package org.entur.jwt.spring.grpc;

import io.grpc.Context;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.entur.jwt.spring.filter.JwtAuthenticationToken;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:org/entur/jwt/spring/grpc/GrpcAuthorization.class */
public interface GrpcAuthorization {
    public static final Context.Key<Object> SECURITY_CONTEXT_AUTHENTICATION = Context.key("SECURITY_CONTEXT_AUTHENTICATION");
    public static final Context.Key<Object> SECURITY_CONTEXT_MDC = Context.key("SECURITY_CONTEXT_MDC");

    default Map<String, String> getAuthorizationMDC() {
        Object obj = SECURITY_CONTEXT_MDC.get();
        if (obj instanceof Map) {
            return (Map) obj;
        }
        return null;
    }

    default Object getPrincial() {
        Object obj = SECURITY_CONTEXT_AUTHENTICATION.get();
        if (obj instanceof JwtAuthenticationToken) {
            return ((JwtAuthenticationToken) obj).getPrincipal();
        }
        return null;
    }

    default JwtAuthenticationToken getToken() {
        Object obj = SECURITY_CONTEXT_AUTHENTICATION.get();
        if (obj instanceof JwtAuthenticationToken) {
            return (JwtAuthenticationToken) obj;
        }
        return null;
    }

    default void requireAnyAudience(String... strArr) {
        HashSet hashSet = new HashSet();
        Collections.addAll(hashSet, strArr);
        requireAnyAudience((Set<String>) hashSet);
    }

    default void requireAnyAudience(Collection<String> collection) {
        requireAnyAudience((Set<String>) new HashSet(collection));
    }

    default void requireAnyAudience(Set<String> set) {
        Object obj = SECURITY_CONTEXT_AUTHENTICATION.get();
        if (!(obj instanceof JwtAuthenticationToken)) {
            throw new AuthenticationCredentialsNotFoundException("");
        }
        if (!hasAnyAudience((JwtAuthenticationToken) obj, set)) {
            throw new AccessDeniedException("Not amoung required audiences.");
        }
    }

    default boolean hasAnyAudience(JwtAuthenticationToken jwtAuthenticationToken, Collection<String> collection) {
        return hasAnyAudience(jwtAuthenticationToken, (Set<String>) new HashSet(collection));
    }

    default boolean hasAnyAudience(JwtAuthenticationToken jwtAuthenticationToken, Set<String> set) {
        List asList;
        Object claim = jwtAuthenticationToken.getClaim("aud", Object.class);
        if (claim == null) {
            throw new IllegalArgumentException("Expected audience");
        }
        if (claim instanceof List) {
            asList = (List) claim;
        } else if (claim instanceof String) {
            asList = Arrays.asList((String) claim);
        } else {
            if (!(claim instanceof String[])) {
                throw new IllegalArgumentException("Unexpected claim type " + claim.getClass().getName());
            }
            asList = Arrays.asList((String[]) claim);
        }
        return (asList == null || Collections.disjoint(set, asList)) ? false : true;
    }

    default void requireAnyAuthority(String... strArr) {
        Object obj = SECURITY_CONTEXT_AUTHENTICATION.get();
        if ((obj instanceof JwtAuthenticationToken) && !hasAnyAuthority((JwtAuthenticationToken) obj, strArr)) {
            throw new AccessDeniedException("");
        }
        throw new AuthenticationCredentialsNotFoundException("");
    }

    default boolean hasAnyAuthority(JwtAuthenticationToken jwtAuthenticationToken, String... strArr) {
        for (GrantedAuthority grantedAuthority : jwtAuthenticationToken.getAuthorities()) {
            for (String str : strArr) {
                if (grantedAuthority.getAuthority().equals(str)) {
                    return true;
                }
            }
        }
        return false;
    }

    default void requireAllAuthorities(Collection<String> collection) {
        requireAllAuthorities((Set<String>) new HashSet(collection));
    }

    default void requireAllAuthorities(String... strArr) {
        HashSet hashSet = new HashSet();
        Collections.addAll(hashSet, strArr);
        requireAllAuthorities((Set<String>) hashSet);
    }

    default void requireAllAuthorities(Set<String> set) {
        Object obj = SECURITY_CONTEXT_AUTHENTICATION.get();
        if (!(obj instanceof JwtAuthenticationToken)) {
            throw new AuthenticationCredentialsNotFoundException("");
        }
        if (!hasAllAuthorities((JwtAuthenticationToken) obj, set)) {
            throw new AccessDeniedException("");
        }
    }

    default boolean hasAllAuthorities(JwtAuthenticationToken jwtAuthenticationToken, Set<String> set) {
        return ((Set) jwtAuthenticationToken.getAuthorities().stream().map(grantedAuthority -> {
            return grantedAuthority.getAuthority();
        }).collect(Collectors.toSet())).containsAll(set);
    }
}
