package org.georchestra.gateway.security.ldap.extended;

import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import lombok.NonNull;
import org.georchestra.gateway.security.GeorchestraUserMapperExtension;
import org.georchestra.security.model.GeorchestraUser;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.ldap.userdetails.LdapUserDetails;
import org.springframework.security.ldap.userdetails.LdapUserDetailsImpl;

/* loaded from: input_file:BOOT-INF/classes/org/georchestra/gateway/security/ldap/extended/GeorchestraLdapAuthenticatedUserMapper.class */
class GeorchestraLdapAuthenticatedUserMapper implements GeorchestraUserMapperExtension {

    @NonNull
    private final DemultiplexingUsersApi users;

    @Override // org.georchestra.gateway.security.GeorchestraUserMapperExtension
    public Optional<GeorchestraUser> resolve(Authentication authentication) {
        Optional ofNullable = Optional.ofNullable(authentication);
        Class<GeorchestraUserNamePasswordAuthenticationToken> cls = GeorchestraUserNamePasswordAuthenticationToken.class;
        Objects.requireNonNull(GeorchestraUserNamePasswordAuthenticationToken.class);
        Optional filter = ofNullable.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<GeorchestraUserNamePasswordAuthenticationToken> cls2 = GeorchestraUserNamePasswordAuthenticationToken.class;
        Objects.requireNonNull(GeorchestraUserNamePasswordAuthenticationToken.class);
        return filter.map((v1) -> {
            return r1.cast(v1);
        }).filter(georchestraUserNamePasswordAuthenticationToken -> {
            return georchestraUserNamePasswordAuthenticationToken.getPrincipal() instanceof LdapUserDetails;
        }).flatMap(this::map);
    }

    Optional<GeorchestraUser> map(GeorchestraUserNamePasswordAuthenticationToken georchestraUserNamePasswordAuthenticationToken) {
        LdapUserDetails ldapUserDetails = (LdapUserDetails) georchestraUserNamePasswordAuthenticationToken.getPrincipal();
        String configName = georchestraUserNamePasswordAuthenticationToken.getConfigName();
        String username = ldapUserDetails.getUsername();
        Optional<ExtendedGeorchestraUser> findByUsername = this.users.findByUsername(configName, username);
        if (findByUsername.isEmpty()) {
            findByUsername = this.users.findByEmail(configName, username);
        }
        return findByUsername.map(extendedGeorchestraUser -> {
            return fixPrefixedRoleNames(extendedGeorchestraUser, georchestraUserNamePasswordAuthenticationToken);
        });
    }

    private GeorchestraUser fixPrefixedRoleNames(GeorchestraUser georchestraUser, GeorchestraUserNamePasswordAuthenticationToken georchestraUserNamePasswordAuthenticationToken) {
        LdapUserDetailsImpl ldapUserDetailsImpl = (LdapUserDetailsImpl) georchestraUserNamePasswordAuthenticationToken.getPrincipal();
        Stream<? extends GrantedAuthority> stream = georchestraUserNamePasswordAuthenticationToken.getAuthorities().stream();
        Class<SimpleGrantedAuthority> cls = SimpleGrantedAuthority.class;
        Objects.requireNonNull(SimpleGrantedAuthority.class);
        georchestraUser.setRoles((List) Stream.concat(stream.filter((v1) -> {
            return r1.isInstance(v1);
        }).map((v0) -> {
            return v0.getAuthority();
        }).map(this::normalize), georchestraUser.getRoles().stream().map(this::normalize)).distinct().collect(Collectors.toList()));
        if (ldapUserDetailsImpl.getTimeBeforeExpiration() < Integer.MAX_VALUE) {
            georchestraUser.setLdapWarn(true);
            georchestraUser.setLdapRemainingDays(String.valueOf(ldapUserDetailsImpl.getTimeBeforeExpiration() / 86400));
        } else {
            georchestraUser.setLdapWarn(false);
        }
        return georchestraUser;
    }

    private String normalize(String str) {
        return str.startsWith("ROLE_") ? str : "ROLE_" + str;
    }

    public GeorchestraLdapAuthenticatedUserMapper(@NonNull DemultiplexingUsersApi demultiplexingUsersApi) {
        if (demultiplexingUsersApi == null) {
            throw new NullPointerException("users is marked non-null but is null");
        }
        this.users = demultiplexingUsersApi;
    }
}
