package io.confluent.kafkarest.auth;

import java.security.Principal;
import java.util.Objects;
import javax.annotation.Nullable;
import javax.naming.AuthenticationException;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/kafkarest/auth/CloudSecurityContext.class */
public final class CloudSecurityContext implements SecurityContext {
    private static final Logger log = LoggerFactory.getLogger(CloudSecurityContext.class);

    @Nullable
    private final Principal principal;
    private final boolean isSecure;
    public static final String BEARER_AUTH = "Bearer";

    public CloudSecurityContext(String str, UriInfo uriInfo) throws AuthenticationException {
        this.isSecure = uriInfo.getRequestUri().toString().startsWith("https");
        String[] split = str.split(" ");
        if (split.length == 2 && split[0].equals(BEARER_AUTH)) {
            this.principal = new CloudPrincipal((String) Objects.requireNonNull((String) uriInfo.getPathParameters(true).getFirst("clusterId")), split[1]);
        } else {
            log.error("Malformed authorization header; aborting request.");
            throw new AuthenticationException();
        }
    }

    @Nullable
    public Principal getUserPrincipal() {
        return this.principal;
    }

    public boolean isUserInRole(String str) {
        return true;
    }

    public boolean isSecure() {
        return this.isSecure;
    }

    public String getAuthenticationScheme() {
        return BEARER_AUTH;
    }
}
