package com.sap.cds.feature.xsuaa;

import com.sap.cds.feature.xsuaa.XsUaaToken;
import com.sap.cds.services.ErrorStatuses;
import com.sap.cds.services.ServiceException;
import com.sap.cds.services.authentication.AuthenticationInfo;
import com.sap.cds.services.authentication.JwtTokenAuthenticationInfo;
import com.sap.cds.services.environment.ServiceBinding;
import com.sap.cds.services.request.UserInfo;
import com.sap.cds.services.runtime.CdsRuntime;
import com.sap.cds.services.runtime.UserInfoProvider;
import com.sap.cds.services.utils.ClassMethods;
import com.sap.cds.services.utils.ErrorStatusException;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sap/cds/feature/xsuaa/XsuaaUserInfoProvider.class */
public class XsuaaUserInfoProvider implements UserInfoProvider {
    private static final Logger logger = LoggerFactory.getLogger(XsuaaUserInfoProvider.class);
    private final ServiceBinding uaaInstance;
    private final CdsRuntime runtime;

    /* loaded from: input_file:com/sap/cds/feature/xsuaa/XsuaaUserInfoProvider$XsuaaUserInfoImpl.class */
    private class XsuaaUserInfoImpl implements UserInfo {
        private final XsUaaToken jwt;
        private final String name;
        private final boolean isSystemUser;
        private final boolean isInternalUser;
        private final Set<String> roles;
        private final Map<String, List<String>> attributes;
        private final Set<String> unrestrictedAttributes;
        private static final String SPECIAL_ATTRIBUTE_TENANT = "tenant";
        private static final String EXTENSION_ATTRIBUTES = "ext_attr";
        private static final String BINDING_CLIENT_ID = "clientid";
        private static final String SERVICEINSTANCEID_ATTRIBUTE = "serviceinstanceid";
        private static final String SPECIAL_ATTRIBUTE_SERVICEINSTANCEID = "ext_attr.serviceinstanceid";
        private static final String UnrestrictedAttribute = "$unrestricted";
        private static final String SystemUserName = "system";
        private static final String InternalUserName = "system-internal";

        private XsuaaUserInfoImpl(XsUaaToken xsUaaToken) {
            this.jwt = xsUaaToken;
            this.isSystemUser = xsUaaToken.getGrantType() != null && (xsUaaToken.getGrantType().equals(XsUaaToken.GrantType.CLIENT_CREDENTIALS.toString()) || xsUaaToken.getGrantType().equals(XsUaaToken.GrantType.CLIENT_X509.toString()));
            this.isInternalUser = this.isSystemUser && xsUaaToken.getClientId() != null && xsUaaToken.getClientId().equals(XsuaaUserInfoProvider.this.uaaInstance.getCredentials().get(BINDING_CLIENT_ID));
            if (this.isInternalUser) {
                this.name = InternalUserName;
            } else if (this.isSystemUser) {
                this.name = SystemUserName;
            } else {
                String name = xsUaaToken.getName();
                if (name != null && XsuaaUserInfoProvider.this.runtime.getEnvironment().getCdsProperties().getSecurity().getXsuaa().isNormalizeUserNames()) {
                    name = xsUaaToken.getName().trim().toLowerCase(Locale.ENGLISH);
                }
                this.name = name;
            }
            String str = ((String) XsuaaUserInfoProvider.this.uaaInstance.getCredentials().get("xsappname")) + ".";
            this.roles = (Set) xsUaaToken.getScopes().stream().map(str2 -> {
                int indexOf = str2.indexOf(str);
                return indexOf >= 0 ? str2.substring(indexOf + str.length()) : str2;
            }).collect(Collectors.toSet());
            this.attributes = new TreeMap();
            this.unrestrictedAttributes = new TreeSet();
            for (Map.Entry<String, List<String>> entry : xsUaaToken.getUserAttributes().entrySet()) {
                List<String> value = entry.getValue();
                if (value != null) {
                    ArrayList arrayList = new ArrayList(value);
                    int size = arrayList.size();
                    String str3 = UnrestrictedAttribute;
                    arrayList.removeIf(str3::equalsIgnoreCase);
                    if (arrayList.size() != size) {
                        this.unrestrictedAttributes.add(entry.getKey());
                    }
                    this.attributes.put(entry.getKey(), arrayList);
                }
            }
            this.attributes.put(SPECIAL_ATTRIBUTE_TENANT, Collections.singletonList(xsUaaToken.getTenant()));
            Object obj = xsUaaToken.getExtensionAttributes().get(SERVICEINSTANCEID_ATTRIBUTE);
            if (obj == null || !(obj instanceof String)) {
                return;
            }
            this.attributes.put(SPECIAL_ATTRIBUTE_SERVICEINSTANCEID, Collections.singletonList((String) obj));
        }

        public String getId() {
            return this.jwt.getId();
        }

        public String getName() {
            return this.name;
        }

        public String getTenant() {
            return this.jwt.getTenant();
        }

        public Set<String> getRoles() {
            return this.roles;
        }

        public boolean isSystemUser() {
            return this.isSystemUser;
        }

        public boolean isInternalUser() {
            return this.isInternalUser;
        }

        public boolean isAuthenticated() {
            return true;
        }

        public boolean isPrivileged() {
            return false;
        }

        public Map<String, List<String>> getAttributes() {
            return this.attributes;
        }

        public Map<String, Object> getAdditionalAttributes() {
            return this.jwt.getAdditionalAttributes();
        }

        public Set<String> getUnrestrictedAttributes() {
            return this.unrestrictedAttributes;
        }

        public <T extends UserInfo> T as(Class<T> cls) {
            return (T) ClassMethods.as(cls, UserInfo.class, this, this::getAdditionalAttributes);
        }

        public String toString() {
            return MessageFormat.format("XsuaaUserInfo [id=''{0}'', name=''{1}'', roles=''{2}'', attributes=''{3}''", getId(), getName(), getRoles(), getAttributes());
        }
    }

    public XsuaaUserInfoProvider(ServiceBinding serviceBinding, CdsRuntime cdsRuntime) {
        this.uaaInstance = serviceBinding;
        this.runtime = cdsRuntime;
    }

    public UserInfo get() {
        AuthenticationInfo providedAuthenticationInfo = this.runtime.getProvidedAuthenticationInfo();
        if (providedAuthenticationInfo == null || !providedAuthenticationInfo.is(JwtTokenAuthenticationInfo.class)) {
            return null;
        }
        try {
            XsUaaToken parse = XsUaaToken.parse(providedAuthenticationInfo.as(JwtTokenAuthenticationInfo.class).getToken());
            logger.debug("Decoded XSUAA token: {}", parse.toString());
            XsuaaUserInfoImpl xsuaaUserInfoImpl = new XsuaaUserInfoImpl(parse);
            logger.debug("Resolved {}", xsuaaUserInfoImpl);
            return xsuaaUserInfoImpl;
        } catch (Exception e) {
            throw new ErrorStatusException(ErrorStatuses.UNAUTHORIZED, new Object[]{e});
        } catch (ServiceException e2) {
            throw e2;
        }
    }
}
