package org.endeavourhealth.common.security;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.SecurityContext;
import org.endeavourhealth.common.security.models.EndUser;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.representations.AccessToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/security-1.0-20170818.142221-3.jar:org/endeavourhealth/common/security/SecurityUtils.class
 */
/* loaded from: input_file:WEB-INF/lib/security-1.0-SNAPSHOT.jar:org/endeavourhealth/common/security/SecurityUtils.class */
public class SecurityUtils {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SecurityUtils.class);

    public static UUID getCurrentUserId(SecurityContext securityContext) {
        if (securityContext != null && securityContext.getUserPrincipal() != null) {
            return UUID.fromString(securityContext.getUserPrincipal().getName());
        }
        LOG.warn("Something appears to be wrong with the security configuration, SecurityContext is null.");
        return null;
    }

    public static KeycloakSecurityContext getKeycloakSecurityContext(SecurityContext securityContext) {
        if (securityContext != null && securityContext.getUserPrincipal() != null) {
            return securityContext.getUserPrincipal().getKeycloakSecurityContext();
        }
        LOG.warn("Something appears to be wrong with the security configuration, UserPrincipal is not as expected.");
        return null;
    }

    public static AccessToken getToken(SecurityContext securityContext) {
        if (securityContext == null || securityContext.getUserPrincipal() == null) {
            return null;
        }
        try {
            return securityContext.getUserPrincipal().getKeycloakSecurityContext().getToken();
        } catch (Exception e) {
            LOG.warn("Something appears to be wrong with the security configuration, UserPrincipal is not as expected.", (Throwable) e);
            return null;
        }
    }

    public static boolean hasRole(SecurityContext securityContext, String str) {
        AccessToken token = getToken(securityContext);
        if (token == null) {
            return false;
        }
        Iterator it = token.getRealmAccess().getRoles().iterator();
        while (it.hasNext()) {
            if (((String) it.next()).equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasOrganisationRole(SecurityContext securityContext, String str, String str2) {
        return hasOrganisationRole(securityContext, str, new String[]{str2});
    }

    public static boolean hasOrganisationRole(SecurityContext securityContext, String str, String[] strArr) {
        List<String> organisationRoles = getOrganisationRoles(securityContext, str);
        if (organisationRoles == null) {
            return false;
        }
        for (String str2 : organisationRoles) {
            for (String str3 : strArr) {
                if (str2.equalsIgnoreCase(str3)) {
                    return true;
                }
            }
        }
        return false;
    }

    public static Map<String, List<String>> getOrganisationRoles(SecurityContext securityContext) {
        List<Map> list;
        AccessToken token = getToken(securityContext);
        if (token == null || (list = (List) token.getOtherClaims().getOrDefault(OrgRoles.OTHER_CLAIMS_ORG_GROUPS, null)) == null) {
            return null;
        }
        HashMap hashMap = new HashMap();
        for (Map map : list) {
            ArrayList arrayList = new ArrayList();
            String str = (String) map.getOrDefault(OrgRoles.OTHER_CLAIMS_ORG_GROUPS_ORG_ID, null);
            List list2 = (List) map.getOrDefault(OrgRoles.OTHER_CLAIMS_ORG_GROUPS_ROLES, null);
            if (list2 != null && list2.size() > 0) {
                arrayList.addAll(list2);
            }
            if (!hashMap.containsKey(str)) {
                hashMap.put(str, new ArrayList());
            }
            ((List) hashMap.get(str)).addAll(arrayList);
        }
        HashMap hashMap2 = new HashMap();
        hashMap.forEach((str2, list3) -> {
        });
        return hashMap2;
    }

    public static List<String> getOrganisationRoles(SecurityContext securityContext, String str) {
        List<Map> list;
        List list2;
        AccessToken token = getToken(securityContext);
        if (token == null || (list = (List) token.getOtherClaims().getOrDefault(OrgRoles.OTHER_CLAIMS_ORG_GROUPS, null)) == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (Map map : list) {
            String str2 = (String) map.getOrDefault(OrgRoles.OTHER_CLAIMS_ORG_GROUPS_ORG_ID, null);
            if (str2 != null && str2.equalsIgnoreCase(str) && (list2 = (List) map.getOrDefault(OrgRoles.OTHER_CLAIMS_ORG_GROUPS_ROLES, null)) != null && list2.size() > 0) {
                arrayList.addAll(list2);
            }
        }
        return arrayList;
    }

    public static String getCurrentUserOrganisationId(ContainerRequestContext containerRequestContext) {
        String headerString = containerRequestContext.getHeaderString(OrgRoles.HEADER_ORGANISATION_ID);
        if (containerRequestContext.getUriInfo().getQueryParameters().containsKey(OrgRoles.OTHER_CLAIMS_ORG_GROUPS_ORG_ID)) {
            headerString = containerRequestContext.getUriInfo().getQueryParameters().getFirst(OrgRoles.OTHER_CLAIMS_ORG_GROUPS_ORG_ID);
        }
        return headerString;
    }

    public static EndUser getCurrentUser(SecurityContext securityContext) {
        EndUser endUser = null;
        AccessToken token = getToken(securityContext);
        if (token != null) {
            endUser = new EndUser(UUID.fromString(token.getSubject()), null, token.getGivenName(), token.getFamilyName(), token.getEmail(), Boolean.valueOf(RoleUtils.isEDSSuperUser(securityContext)));
        }
        return endUser;
    }
}
