package no.fintlabs.opa;

import no.vigoiks.resourceserver.security.FintJwtEndUserPrincipal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.security.web.server.authorization.AuthorizationContext;
import org.springframework.stereotype.Component;
import reactor.core.publisher.Mono;

@Component
/* loaded from: input_file:no/fintlabs/opa/OpaAuthorizationManager.class */
public class OpaAuthorizationManager implements ReactiveAuthorizationManager<AuthorizationContext> {
    private static final Logger log = LoggerFactory.getLogger(OpaAuthorizationManager.class);

    @Autowired
    private AuthorizationClient authorizationClient;

    public Mono<AuthorizationDecision> check(Mono<Authentication> mono, AuthorizationContext authorizationContext) {
        return mono.flatMap(authentication -> {
            Jwt jwt = (Jwt) ((JwtAuthenticationToken) authentication).getPrincipal();
            FintJwtEndUserPrincipal from = FintJwtEndUserPrincipal.from(jwt);
            String mail = from.getMail() != null ? from.getMail() : "";
            log.info("Fant principalName {}", (String) jwt.getClaims().get("principalName"));
            ServerHttpRequest request = authorizationContext.getExchange().getRequest();
            log.info("Request method {}", request.getMethod());
            log.info("Request path {}", request.getPath());
            log.info("Authenticated {}", Boolean.valueOf(authentication.isAuthenticated()));
            log.info("Checking if user is authorized in opa with username {}", mail);
            return this.authorizationClient.isAuthorized(mail, String.valueOf(request.getMethod())).map(bool -> {
                log.info("Authorized {}", bool);
                return new AuthorizationDecision(bool.booleanValue());
            });
        }).defaultIfEmpty(new AuthorizationDecision(false)).doOnError(th -> {
            System.out.println("An error occurred while authorizing: " + th.getMessage());
        });
    }

    public Mono<Void> verify(Mono<Authentication> mono, AuthorizationContext authorizationContext) {
        System.out.println("OpaAuthorizationManager.verify");
        return super.verify(mono, authorizationContext);
    }

    public /* bridge */ /* synthetic */ Mono verify(Mono mono, Object obj) {
        return verify((Mono<Authentication>) mono, (AuthorizationContext) obj);
    }

    public /* bridge */ /* synthetic */ Mono check(Mono mono, Object obj) {
        return check((Mono<Authentication>) mono, (AuthorizationContext) obj);
    }
}
