package inc.yukawa.chain.security.jwt.util;

import inc.yukawa.chain.base.core.domain.change.Change;
import inc.yukawa.chain.base.core.domain.change.Changed;
import inc.yukawa.chain.base.core.domain.change.Created;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Consumer;
import java.util.function.Function;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import reactor.core.publisher.Mono;

/* loaded from: input_file:inc/yukawa/chain/security/jwt/util/AuthContextHelper.class */
public class AuthContextHelper {
    public static final Consumer<String> NOOP = str -> {
    };
    protected String groupsKey;
    protected String organisationIdsKey;

    public AuthContextHelper(String str, String str2) {
        this.groupsKey = str;
        this.organisationIdsKey = str2;
    }

    public Mono<Authentication> auth() {
        return ReactiveSecurityContextHolder.getContext().map((v0) -> {
            return v0.getAuthentication();
        });
    }

    public Mono<String> authPrincipal() {
        return auth().map(authentication -> {
            return (String) authentication.getPrincipal();
        });
    }

    public Mono<Map<String, Object>> authDetails() {
        return auth().map(this::authDetailsFrom);
    }

    public Mono<Set<String>> authUserGroups() {
        return auth().map(this::authUserGroupsFrom);
    }

    public Mono<String> authOrganisationId() {
        return auth().flatMap(authentication -> {
            return Mono.justOrEmpty(authOrganisationIdFrom(authentication));
        });
    }

    public Map<String, Object> authDetailsFrom(Authentication authentication) {
        return authentication.getDetails() != null ? (Map) authentication.getDetails() : new HashMap();
    }

    public Set<String> authUserGroupsFrom(Authentication authentication) {
        return new HashSet((Collection) authDetailsFrom(authentication).getOrDefault(this.groupsKey, Collections.emptyList()));
    }

    public List<String> authOrganisationIdsFrom(Authentication authentication) {
        List list = (List) authDetailsFrom(authentication).get(this.organisationIdsKey);
        if (list != null) {
            return new ArrayList(list);
        }
        return null;
    }

    public String authOrganisationIdFrom(Authentication authentication) {
        List list = (List) authDetailsFrom(authentication).get(this.organisationIdsKey);
        if (list == null || list.isEmpty()) {
            return null;
        }
        return (String) list.get(0);
    }

    public <T> Mono<T> callerScopeFor(T t, Function<T, String> function, Consumer<String> consumer) {
        return auth().flatMap(authentication -> {
            if (authentication.getAuthorities().stream().anyMatch(this::isAdmin)) {
                return Mono.just(t);
            }
            String str = (String) function.apply(t);
            String authOrganisationIdFrom = authOrganisationIdFrom(authentication);
            if (authOrganisationIdFrom == null || !(str == null || authOrganisationIdFrom.equals(str))) {
                return Mono.error(new AccessDeniedException("orgId='" + str + "' not in caller scope"));
            }
            consumer.accept(authOrganisationIdFrom);
            return Mono.just(t);
        });
    }

    public <T extends Changed> Mono<T> withChanged(T t) {
        return authPrincipal().map(str -> {
            t.setChange(new Change(str, new Date()));
            return t;
        });
    }

    public <T extends Changed & Created> Mono<T> withChangedAndCreated(T t) {
        return authPrincipal().map(str -> {
            t.setChange(new Change(str, new Date()));
            ((Created) t).setCreated(t.getChange());
            return t;
        });
    }

    public boolean isAdmin(GrantedAuthority grantedAuthority) {
        return "ROLE_ADMIN".equalsIgnoreCase(grantedAuthority.getAuthority());
    }
}
