package no.nav.common.auth.context;

import com.nimbusds.jwt.JWTClaimsSet;
import java.util.Optional;
import no.nav.common.auth.Constants;
import no.nav.common.auth.utils.IdentUtils;
import no.nav.common.auth.utils.TokenUtils;
import no.nav.common.types.identer.NavIdent;
import no.nav.common.utils.fn.UnsafeRunnable;
import no.nav.common.utils.fn.UnsafeSupplier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:no/nav/common/auth/context/AuthContextHolder.class */
public interface AuthContextHolder {

    /* loaded from: input_file:no/nav/common/auth/context/AuthContextHolder$InternalLogger.class */
    public static final class InternalLogger {
        private static final Logger log = LoggerFactory.getLogger(AuthContextHolder.class);
    }

    void withContext(AuthContext authContext, UnsafeRunnable unsafeRunnable);

    <T> T withContext(AuthContext authContext, UnsafeSupplier<T> unsafeSupplier);

    default NavIdent requireNavIdent() {
        return getNavIdent().orElseThrow(() -> {
            return new IllegalStateException("NAV Ident is missing from AuthContext");
        });
    }

    default String requireSubject() {
        return getSubject().orElseThrow(() -> {
            return new IllegalStateException("Subject is missing from AuthContext");
        });
    }

    default String requireIdTokenString() {
        return getIdTokenString().orElseThrow(() -> {
            return new IllegalStateException("ID token is missing from AuthContext");
        });
    }

    default JWTClaimsSet requireIdTokenClaims() {
        return getIdTokenClaims().orElseThrow(() -> {
            return new IllegalStateException("ID token is missing from AuthContext");
        });
    }

    default UserRole requireRole() {
        return getRole().orElseThrow(() -> {
            return new IllegalStateException("User role is missing from AuthContext");
        });
    }

    default AuthContext requireContext() {
        return getContext().orElseThrow(() -> {
            return new IllegalStateException("AuthContext is missing");
        });
    }

    default Optional<String> getSubject() {
        return getIdTokenClaims().map((v0) -> {
            return v0.getSubject();
        });
    }

    default Optional<String> getIdTokenString() {
        return getContext().map((v0) -> {
            return v0.getIdToken();
        }).map(jwt -> {
            return (String) Optional.ofNullable(jwt.getParsedString()).orElse(jwt.serialize());
        });
    }

    default Optional<JWTClaimsSet> getIdTokenClaims() {
        return getContext().map((v0) -> {
            return v0.getIdToken();
        }).map(TokenUtils::getClaimsSet);
    }

    default Optional<NavIdent> getNavIdent() {
        return getIdTokenClaims().flatMap(jWTClaimsSet -> {
            return getStringClaim(jWTClaimsSet, Constants.AAD_NAV_IDENT_CLAIM);
        }).or(this::getSubject).map(NavIdent::of).filter(navIdent -> {
            boolean erGydligNavIdent = IdentUtils.erGydligNavIdent(navIdent.get());
            if (!erGydligNavIdent) {
                InternalLogger.log.error("NAV ident er ugyldig: " + navIdent);
            }
            return erGydligNavIdent;
        });
    }

    default Optional<String> getUid() {
        return erEksternBruker() ? getIdTokenClaims().flatMap(jWTClaimsSet -> {
            return getStringClaim(jWTClaimsSet, Constants.ID_PORTEN_PID_CLAIM);
        }).or(this::getSubject) : erInternBruker() ? getNavIdent().map((v0) -> {
            return v0.get();
        }).or(this::getSubject) : getSubject();
    }

    default Optional<String> getStringClaim(JWTClaimsSet jWTClaimsSet, String str) {
        try {
            return Optional.ofNullable(jWTClaimsSet.getStringClaim(str));
        } catch (Exception e) {
            InternalLogger.log.warn(str + " was not a string");
            return Optional.empty();
        }
    }

    default Optional<UserRole> getRole() {
        return getContext().map((v0) -> {
            return v0.getRole();
        });
    }

    Optional<AuthContext> getContext();

    void setContext(AuthContext authContext);

    default boolean erInternBruker() {
        return harBrukerRolle(UserRole.INTERN);
    }

    default boolean erSystemBruker() {
        return harBrukerRolle(UserRole.SYSTEM);
    }

    default boolean erEksternBruker() {
        return harBrukerRolle(UserRole.EKSTERN);
    }

    default boolean harBrukerRolle(UserRole userRole) {
        return ((Boolean) getRole().map(userRole2 -> {
            return Boolean.valueOf(userRole2 == userRole);
        }).orElse(false)).booleanValue();
    }
}
