package io.quantics.multitenant.oauth2.config;

import com.nimbusds.jwt.JWTParser;
import io.quantics.multitenant.tenantdetails.TenantDetailsService;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationManagerResolver;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationProvider;
import org.springframework.security.oauth2.server.resource.web.BearerTokenResolver;
import org.springframework.security.oauth2.server.resource.web.DefaultBearerTokenResolver;

/* loaded from: input_file:io/quantics/multitenant/oauth2/config/MultiTenantAuthenticationManagerResolver.class */
public class MultiTenantAuthenticationManagerResolver implements AuthenticationManagerResolver<HttpServletRequest> {
    private final TenantDetailsService tenantService;
    private final JwtDecoder jwtDecoder;
    private final JwtAuthenticationConverter authenticationConverter;
    private final BearerTokenResolver resolver;
    private final Map<String, AuthenticationManager> authenticationManagers;

    public MultiTenantAuthenticationManagerResolver(TenantDetailsService tenantDetailsService, JwtDecoder jwtDecoder) {
        this.resolver = new DefaultBearerTokenResolver();
        this.authenticationManagers = new ConcurrentHashMap();
        this.tenantService = tenantDetailsService;
        this.jwtDecoder = jwtDecoder;
        this.authenticationConverter = null;
    }

    public MultiTenantAuthenticationManagerResolver(TenantDetailsService tenantDetailsService, JwtDecoder jwtDecoder, JwtAuthenticationConverter jwtAuthenticationConverter) {
        this.resolver = new DefaultBearerTokenResolver();
        this.authenticationManagers = new ConcurrentHashMap();
        this.tenantService = tenantDetailsService;
        this.jwtDecoder = jwtDecoder;
        this.authenticationConverter = jwtAuthenticationConverter;
    }

    public AuthenticationManager resolve(HttpServletRequest httpServletRequest) {
        return this.authenticationManagers.computeIfAbsent(toTenant(httpServletRequest), this::fromTenant);
    }

    private String toTenant(HttpServletRequest httpServletRequest) {
        try {
            return JWTParser.parse(this.resolver.resolve(httpServletRequest)).getJWTClaimsSet().getIssuer();
        } catch (Exception e) {
            throw new IllegalArgumentException(e);
        }
    }

    private AuthenticationManager fromTenant(String str) {
        JwtAuthenticationProvider jwtAuthenticationProvider = (JwtAuthenticationProvider) this.tenantService.getByIssuer(str).map((v0) -> {
            return v0.getIssuer();
        }).map(str2 -> {
            JwtAuthenticationProvider jwtAuthenticationProvider2 = new JwtAuthenticationProvider(this.jwtDecoder);
            if (this.authenticationConverter != null) {
                jwtAuthenticationProvider2.setJwtAuthenticationConverter(this.authenticationConverter);
            }
            return jwtAuthenticationProvider2;
        }).orElseThrow(() -> {
            return new InvalidBearerTokenException("Unknown tenant: " + str);
        });
        Objects.requireNonNull(jwtAuthenticationProvider);
        return jwtAuthenticationProvider::authenticate;
    }
}
