package de.frachtwerk.essencium.backend.security;

import de.frachtwerk.essencium.backend.configuration.properties.LdapConfigProperties;
import de.frachtwerk.essencium.backend.model.AbstractBaseUser;
import de.frachtwerk.essencium.backend.model.AbstractBaseUser_;
import de.frachtwerk.essencium.backend.model.Role;
import de.frachtwerk.essencium.backend.model.UserInfoEssentials;
import de.frachtwerk.essencium.backend.model.dto.UserDto;
import de.frachtwerk.essencium.backend.service.AbstractUserService;
import de.frachtwerk.essencium.backend.service.RoleService;
import java.io.Serializable;
import java.util.Collection;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.ldap.userdetails.UserDetailsContextMapper;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:de/frachtwerk/essencium/backend/security/LdapUserContextMapper.class */
public class LdapUserContextMapper<USER extends AbstractBaseUser<ID>, ID extends Serializable, USERDTO extends UserDto<ID>> implements UserDetailsContextMapper {
    private final AbstractUserService<USER, ID, USERDTO> userService;
    private final RoleService roleService;
    private final LdapConfigProperties ldapConfigProperties;
    private static final Logger LOGGER = LoggerFactory.getLogger(LdapUserContextMapper.class);

    @Autowired
    public LdapUserContextMapper(AbstractUserService<USER, ID, USERDTO> abstractUserService, RoleService roleService, LdapConfigProperties ldapConfigProperties) {
        this.userService = abstractUserService;
        this.roleService = roleService;
        this.ldapConfigProperties = ldapConfigProperties;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public UserDetails mapUserFromContext(DirContextOperations dirContextOperations, String str, Collection<? extends GrantedAuthority> collection) {
        try {
            LOGGER.info("got successful ldap login for {}", str);
            USER m28loadUserByUsername = this.userService.m28loadUserByUsername(str);
            if (this.ldapConfigProperties.isUpdateRole()) {
                Stream<? extends GrantedAuthority> stream = collection.stream();
                Class<Role> cls = Role.class;
                Objects.requireNonNull(Role.class);
                Role role = (Role) stream.filter((v1) -> {
                    return r1.isInstance(v1);
                }).findFirst().map(grantedAuthority -> {
                    return (Role) grantedAuthority;
                }).orElseGet(() -> {
                    return this.roleService.getDefaultRole().orElse(null);
                });
                if (role != null && !role.getName().equals(m28loadUserByUsername.getRole().getName())) {
                    LOGGER.info("updating {}'s role from {} to {} based on ldap mapping", new Object[]{m28loadUserByUsername.getUsername(), m28loadUserByUsername.getRole().getName(), role.getName()});
                    m28loadUserByUsername.setRole(role);
                    this.userService.patch((Serializable) Objects.requireNonNull(m28loadUserByUsername.getId()), Map.of(AbstractBaseUser_.ROLE, role.getName()));
                }
            }
            return m28loadUserByUsername;
        } catch (UsernameNotFoundException e) {
            if (!this.ldapConfigProperties.isAllowSignup()) {
                throw new UsernameNotFoundException(String.format("%s not found locally", str));
            }
            LOGGER.info("creating new user '{}' from successful ldap authentication", str);
            String str2 = (String) Optional.ofNullable(dirContextOperations.getAttributes().get(this.ldapConfigProperties.getUserFirstnameAttr())).map(attribute -> {
                return (String) getAttrAsOrDefault(attribute, "Unknown");
            }).orElse("Unknown");
            String str3 = (String) Optional.ofNullable(dirContextOperations.getAttributes().get(this.ldapConfigProperties.getUserLastnameAttr())).map(attribute2 -> {
                return (String) getAttrAsOrDefault(attribute2, "Unknown");
            }).orElse("Unknown");
            Stream<? extends GrantedAuthority> stream2 = collection.stream();
            Class<Role> cls2 = Role.class;
            Objects.requireNonNull(Role.class);
            Role role2 = (Role) stream2.filter((v1) -> {
                return r1.isInstance(v1);
            }).findFirst().orElse(null);
            if (!this.ldapConfigProperties.getRoles().isEmpty() && role2 == null) {
                LOGGER.warn("ldap group mapping was specified, but no matching role could be found");
            }
            return this.userService.createDefaultUser(new UserInfoEssentials(str, str2, str3, role2), AbstractBaseUser.USER_AUTH_SOURCE_LDAP);
        }
    }

    public void mapUserToContext(UserDetails userDetails, DirContextAdapter dirContextAdapter) {
        throw new UnsupportedOperationException("not implemented");
    }

    private static <T> T getAttrAsOrDefault(Attribute attribute, T t) {
        try {
            T t2 = (T) attribute.get();
            return !t.getClass().isAssignableFrom(t2.getClass()) ? t : t2;
        } catch (NamingException | ClassCastException e) {
            return t;
        }
    }
}
