticationToken jwtAuthenticationToken = (JwtAuthenticationToken) authentication;
            String name = jwtAuthenticationToken.getName() == null ? UserReader.DEFAULT_USER : jwtAuthenticationToken.getName();
            return Optional.of(new UserDTO().setUserId(name).setDisplayName(name).setApiUser(true).setPermissions(List.of(Permission.WRITE)));
        }
        TokenAuthentication tokenAuthentication = (TokenAuthentication) authentication;
        Map<String, Claim> claims = tokenAuthentication.getClaims();
        String str = UserReader.DEFAULT_USER;
        if (claims.containsKey(this.tasklistProperties.getAuth0().getNameKey())) {
            str = claims.get(this.tasklistProperties.getAuth0().getNameKey()).asString();
        }
        String asString = claims.get(this.tasklistProperties.getAuth0().getEmailKey()).asString();
        ClusterMetadata clusterMetadata = this.c8ConsoleService.getClusterMetadata();
        List<C8AppLink> of = List.of();
        if (clusterMetadata != null) {
            of = clusterMetadata.getUrlsAsC8AppLinks();
        }
        return Optional.of(new UserDTO().setUserId(asString).setDisplayName(str).setApiUser(false).setGroups(this.identityAuthorizationService.getUserGroups()).setPermissions(tokenAuthentication.getPermissions()).setRoles(tokenAuthentication.getRoles(this.tasklistProperties.getAuth0().getOrganizationsKey())).setSalesPlanType(tokenAuthentication.getSalesPlanType()).setC8Links(of));
    }

    @Override // io.camunda.tasklist.webapp.security.UserReader
    public String getCurrentOrganizationId() {
        return this.tasklistProperties.getAuth0().getOrganization();
    }

    @Override // io.camunda.tasklist.webapp.security.UserReader
    public List<UserDTO> getUsersByUsernames(List<String> list) {
        return CollectionUtil.map(list, str -> {
            return new UserDTO().setDisplayName(str).setUserId(str).setApiUser(false);
        });
    }

    @Override // io.camunda.tasklist.webapp.security.UserReader
    public Optional<String> getUserToken(Authentication authentication) {
        if (authentication instanceof TokenAuthentication) {
            return Optional.of(Json.createValue(((TokenAuthentication) authentication).getAccessToken()).toString());
        }
        throw new UnsupportedOperationException("Not supported for token class: " + authentication.getClass().getName());
    }
}
