package org.jboss.pnc.auth;

import java.io.IOException;
import java.io.InputStream;
import java.util.HashSet;
import java.util.Properties;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.SecurityContext;
import org.jboss.logging.Logger;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;

/* loaded from: input_file:WEB-INF/lib/auth-0.9.1-SNAPSHOT.jar:org/jboss/pnc/auth/AuthenticationProvider.class */
public class AuthenticationProvider {
    public static final Logger log = Logger.getLogger(AuthenticationProvider.class);
    public static final String MSG = "Authentication could not be enabled";
    private static boolean enabled;
    private AccessToken auth;
    private AccessTokenResponse atr;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/auth-0.9.1-SNAPSHOT.jar:org/jboss/pnc/auth/AuthenticationProvider$DemoUser.class */
    public static final class DemoUser {
        static String token = "no-token";
        static String username = "demo-user";
        static String firstname = "Demo First Name";
        static String lastname = "Demo Last Name";
        static String email = "demo-user@pnc.com";
        static Set<String> roles = new HashSet();

        private DemoUser() {
        }

        public static final boolean hasRole(String str) {
            return str.contains(str);
        }

        static {
            roles.add("user");
        }
    }

    public AuthenticationProvider(HttpServletRequest httpServletRequest) {
        try {
            KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext) httpServletRequest.getAttribute(KeycloakSecurityContext.class.getName());
            if (keycloakSecurityContext == null) {
                handleAuthenticationProblem("KeycloakSecurityContext not available in the HttpServletRequest.");
            } else {
                this.auth = keycloakSecurityContext.getToken();
            }
        } catch (NoClassDefFoundError e) {
            handleAuthenticationProblem(e.getMessage(), e);
        }
    }

    public AuthenticationProvider(SecurityContext securityContext) {
        try {
            KeycloakPrincipal userPrincipal = securityContext.getUserPrincipal();
            if (userPrincipal == null) {
                handleAuthenticationProblem("No principal found in SecurityContext");
            } else {
                KeycloakSecurityContext keycloakSecurityContext = userPrincipal.getKeycloakSecurityContext();
                if (keycloakSecurityContext == null) {
                    handleAuthenticationProblem("No keycloak security context found in principal");
                } else {
                    this.auth = keycloakSecurityContext.getToken();
                }
            }
        } catch (NoClassDefFoundError e) {
            handleAuthenticationProblem(e.getMessage(), e);
        }
    }

    public AuthenticationProvider(AccessToken accessToken, AccessTokenResponse accessTokenResponse) {
        try {
            if (accessToken == null || accessTokenResponse == null) {
                handleAuthenticationProblem(accessToken == null ? "No access token" : "No access token response");
            } else {
                this.auth = accessToken;
                this.atr = accessTokenResponse;
            }
        } catch (NoClassDefFoundError e) {
            handleAuthenticationProblem(e.getMessage(), e);
        }
    }

    private void handleAuthenticationProblem(String str) {
        handleAuthenticationProblem(str, null);
    }

    private void handleAuthenticationProblem(String str, Throwable th) {
        log.warn("Authentication could not be enabled: " + str, th);
        if (enabled) {
            throw new AuthenticationException(MSG + str, th);
        }
        log.warn("using " + DemoUser.username + " instead");
    }

    public String getEmail() {
        return this.auth == null ? DemoUser.email : this.auth.getEmail();
    }

    public String getUserName() {
        return this.auth == null ? DemoUser.username : this.auth.getPreferredUsername();
    }

    public String getFirstName() {
        return this.auth == null ? DemoUser.firstname : this.auth.getGivenName();
    }

    public String getLastName() {
        return this.auth == null ? DemoUser.lastname : this.auth.getFamilyName();
    }

    public Set<String> getRole() {
        return this.auth == null ? DemoUser.roles : this.auth.getRealmAccess().getRoles();
    }

    public boolean isUserInRole(String str) {
        return this.auth == null ? DemoUser.hasRole(str) : this.auth.getRealmAccess().isUserInRole(str);
    }

    public AccessToken getAccessToken() {
        return this.auth;
    }

    public String getTokenString() {
        return this.atr != null ? this.atr.getToken() : DemoUser.token;
    }

    public String toString() {
        return "AuthenticationProvider [auth=" + this.auth + ", atr=" + this.atr + ", getEmail()=" + getEmail() + ", getUserName()=" + getUserName() + ", getFirstName()=" + getFirstName() + ", getLastName()=" + getLastName() + ", getRole()=" + getRole() + ", getAccessToken()=" + getAccessToken() + ", getTokenString()=" + getTokenString() + "]";
    }

    static {
        InputStream resourceAsStream = AuthenticationProvider.class.getResourceAsStream("/authentication.properties");
        if (resourceAsStream == null) {
            throw new AuthenticationException("authentication.properties not found");
        }
        Properties properties = new Properties();
        try {
            properties.load(resourceAsStream);
            enabled = Boolean.valueOf(properties.getProperty("authentication.enabled")).booleanValue();
        } catch (IOException e) {
            throw new AuthenticationException("Error processing authentication.properties", e);
        }
    }
}
