package com.cumulocity.model.user;

import com.cumulocity.model.acl.ACLExpression;
import com.cumulocity.model.acl.ACLExpressionUtils;
import com.cumulocity.model.acl.ACLPermission;
import com.cumulocity.model.acl.InventoryACLPermission;
import com.cumulocity.model.application.ApplicationUser;
import com.cumulocity.model.role.inventory.InventoryPermission;
import com.cumulocity.model.role.inventory.InventoryRole;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.GrantedAuthorityImpl;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:com/cumulocity/model/user/CurrentUser.class */
public class CurrentUser extends User implements UserDetails {
    private static final long serialVersionUID = -8314064995303400684L;
    private final Set<GrantedAuthority> authorities;
    private List<ACLPermission> allDevicePermissions;
    private String passwordResetToken;

    public static CumulocityAuthentication getAuthentication() {
        SecurityContext context = SecurityContextHolder.getContext();
        if (context == null) {
            return null;
        }
        Authentication authentication = context.getAuthentication();
        if (authentication instanceof CumulocityAuthentication) {
            return (CumulocityAuthentication) authentication;
        }
        return null;
    }

    public static CurrentUser get() {
        CumulocityAuthentication authentication = getAuthentication();
        if (authentication == null) {
            return null;
        }
        return authentication.getCurrentUser();
    }

    public static CurrentUser getOrThrowAccessDenied() {
        CurrentUser currentUser = get();
        if (currentUser == null) {
            throw new AccessDeniedException("Access is denied");
        }
        return currentUser;
    }

    public CurrentUser(User user) {
        super(user);
        this.authorities = new HashSet();
        this.allDevicePermissions = new LinkedList();
        initAuthorities(user);
        initAllDevicePermissions(user);
    }

    public boolean isA(ApplicationUser.ApplicationUserType applicationUserType) {
        Optional of = ApplicationUser.ApplicationUserType.of(getUsername());
        return of.isPresent() && of.get() == applicationUserType;
    }

    public Collection<GrantedAuthority> getAuthorities() {
        return this.authorities;
    }

    public boolean isAccountNonExpired() {
        return isEnabled();
    }

    public boolean isAccountNonLocked() {
        return isEnabled();
    }

    public boolean isCredentialsNonExpired() {
        return isEnabled();
    }

    public boolean isEnabled() {
        return Boolean.TRUE.equals(getEnabled());
    }

    public String getPasswordResetToken() {
        return this.passwordResetToken;
    }

    public void setPasswordResetToken(String str) {
        this.passwordResetToken = str;
    }

    public List<ACLPermission> getAllACLPermissions() {
        return this.allDevicePermissions;
    }

    public Iterable<ACLExpression> findACLPermissionByManagedObject(String str) {
        return ACLExpressionUtils.getACLExpressionsForId(this.allDevicePermissions, str);
    }

    public boolean hasAuthority(Authority authority) {
        return hasAuthority((GrantedAuthority) authority);
    }

    public boolean hasAuthority(DefaultAuthority defaultAuthority) {
        return hasAuthority((GrantedAuthority) defaultAuthority);
    }

    public boolean hasAuthority(String str) {
        return hasAuthority((GrantedAuthority) new GrantedAuthorityImpl(str));
    }

    public boolean hasAuthority(GrantedAuthority grantedAuthority) {
        return Authorities.containsAuthority(getAuthorities(), grantedAuthority);
    }

    private void initAuthorities(User user) {
        addAuthorities(user.getRoles());
        if (user.getGroups() != null) {
            Iterator<Group> it = user.getGroups().iterator();
            while (it.hasNext()) {
                addAuthorities(it.next().getRoles());
            }
        }
    }

    private void addAuthorities(Collection<Authority> collection) {
        if (collection == null) {
            return;
        }
        Iterator<Authority> it = collection.iterator();
        while (it.hasNext()) {
            this.authorities.add(it.next());
        }
    }

    private void initAllDevicePermissions(User user) {
        this.allDevicePermissions.addAll(user.getDevicePermissions());
        if (user.getGroups() != null) {
            Iterator<Group> it = user.getGroups().iterator();
            while (it.hasNext()) {
                this.allDevicePermissions.addAll(it.next().getDevicePermissions());
            }
        }
        for (InventoryAssignment inventoryAssignment : user.getInventoryAssignments()) {
            Iterator<InventoryRole> it2 = inventoryAssignment.getRoles().iterator();
            while (it2.hasNext()) {
                Iterator<InventoryPermission> it3 = it2.next().getPermissions().iterator();
                while (it3.hasNext()) {
                    this.allDevicePermissions.add(new InventoryACLPermission(inventoryAssignment.getManagedObject(), it3.next()));
                }
            }
        }
    }
}
