package org.gorpipe.gor.auth;

import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.gorpipe.exceptions.GorSystemException;
import org.gorpipe.gor.auth.utils.PlatformGorAuthCache;
import org.gorpipe.security.cred.CsaApiService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gorpipe/gor/auth/PlatformJWTAuth.class */
public class PlatformJWTAuth extends GorAuth {
    private static final Logger log = LoggerFactory.getLogger(PlatformJWTAuth.class);
    private static final Logger auditLog = LoggerFactory.getLogger("audit." + PlatformJWTAuth.class.getName());
    private PlatformGorAuthCache gorAuthInfoCache;
    private String userKey;

    public PlatformJWTAuth(AuthConfig authConfig, CsaApiService csaApiService) throws GorSystemException {
        super(authConfig, csaApiService);
        this.securityPolicy = SecurityPolicy.JWT;
        this.userKey = authConfig.getPlatformUserKey();
        this.gorAuthInfoCache = new PlatformGorAuthCache();
    }

    @Override // org.gorpipe.gor.auth.GorAuth
    public GorAuthInfo getGorAuthInfo(String str) {
        throw new GorSystemException("Not Supported", null);
    }

    @Override // org.gorpipe.gor.auth.GorAuth
    public GorAuthInfo getGorAuthInfo(String str, JsonWebToken jsonWebToken) {
        if (jsonWebToken == null || jsonWebToken.getTokenID() == null) {
            log.error("Access Token is null in PLATFORM security policy");
            return new GeneralAuthInfo(-1, str, null, null, null, -1, -1L);
        }
        long expirationTime = jsonWebToken.getExpirationTime();
        String username = getUsername(jsonWebToken);
        String str2 = str + ":" + username;
        GorAuthInfo gorAuthInfo = this.gorAuthInfoCache.get(str2);
        if (gorAuthInfo == null) {
            try {
                gorAuthInfo = updateGorAuthInfo(new GeneralAuthInfo(0, str, username, "", null, 0, Long.MAX_VALUE));
                this.gorAuthInfoCache.add(str2, gorAuthInfo, gorAuthInfo.getProjectId() > 0 ? Long.MAX_VALUE : 60000L);
            } catch (Exception e) {
                throw new GorSystemException(e);
            }
        }
        return new GeneralAuthInfo(gorAuthInfo.getProjectId(), str, username, gorAuthInfo.getUserId(), getUserRoles(jsonWebToken), gorAuthInfo.getOrganizationId(), expirationTime);
    }

    private String getUsername(JsonWebToken jsonWebToken) {
        return (String) jsonWebToken.getClaim(this.userKey);
    }

    private List<String> getUserRoles(JsonWebToken jsonWebToken) {
        return (List) ((List) ((Map) jsonWebToken.getClaim(GorAuth.REALM_ACCESS)).get(GorAuth.ROLES)).stream().map(jsonString -> {
            return jsonString.getString();
        }).collect(Collectors.toList());
    }
}
