package io.resys.hdes.pm.quarkus.runtime;

import io.quarkus.security.identity.AuthenticationRequestContext;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.SecurityIdentityAugmentor;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.resys.hdes.pm.quarkus.runtime.context.HdesProjectsContext;
import io.resys.hdes.projects.api.PmException;
import io.smallrye.mutiny.Uni;
import java.util.Objects;
import java.util.function.Supplier;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/resys/hdes/pm/quarkus/runtime/HdesProjectSecurityAugmentor.class */
public class HdesProjectSecurityAugmentor implements SecurityIdentityAugmentor {
    private static final Logger LOGGER = LoggerFactory.getLogger(HdesProjectSecurityAugmentor.class);
    public static final String ADMIN_ROLE = "hdes-projects-admin";
    private final String adminInitUserName;
    private final HdesProjectsContext hdesProjectsBackend;

    public HdesProjectSecurityAugmentor(String str, HdesProjectsContext hdesProjectsContext) {
        this.adminInitUserName = str;
        this.hdesProjectsBackend = hdesProjectsContext;
    }

    public Uni<SecurityIdentity> augment(SecurityIdentity securityIdentity, AuthenticationRequestContext authenticationRequestContext) {
        return securityIdentity.isAnonymous() ? Uni.createFrom().item(securityIdentity) : Uni.createFrom().item(build(securityIdentity));
    }

    private Supplier<SecurityIdentity> build(SecurityIdentity securityIdentity) {
        QuarkusSecurityIdentity.Builder builder = QuarkusSecurityIdentity.builder(securityIdentity);
        if (securityIdentity.getPrincipal() instanceof JsonWebToken) {
            String str = (String) securityIdentity.getPrincipal().getClaim("user_name");
            if ((str == null || !str.equals(this.adminInitUserName)) && !this.hdesProjectsBackend.repo().query().admins().isAdmin(str)) {
                try {
                    if (this.hdesProjectsBackend.repo().query().users().isUser(str)) {
                        LOGGER.debug("User already created: " + securityIdentity.getPrincipal());
                    } else {
                        LOGGER.debug("Creating user: " + securityIdentity.getPrincipal());
                        this.hdesProjectsBackend.repo().create().user(builder2 -> {
                            builder2.name(str);
                        });
                    }
                } catch (PmException e) {
                    LOGGER.error(e.getMessage() + System.lineSeparator() + e.getValue(), e);
                }
            } else {
                builder.addRole(ADMIN_ROLE);
            }
        } else {
            LOGGER.debug("Unknown principal: " + securityIdentity.getPrincipal());
        }
        Objects.requireNonNull(builder);
        return builder::build;
    }
}
