package inc.yukawa.chain.security.jwt.util;

import inc.yukawa.chain.base.core.BaseRealm;
import inc.yukawa.chain.base.core.domain.change.Change;
import inc.yukawa.chain.base.core.domain.change.Changed;
import inc.yukawa.chain.base.core.domain.change.Created;
import inc.yukawa.chain.base.core.domain.entity.EntityFilter;
import inc.yukawa.chain.base.core.domain.organization.Organized;
import inc.yukawa.chain.security.AuthCode;
import inc.yukawa.chain.security.principal.AuthContext;
import inc.yukawa.chain.security.principal.ChainPrincipal;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.function.Supplier;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/* loaded from: input_file:chain-security-jwt-2.0.7.jar:inc/yukawa/chain/security/jwt/util/AuthContextHelper.class */
public class AuthContextHelper implements AuthContext<Authentication, GrantedAuthority> {
    public static final Consumer<String> NOOP = str -> {
    };
    protected String groupsKey;
    protected String organisationIdsKey;

    public AuthContextHelper() {
        this(AuthCode.GROUPS_CONTEXT_KEY, AuthCode.ORG_LIST_KEY);
    }

    public AuthContextHelper(String str, String str2) {
        this.groupsKey = str;
        this.organisationIdsKey = str2;
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public Mono<Authentication> auth() {
        return ReactiveSecurityContextHolder.getContext().map((v0) -> {
            return v0.getAuthentication();
        });
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public Mono<String> authPrincipal() {
        return auth().map(authentication -> {
            return (String) authentication.getPrincipal();
        });
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public Mono<Map<String, Object>> authDetails() {
        return auth().map(this::authDetailsFrom);
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public Mono<Set<String>> authUserGroups() {
        return auth().map(this::authUserGroupsFrom);
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public Mono<String> authOrganisationId() {
        return auth().flatMap(authentication -> {
            return Mono.justOrEmpty(authOrganisationIdFrom(authentication));
        });
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public Map<String, Object> authDetailsFrom(Authentication authentication) {
        return authentication.getDetails() != null ? (Map) authentication.getDetails() : new HashMap();
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public Set<String> authUserGroupsFrom(Authentication authentication) {
        return new HashSet((Collection) authDetailsFrom(authentication).getOrDefault(this.groupsKey, Collections.emptyList()));
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public List<String> authOrganisationIdsFrom(Authentication authentication) {
        List list = (List) authDetailsFrom(authentication).get(this.organisationIdsKey);
        if (list != null) {
            return new ArrayList(list);
        }
        return null;
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public Flux<String> fluxOrganisationIdsFrom(Authentication authentication) {
        List list = (List) authDetailsFrom(authentication).get(this.organisationIdsKey);
        return list != null ? Flux.fromIterable(list) : Flux.empty();
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public String authOrganisationIdFrom(Authentication authentication) {
        return (String) authDetailsFrom(authentication).get(AuthCode.ORG_KEY);
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public <T> Mono<T> callerScopeFor(T t, Supplier<String> supplier, Consumer<String> consumer) {
        return (Mono<T>) auth().flatMap(authentication -> {
            String str = (String) supplier.get();
            String authOrganisationIdFrom = authOrganisationIdFrom(authentication);
            if (authentication.getAuthorities().stream().anyMatch(this::isAdmin)) {
                if (str == null && authOrganisationIdFrom != null) {
                    consumer.accept(authOrganisationIdFrom);
                }
                return Mono.just(t);
            }
            if (authOrganisationIdFrom == null || !(str == null || authOrganisationIdFrom.equals(str))) {
                return Mono.error(new AccessDeniedException("orgId='" + str + "' not in caller scope"));
            }
            consumer.accept(authOrganisationIdFrom);
            return Mono.just(t);
        });
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public <T> Mono<T> callerScopeFor(T t, Function<T, String> function, Consumer<String> consumer) {
        return callerScopeFor((AuthContextHelper) t, () -> {
            return (String) function.apply(t);
        }, consumer);
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public <O extends Organized> Mono<O> callerScopeFor(O o) {
        o.getClass();
        Supplier<String> supplier = o::getOrgId;
        o.getClass();
        return callerScopeFor((AuthContextHelper) o, supplier, o::setOrgId);
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public <F extends EntityFilter> Mono<F> callerScopeForFilter(F f) {
        f.getClass();
        Supplier<String> supplier = f::getOrgId;
        f.getClass();
        return callerScopeFor((AuthContextHelper) f, supplier, f::setOrgId);
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public <T extends Changed> Mono<T> withChanged(T t) {
        return (Mono<T>) authPrincipal().map(str -> {
            t.setChange(new Change(str, new Date()));
            return t;
        });
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public <T extends Changed & Created> Mono<T> withChangedAndCreated(T t) {
        return (Mono<T>) authPrincipal().map(str -> {
            t.setChange(new Change(str, new Date()));
            ((Created) t).setCreated(t.getChange());
            return t;
        });
    }

    public Mono<Boolean> isAdmin() {
        throw new UnsupportedOperationException("AuthContextHelper.isAdmin: @toDo");
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public boolean isAdmin(GrantedAuthority grantedAuthority) {
        return BaseRealm.ROLE_ADMIN.equalsIgnoreCase(grantedAuthority.getAuthority());
    }

    @Override // inc.yukawa.chain.security.principal.AuthContext
    public Mono<ChainPrincipal> chainPrincipal() {
        return auth().map(ChainSpringPrincipal::new);
    }
}
