package io.dialob.security.uaa;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.datatype.jdk8.Jdk8Module;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import feign.Feign;
import feign.jackson.JacksonDecoder;
import feign.jackson.JacksonEncoder;
import feign.slf4j.Slf4jLogger;
import io.dialob.common.Permissions;
import io.dialob.security.spring.oauth2.Groups2GrantedAuthorisations;
import io.dialob.security.spring.oauth2.OAuth2AuthenticationInterceptor;
import io.dialob.security.spring.oauth2.StreamingGrantedAuthoritiesMapper;
import io.dialob.security.spring.oauth2.UaaGroups2GroupGrantedAuthoritiesMapper;
import io.dialob.security.spring.oauth2.UsersAndGroupsService;
import io.dialob.security.spring.tenant.GrantedTenantAccessEvaluator;
import io.dialob.security.spring.tenant.MapTenantGroupToTenantGrantedAuthority;
import io.dialob.security.spring.tenant.TenantAccessEvaluator;
import io.dialob.security.uaa.spi.UaaClient;
import io.dialob.security.uaa.spi.UaaUsersAndGroupsService;
import io.dialob.settings.DialobSettings;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;

@Profile({"uaa"})
@Configuration(proxyBeanMethods = false)
/* loaded from: input_file:BOOT-INF/lib/dialob-security-uaa-2.1.21.jar:io/dialob/security/uaa/DialobSecurityUaaAutoConfiguration.class */
public class DialobSecurityUaaAutoConfiguration {
    @Bean
    public UaaClient uaaClient(DialobSettings dialobSettings) {
        ObjectMapper registerModules = new ObjectMapper().registerModules(new JavaTimeModule(), new Jdk8Module());
        return (UaaClient) Feign.builder().encoder(new JacksonEncoder(registerModules)).decoder(new JacksonDecoder(registerModules)).requestInterceptor(new OAuth2AuthenticationInterceptor(dialobSettings.getUaa().getUrl(), dialobSettings.getUaa().getClientId(), dialobSettings.getUaa().getClientSecret())).logger(new Slf4jLogger((Class<?>) DialobSecurityUaaAutoConfiguration.class)).target(UaaClient.class, dialobSettings.getUaa().getUrl());
    }

    @Bean
    public UsersAndGroupsService usersAndGroupsService(UaaClient uaaClient) {
        return new UaaUsersAndGroupsService(uaaClient);
    }

    @Bean
    public GrantedAuthoritiesMapper grantedAuthoritiesMapper(DialobSettings dialobSettings, Optional<UsersAndGroupsService> optional) {
        ArrayList arrayList = new ArrayList();
        Map<String, Set<String>> groupPermissions = dialobSettings.getSecurity().getGroupPermissions();
        arrayList.add(new Groups2GrantedAuthorisations(str -> {
            return (Collection) groupPermissions.getOrDefault(str, Collections.emptySet());
        }));
        arrayList.add(new MapTenantGroupToTenantGrantedAuthority(dialobSettings.getTenant().getEnv()));
        optional.ifPresent(usersAndGroupsService -> {
            arrayList.add(new UaaGroups2GroupGrantedAuthoritiesMapper(usersAndGroupsService));
        });
        return new StreamingGrantedAuthoritiesMapper(arrayList);
    }

    @Bean
    public TenantAccessEvaluator tenantAccessEvaluator() {
        return new GrantedTenantAccessEvaluator() { // from class: io.dialob.security.uaa.DialobSecurityUaaAutoConfiguration.1
            @Override // io.dialob.security.spring.tenant.GrantedTenantAccessEvaluator
            protected boolean canAccessAnyTenant(AbstractAuthenticationToken abstractAuthenticationToken) {
                return abstractAuthenticationToken.getAuthorities().stream().anyMatch(grantedAuthority -> {
                    return grantedAuthority.getAuthority().equals(Permissions.ALL_TENANTS);
                });
            }
        };
    }
}
