package org.nentangso.core.service.provider;

import java.util.Base64;
import java.util.BitSet;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.nentangso.core.client.NtsKeycloakClient;
import org.nentangso.core.client.vm.KeycloakClientRole;
import org.nentangso.core.config.NtsKeycloakLocationProperties;
import org.nentangso.core.service.dto.LocationDTO;
import org.nentangso.core.service.errors.NtsNotFoundException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.http.ResponseEntity;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.stereotype.Service;

@ConditionalOnProperty(prefix = "nts.helper.location", name = {"provider"}, havingValue = NtsKeycloakLocationProvider.PROVIDER_NAME)
@Service
/* loaded from: input_file:org/nentangso/core/service/provider/NtsKeycloakLocationProvider.class */
public class NtsKeycloakLocationProvider implements NtsLocationProvider {
    private static final Logger log = LoggerFactory.getLogger(NtsKeycloakLocationProvider.class);
    public static final String PROVIDER_NAME = "keycloak";

    @Value("${nts.helper.location.claim:}")
    private String claim;
    private final NtsKeycloakLocationProperties keycloakLocationProperties;
    private final NtsKeycloakClient keycloakClient;

    public NtsKeycloakLocationProvider(NtsKeycloakLocationProperties ntsKeycloakLocationProperties, NtsKeycloakClient ntsKeycloakClient) {
        this.keycloakLocationProperties = ntsKeycloakLocationProperties;
        this.keycloakClient = ntsKeycloakClient;
        validateKeycloakProperties();
    }

    private void validateKeycloakProperties() {
        if (StringUtils.isBlank(this.keycloakLocationProperties.getAdminBaseUrl())) {
            throw new RuntimeException("Keycloak provider requires property nts.helper.location.keycloak.admin-base-url");
        }
        if (StringUtils.isBlank(this.keycloakLocationProperties.getInternalClientId())) {
            throw new RuntimeException("Keycloak provider requires property nts.helper.location.keycloak.internal-client-id");
        }
    }

    @Override // org.nentangso.core.service.provider.NtsLocationProvider
    public Set<Long> findAllIds() {
        ResponseEntity<List<KeycloakClientRole>> findClientRoles = this.keycloakClient.findClientRoles(this.keycloakLocationProperties.getInternalClientId(), false);
        if (!findClientRoles.getStatusCode().is2xxSuccessful() || findClientRoles.getBody() == null) {
            log.error("Cannot fetch client roles {}", findClientRoles);
            throw new AccessDeniedException("Cannot fetch client roles");
        }
        Set<Long> locationIds = toLocationIds((Collection) findClientRoles.getBody());
        log.debug("Fetch success location_ids {}", locationIds);
        return locationIds;
    }

    public Set<Long> toLocationIds(Collection<KeycloakClientRole> collection) {
        return (Set) ((Collection) Optional.ofNullable(collection).orElseGet(Collections::emptyList)).stream().map(keycloakClientRole -> {
            try {
                return Long.valueOf(Long.parseUnsignedLong(keycloakClientRole.getName()));
            } catch (NumberFormatException e) {
                return null;
            }
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toSet());
    }

    @Override // org.nentangso.core.service.provider.NtsLocationProvider
    public Optional<LocationDTO> findById(Long l) {
        ResponseEntity<KeycloakClientRole> findClientRole = this.keycloakClient.findClientRole(this.keycloakLocationProperties.getInternalClientId(), String.valueOf(l));
        if (findClientRole.getStatusCode().is2xxSuccessful()) {
            return toLocationDTO((KeycloakClientRole) findClientRole.getBody());
        }
        log.error("Cannot fetch client role #{} => {}", l, findClientRole);
        throw new NtsNotFoundException(String.format("Cannot fetch client role #%s", l));
    }

    private Optional<LocationDTO> toLocationDTO(KeycloakClientRole keycloakClientRole) {
        return Optional.ofNullable(keycloakClientRole).map(keycloakClientRole2 -> {
            LocationDTO locationDTO = new LocationDTO();
            locationDTO.setId(Long.valueOf(Long.parseUnsignedLong(keycloakClientRole2.getName())));
            locationDTO.setName(keycloakClientRole.getDescription());
            return locationDTO;
        });
    }

    @Override // org.nentangso.core.service.provider.NtsLocationProvider
    public boolean isGrantedAnyLocations() {
        Jwt principal = getPrincipal();
        if (principal.hasClaim(this.claim)) {
            return getByteLocations(principal.getClaimAsString(this.claim)).get(0);
        }
        return false;
    }

    @Override // org.nentangso.core.service.provider.NtsLocationProvider
    public boolean hasGrantedLocation(Integer num) {
        Jwt principal = getPrincipal();
        if (!principal.hasClaim(this.claim)) {
            return false;
        }
        BitSet byteLocations = getByteLocations(principal.getClaimAsString(this.claim));
        if (num.intValue() > byteLocations.length() - 1) {
            return false;
        }
        return byteLocations.get(num.intValue());
    }

    private Jwt getPrincipal() {
        return (Jwt) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    }

    private BitSet getByteLocations(String str) {
        return BitSet.valueOf(Base64.getDecoder().decode(str));
    }
}
