package io.camunda.tasklist.webapp.security.identity;

import io.camunda.identity.sdk.Identity;
import io.camunda.identity.sdk.authentication.AccessToken;
import io.camunda.tasklist.util.CollectionUtil;
import io.camunda.tasklist.webapp.dto.UserDTO;
import io.camunda.tasklist.webapp.security.TasklistProfileService;
import io.camunda.tasklist.webapp.security.UserReader;
import io.camunda.tasklist.webapp.security.oauth.IdentityTenantAwareJwtAuthenticationToken;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Profile;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.stereotype.Component;

@Profile({TasklistProfileService.IDENTITY_AUTH_PROFILE})
@Component
/* loaded from: input_file:io/camunda/tasklist/webapp/security/identity/IdentityUserReader.class */
public class IdentityUserReader implements UserReader {

    @Autowired
    private Identity identity;

    @Override // io.camunda.tasklist.webapp.security.UserReader
    public Optional<UserDTO> getCurrentUserBy(Authentication authentication) {
        if (authentication instanceof IdentityAuthentication) {
            IdentityAuthentication identityAuthentication = (IdentityAuthentication) authentication;
            return Optional.of(new UserDTO().setUserId(identityAuthentication.getName()).setDisplayName(identityAuthentication.getUserDisplayName()).setPermissions(identityAuthentication.getPermissions()).setTenants(identityAuthentication.getTenants()).setGroups(identityAuthentication.getGroups()));
        }
        if (!(authentication instanceof IdentityTenantAwareJwtAuthenticationToken)) {
            return Optional.empty();
        }
        IdentityTenantAwareJwtAuthenticationToken identityTenantAwareJwtAuthenticationToken = (IdentityTenantAwareJwtAuthenticationToken) authentication;
        AccessToken verifyToken = this.identity.authentication().verifyToken(((Jwt) identityTenantAwareJwtAuthenticationToken.getPrincipal()).getTokenValue());
        Stream stream = verifyToken.getPermissions().stream();
        PermissionConverter permissionConverter = PermissionConverter.getInstance();
        Objects.requireNonNull(permissionConverter);
        return Optional.of(new UserDTO().setUserId(identityTenantAwareJwtAuthenticationToken.getName()).setDisplayName((String) verifyToken.getUserDetails().getName().orElse(identityTenantAwareJwtAuthenticationToken.getName())).setPermissions((List) stream.map(permissionConverter::convert).collect(Collectors.toList())).setTenants(identityTenantAwareJwtAuthenticationToken.getTenants()));
    }

    @Override // io.camunda.tasklist.webapp.security.UserReader
    public String getCurrentOrganizationId() {
        return UserReader.DEFAULT_ORGANIZATION;
    }

    @Override // io.camunda.tasklist.webapp.security.UserReader
    public List<UserDTO> getUsersByUsernames(List<String> list) {
        return CollectionUtil.map(list, str -> {
            return new UserDTO().setUserId(str).setDisplayName(str);
        });
    }

    @Override // io.camunda.tasklist.webapp.security.UserReader
    public Optional<String> getUserToken(Authentication authentication) {
        throw new UnsupportedOperationException("Get token is not supported for Identity authentication");
    }
}
