package io.muenchendigital.digiwf.task.service.adapter.out.auth;

import io.holunda.polyflow.view.auth.User;
import io.muenchendigital.digiwf.task.service.application.port.out.auth.CurrentUserPort;
import io.muenchendigital.digiwf.task.service.application.port.out.user.UserGroupResolverPort;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/classes/io/muenchendigital/digiwf/task/service/adapter/out/auth/CurrentUserSpringSecurityAdapter.class */
public class CurrentUserSpringSecurityAdapter implements CurrentUserPort {
    public static final String USER_ID_CLAIM = "lhmObjectID";
    public static final String USERNAME_CLAIM = "user_name";
    private final UserGroupResolverPort userGroupResolver;

    @Override // io.muenchendigital.digiwf.task.service.application.port.out.auth.CurrentUserPort
    public User getCurrentUser() {
        Authentication currentAuth = getCurrentAuth();
        if (!(currentAuth instanceof JwtAuthenticationToken) || !(currentAuth.getPrincipal() instanceof Jwt)) {
            throw new AuthenticationCredentialsNotFoundException("Could not detect current authorized user");
        }
        String str = (String) Objects.requireNonNull((String) ((Jwt) currentAuth.getPrincipal()).getClaims().get(USER_ID_CLAIM));
        return new User(str, (Set) this.userGroupResolver.resolveGroups(str).stream().map((v0) -> {
            return v0.toLowerCase();
        }).collect(Collectors.toSet()));
    }

    @Override // io.muenchendigital.digiwf.task.service.application.port.out.auth.CurrentUserPort
    public String getCurrentUserUsername() {
        Authentication currentAuth = getCurrentAuth();
        if ((currentAuth instanceof JwtAuthenticationToken) && (currentAuth.getPrincipal() instanceof Jwt)) {
            return (String) Objects.requireNonNull((String) ((Jwt) currentAuth.getPrincipal()).getClaims().get(USERNAME_CLAIM));
        }
        throw new AuthenticationCredentialsNotFoundException("Could not detect current authorized user");
    }

    private Authentication getCurrentAuth() {
        return SecurityContextHolder.getContext().getAuthentication();
    }

    public CurrentUserSpringSecurityAdapter(UserGroupResolverPort userGroupResolverPort) {
        this.userGroupResolver = userGroupResolverPort;
    }
}
