package io.spaship.operator.rest.security;

import io.quarkus.runtime.StartupEvent;
import io.quarkus.security.identity.AuthenticationRequestContext;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.SecurityIdentityAugmentor;
import io.quarkus.security.runtime.QuarkusSecurityIdentity;
import io.smallrye.mutiny.Uni;
import io.spaship.operator.ldap.LdapService;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Supplier;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.event.Observes;
import javax.inject.Inject;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.jboss.logging.Logger;

@ApplicationScoped
/* loaded from: input_file:io/spaship/operator/rest/security/LdapRolesAugmentor.class */
public class LdapRolesAugmentor implements SecurityIdentityAugmentor {
    private static final Logger log = Logger.getLogger(LdapRolesAugmentor.class);

    @Inject
    LdapService ldapService;

    @ConfigProperty(name = "app.ldap.jwt.claim")
    Optional<String> claim;

    void onStart(@Observes StartupEvent startupEvent) {
        log.infof("LDAP Roles Identity Augmentor init. enabled=%s claim=%s", Boolean.valueOf(isEnabled()), this.claim.orElse("N/A"));
    }

    public Uni<SecurityIdentity> augment(SecurityIdentity securityIdentity, AuthenticationRequestContext authenticationRequestContext) {
        if (securityIdentity.isAnonymous() || !isEnabled()) {
            return sameIdentity(securityIdentity);
        }
        JsonWebToken principal = securityIdentity.getPrincipal();
        log.tracef("principal=%s", principal);
        String name = principal.getName();
        if (this.claim.isPresent() && (principal instanceof JsonWebToken)) {
            log.debug("Getting filter value from claim");
            name = (String) principal.getClaim(this.claim.get());
        }
        Set<String> roles = this.ldapService.getRoles(name);
        return roles.isEmpty() ? sameIdentity(securityIdentity) : Uni.createFrom().item(build(securityIdentity, roles));
    }

    public boolean isEnabled() {
        return this.ldapService.isEnabled();
    }

    private Uni<SecurityIdentity> sameIdentity(SecurityIdentity securityIdentity) {
        return Uni.createFrom().item(() -> {
            return securityIdentity;
        });
    }

    private Supplier<SecurityIdentity> build(SecurityIdentity securityIdentity, Set<String> set) {
        QuarkusSecurityIdentity.Builder builder = QuarkusSecurityIdentity.builder(securityIdentity);
        log.tracef("Adding roles=%s", set);
        builder.addRoles(set);
        Objects.requireNonNull(builder);
        return builder::build;
    }
}
