package dev.soffa.foundation.spring.service;

import com.google.common.collect.ImmutableSet;
import dev.soffa.foundation.commons.Logger;
import dev.soffa.foundation.commons.TextUtil;
import dev.soffa.foundation.context.Context;
import dev.soffa.foundation.model.Authentication;
import dev.soffa.foundation.security.AuthManager;
import dev.soffa.foundation.security.PlatformAuthManager;
import dev.soffa.foundation.security.TokenProvider;
import dev.soffa.foundation.spring.config.NoopAuthManager;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:dev/soffa/foundation/spring/service/LocalPlatformAuthManager.class */
public class LocalPlatformAuthManager implements PlatformAuthManager {
    private static final Logger LOG = Logger.get(PlatformAuthManager.class);
    private final TokenProvider tokens;
    private final ApplicationContext context;

    public LocalPlatformAuthManager(ApplicationContext applicationContext, @Autowired(required = false) TokenProvider tokenProvider) {
        this.tokens = tokenProvider;
        this.context = applicationContext;
    }

    private AuthManager getAuthManager() {
        return this.context.getBeanNamesForType(AuthManager.class).length == 0 ? new NoopAuthManager() : (AuthManager) this.context.getBean(AuthManager.class);
    }

    private Authentication authenticate(Context context, String str) {
        Authentication authenticate = getAuthManager().authenticate(context, str);
        if (authenticate != null) {
            LOG.info("Authentication provided by local %s", new Object[]{getAuthManager().getClass().getName()});
            return authenticate;
        }
        if (this.tokens == null) {
            LOG.info("No tokensProvider available, retuning empty authentication", new Object[0]);
            return null;
        }
        LOG.info("Decoding token with TokenProvider", new Object[0]);
        return this.tokens.decode(str);
    }

    private Authentication authenticate(Context context, String str, String str2) {
        return getAuthManager().authenticate(context, str, str2);
    }

    public void handle(Context context) {
        handle(context, context.getAuthorization());
    }

    public void handle(Context context, String str) {
        if (TextUtil.isEmpty(str)) {
            return;
        }
        Authentication authentication = null;
        if (str.toLowerCase().startsWith("bearer ")) {
            String trim = str.substring("bearer ".length()).trim();
            LOG.debug("Bearer authorization header received", new Object[0]);
            authentication = authenticate(context, trim);
        } else if (str.toLowerCase().startsWith("basic ")) {
            LOG.debug("Basic authorization header received", new Object[0]);
            String[] split = new String(Base64.getDecoder().decode(str.substring("basic ".length()).trim())).split(":");
            if (split.length >= 1) {
                String str2 = split[0];
                String str3 = split.length > 1 ? split[1] : "";
                authentication = (this.tokens == null || !str3.equals(this.tokens.getConfig().getSecret())) ? authenticate(context, str2, str3) : Authentication.builder().application(str2).tenantId(context.getTenantId()).principal(str2).permissions(ImmutableSet.of("service")).roles(ImmutableSet.of("service")).build();
            }
        } else {
            LOG.warn("An authorization header was found but it is not a bearer or basic authorization header", new Object[0]);
        }
        if (authentication == null) {
            LOG.debug("auth.username: guest", new Object[0]);
            return;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("auth.username: %s", new Object[]{authentication.getUsername()});
            LOG.debug("auth.tenant: %s", new Object[]{authentication.getTenantId()});
            LOG.debug("auth.app: %s", new Object[]{context.getApplicationName()});
            if (authentication.getClaims() != null) {
                LOG.debug("auth.claims: %d", new Object[]{Integer.valueOf(authentication.getClaims().size())});
                for (Map.Entry entry : authentication.getClaims().entrySet()) {
                    LOG.debug("auth.claims %s --> %s", new Object[]{entry.getKey(), entry.getValue()});
                }
            }
        }
        context.setAuthentication(authentication);
        context.setAuthorization(str);
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(context, (Object) null, createPermissions(context, authentication)));
    }

    private List<GrantedAuthority> createPermissions(Context context, Authentication authentication) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new SimpleGrantedAuthority("authenticated"));
        if (authentication.getProfile() != null) {
            arrayList.add(new SimpleGrantedAuthority("user"));
            arrayList.add(new SimpleGrantedAuthority("has_user_profile"));
        } else {
            arrayList.add(new SimpleGrantedAuthority("application"));
        }
        if (TextUtil.isNotEmpty(new String[]{context.getApplicationName()})) {
            arrayList.add(new SimpleGrantedAuthority("has_application"));
        }
        if (context.getTenantId() != null) {
            arrayList.add(new SimpleGrantedAuthority("has_tenant"));
        }
        if (authentication.getRoles() != null) {
            for (String str : authentication.getRoles()) {
                if (TextUtil.isNotEmpty(new String[]{str})) {
                    arrayList.add(new SimpleGrantedAuthority(str.trim()));
                }
            }
        }
        if (authentication.getPermissions() != null) {
            for (String str2 : authentication.getPermissions()) {
                if (TextUtil.isNotEmpty(new String[]{str2})) {
                    arrayList.add(new SimpleGrantedAuthority(str2.trim()));
                }
            }
        }
        return arrayList;
    }
}
