package it.geosolutions.geostore.services.rest.security.keycloak;

import it.geosolutions.geostore.core.model.UserGroup;
import it.geosolutions.geostore.core.model.enums.Role;
import it.geosolutions.geostore.core.security.GrantedAuthoritiesMapper;
import it.geosolutions.geostore.services.rest.utils.GeoStoreContext;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.log4j.Logger;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:WEB-INF/lib/geostore-rest-impl-1.9.0.jar:it/geosolutions/geostore/services/rest/security/keycloak/GeoStoreKeycloakAuthoritiesMapper.class */
public class GeoStoreKeycloakAuthoritiesMapper implements GrantedAuthoritiesMapper {
    private Set<UserGroup> groups;
    private Role role;
    private static final String ROLE_PREFIX = "ROLE_";
    private Map<String, String> roleMappings;
    private Map<String, String> groupMappings;
    private boolean dropUnmapped;
    private int idCounter;
    private static final Logger LOGGER = Logger.getLogger(GeoStoreKeycloakAuthoritiesMapper.class);

    /* JADX INFO: Access modifiers changed from: package-private */
    public GeoStoreKeycloakAuthoritiesMapper(Map<String, String> map, Map<String, String> map2, boolean z) {
        this.dropUnmapped = false;
        this.roleMappings = map;
        this.groupMappings = map2;
        if (LOGGER.isDebugEnabled() && map != null) {
            LOGGER.debug("Role mappings have been configured....");
        }
        this.idCounter = 1;
        this.dropUnmapped = z;
    }

    @Override // it.geosolutions.geostore.core.security.GrantedAuthoritiesMapper
    public Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> collection) {
        HashSet hashSet = new HashSet(collection.size());
        Iterator<? extends GrantedAuthority> it2 = collection.iterator();
        while (it2.hasNext()) {
            GrantedAuthority mapAuthority = mapAuthority(it2.next().getAuthority());
            if (mapAuthority != null) {
                hashSet.add(mapAuthority);
            }
        }
        KeyCloakConfiguration keyCloakConfiguration = (KeyCloakConfiguration) GeoStoreContext.bean(KeyCloakConfiguration.class);
        String str = null;
        if (keyCloakConfiguration != null) {
            Role authenticatedDefaultRole = keyCloakConfiguration.getAuthenticatedDefaultRole();
            if (authenticatedDefaultRole == null) {
                authenticatedDefaultRole = Role.USER;
            }
            str = ROLE_PREFIX + authenticatedDefaultRole.name();
        }
        String str2 = str;
        if (str != null && !hashSet.stream().anyMatch(grantedAuthority -> {
            return grantedAuthority.getAuthority().equalsIgnoreCase(str2);
        })) {
            hashSet.add(new SimpleGrantedAuthority(str));
        }
        if (getRole() == null) {
            setDefaultRole();
        }
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void mapAuthorities(List<String> list) {
        if (list != null) {
            list.forEach(str -> {
                mapStringAuthority(str);
            });
        }
        if (getRole() == null) {
            setDefaultRole();
        }
    }

    private void setDefaultRole() {
        KeyCloakConfiguration keyCloakConfiguration = (KeyCloakConfiguration) GeoStoreContext.bean(KeyCloakConfiguration.class);
        setRole(keyCloakConfiguration != null ? keyCloakConfiguration.getAuthenticatedDefaultRole() : null);
    }

    private GrantedAuthority mapAuthority(String str) {
        String mapStringAuthority = mapStringAuthority(str);
        if (mapStringAuthority == null) {
            return null;
        }
        return new SimpleGrantedAuthority(mapStringAuthority);
    }

    private String mapStringAuthority(String str) {
        String upperCase = str.toUpperCase();
        String defaultRoleMatch = this.roleMappings == null ? defaultRoleMatch(upperCase) : userMappingsMatch(upperCase);
        if (defaultRoleMatch == null) {
            defaultRoleMatch = upperCase;
            if (this.groupMappings != null) {
                defaultRoleMatch = this.groupMappings.get(defaultRoleMatch);
            }
            if (defaultRoleMatch == null && !this.dropUnmapped) {
                defaultRoleMatch = upperCase;
            }
            if (defaultRoleMatch != null) {
                addGroup(defaultRoleMatch);
            }
        }
        return defaultRoleMatch;
    }

    private String userMappingsMatch(String str) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.info("Using the configured role mappings..");
        }
        String str2 = this.roleMappings.get(str);
        if (str2 != null) {
            try {
                Role valueOf = Role.valueOf(str2);
                if (getRole() == null || valueOf.ordinal() < getRole().ordinal()) {
                    setRole(valueOf);
                }
                str2 = ROLE_PREFIX + str2;
            } catch (Exception e) {
                String str3 = "The value " + str2 + " set to match role " + str + " is not a valid Role. You should use one of ADMIN,USER,GUEST";
                LOGGER.error(str3, e);
                throw new RuntimeException(str3);
            }
        }
        return str2;
    }

    private String defaultRoleMatch(String str) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.info("Matching the keycloak role to geostore roles based on name equality...");
        }
        String str2 = null;
        if (str.equalsIgnoreCase(Role.ADMIN.name())) {
            str2 = ROLE_PREFIX + Role.ADMIN.name();
            setRole(Role.ADMIN);
        } else if (str.equalsIgnoreCase(Role.USER.name())) {
            str2 = ROLE_PREFIX + Role.USER.name();
            setRole(Role.USER);
        } else if (str.equalsIgnoreCase(Role.GUEST.name())) {
            str2 = ROLE_PREFIX + Role.GUEST.name();
            setRole(Role.GUEST);
        }
        return str2;
    }

    public Set<UserGroup> getGroups() {
        return this.groups == null ? new HashSet() : this.groups;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Role getRole() {
        return this.role;
    }

    private void setRole(Role role) {
        if (this.role == null) {
            this.role = role;
        } else if (this.role.ordinal() > role.ordinal()) {
            this.role = role;
        }
    }

    private void addGroup(String str) {
        if (this.groups == null) {
            this.groups = new HashSet();
        }
        UserGroup userGroup = new UserGroup();
        userGroup.setGroupName(str);
        userGroup.setId(Long.valueOf(this.idCounter));
        this.idCounter++;
        userGroup.setEnabled(true);
        this.groups.add(userGroup);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public int getIdCounter() {
        return this.idCounter;
    }
}
