package no.fintlabs.resourceserver.security.user;

import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import no.fintlabs.resourceserver.security.properties.InternalApiSecurityProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.convert.converter.Converter;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import reactor.core.publisher.Mono;

/* loaded from: input_file:no/fintlabs/resourceserver/security/user/UserJwtConverter.class */
public class UserJwtConverter implements Converter<Jwt, Mono<AbstractAuthenticationToken>> {
    private static final Logger log = LoggerFactory.getLogger(UserJwtConverter.class);
    private final InternalApiSecurityProperties securityProperties;
    private final UserClaimFormattingService userClaimFormattingService;

    public Mono<AbstractAuthenticationToken> convert(Jwt jwt) {
        String claimAsString = jwt.getClaimAsString("organizationid");
        String claimAsString2 = jwt.getClaimAsString("objectidentifier");
        List claimAsStringList = jwt.getClaimAsStringList("roles");
        String adminRole = this.securityProperties.getAdminRole();
        log.debug("Extracted organization ID from JWT: {}", claimAsString);
        log.debug("Extracted roles from JWT: {}", claimAsStringList);
        log.debug("Extracted objectIdentifier from JWT: {}", claimAsString2);
        Map map = (Map) jwt.getClaims().entrySet().stream().map(entry -> {
            return entry.getValue() instanceof String ? new AbstractMap.SimpleEntry((String) entry.getKey(), this.userClaimFormattingService.removeDoubleQuotesFromClaim((String) entry.getValue())) : entry;
        }).filter(entry2 -> {
            return entry2.getValue() != null;
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        }));
        map.put("sourceApplicationIds", this.userClaimFormattingService.convertSourceApplicationIdsIntoString(claimAsString2));
        Jwt build = Jwt.withTokenValue(jwt.getTokenValue()).headers(map2 -> {
            map2.putAll(jwt.getHeaders());
        }).claims(map3 -> {
            map3.putAll(map);
        }).build();
        ArrayList arrayList = new ArrayList();
        if (claimAsString != null && claimAsStringList != null) {
            if (adminRole != null && !adminRole.isBlank() && claimAsStringList.contains(adminRole)) {
                arrayList.add(new SimpleGrantedAuthority("ROLE_ADMIN"));
            }
            Iterator it = claimAsStringList.iterator();
            while (it.hasNext()) {
                arrayList.add(new SimpleGrantedAuthority("ORGID_" + claimAsString + "_ROLE_" + ((String) it.next())));
            }
        }
        return Mono.just(new JwtAuthenticationToken(build, arrayList));
    }

    public UserJwtConverter(InternalApiSecurityProperties internalApiSecurityProperties, UserClaimFormattingService userClaimFormattingService) {
        this.securityProperties = internalApiSecurityProperties;
        this.userClaimFormattingService = userClaimFormattingService;
    }
}
