package be.atbash.ee.security.octopus.sso;

import be.atbash.ee.security.octopus.authc.AuthenticationInfo;
import be.atbash.ee.security.octopus.authz.AuthorizationInfo;
import be.atbash.ee.security.octopus.authz.permission.PermissionJSONProvider;
import be.atbash.ee.security.octopus.authz.permission.StringPermissionLookup;
import be.atbash.ee.security.octopus.config.Debug;
import be.atbash.ee.security.octopus.config.OctopusCoreConfiguration;
import be.atbash.ee.security.octopus.config.exception.ConfigurationException;
import be.atbash.ee.security.octopus.realm.AuthorizationInfoBuilder;
import be.atbash.ee.security.octopus.realm.SecurityDataProvider;
import be.atbash.ee.security.octopus.sso.client.ClientCustomization;
import be.atbash.ee.security.octopus.sso.client.SSOAuthenticationInfoBuilder;
import be.atbash.ee.security.octopus.sso.client.config.OctopusSSOServerClientConfiguration;
import be.atbash.ee.security.octopus.sso.client.requestor.PermissionRequestor;
import be.atbash.ee.security.octopus.sso.core.token.OctopusSSOToken;
import be.atbash.ee.security.octopus.subject.PrincipalCollection;
import be.atbash.ee.security.octopus.token.AuthenticationToken;
import be.atbash.util.CDIUtils;
import be.atbash.util.StringUtils;
import be.atbash.util.exception.AtbashUnexpectedException;
import java.lang.annotation.Annotation;
import java.util.List;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Produces;
import javax.inject.Inject;
import javax.ws.rs.core.Configuration;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:be/atbash/ee/security/octopus/sso/SSOClientSecurityDataProvider.class */
public class SSOClientSecurityDataProvider extends SecurityDataProvider {

    @Inject
    private Logger logger;

    @Inject
    private OctopusCoreConfiguration coreConfiguration;

    @Inject
    private OctopusSSOServerClientConfiguration serverClientConfiguration;
    private PermissionRequestor permissionRequestor;

    @PostConstruct
    public void init() {
        PermissionJSONProvider permissionJSONProvider = (PermissionJSONProvider) CDIUtils.retrieveOptionalInstance(PermissionJSONProvider.class, new Annotation[0]);
        if (permissionJSONProvider == null) {
            permissionJSONProvider = new PermissionJSONProvider();
        }
        ClientCustomization clientCustomization = (ClientCustomization) CDIUtils.retrieveOptionalInstance(ClientCustomization.class, new Annotation[0]);
        if (clientCustomization == null) {
            this.permissionRequestor = new PermissionRequestor(this.coreConfiguration, this.serverClientConfiguration, (ClientCustomization) null, (Configuration) null, permissionJSONProvider);
        } else {
            this.permissionRequestor = new PermissionRequestor(this.coreConfiguration, this.serverClientConfiguration, clientCustomization, clientCustomization.getConfiguration(PermissionRequestor.class), permissionJSONProvider);
        }
    }

    public AuthenticationInfo getAuthenticationInfo(AuthenticationToken authenticationToken) {
        if (authenticationToken instanceof OctopusSSOToken) {
            return new SSOAuthenticationInfoBuilder((OctopusSSOToken) authenticationToken).getAuthenticationInfo();
        }
        return null;
    }

    public AuthorizationInfo getAuthorizationInfo(PrincipalCollection principalCollection) {
        OctopusSSOToken userInfo = principalCollection.getPrimaryPrincipal().getUserInfo("token");
        AuthorizationInfoBuilder authorizationInfoBuilder = new AuthorizationInfoBuilder();
        if (!(userInfo instanceof OctopusSSOToken)) {
            throw new AtbashUnexpectedException("UserPrincipal should be based OctopusSSOToken. Did you use fakeLogin Module and forget to define Permissions for the fake user?");
        }
        OctopusSSOToken octopusSSOToken = userInfo;
        String accessToken = octopusSSOToken.getAccessToken();
        if (this.coreConfiguration.showDebugFor().contains(Debug.SSO_FLOW)) {
            this.logger.info(String.format("(SSO Client) Retrieving authorization info for user %s from Octopus SSO Server", octopusSSOToken.getFullName()));
        }
        authorizationInfoBuilder.addPermissions(this.permissionRequestor.retrieveUserPermissions(accessToken));
        return authorizationInfoBuilder.build();
    }

    @ApplicationScoped
    @Produces
    public StringPermissionLookup createLookup() {
        if (this.coreConfiguration.showDebugFor().contains(Debug.SSO_FLOW)) {
            this.logger.info(String.format("(SSO Client) Retrieving all permissions for application %s", this.serverClientConfiguration.getSSOApplication()));
        }
        if (StringUtils.isEmpty(this.serverClientConfiguration.getSSOApplication())) {
            return new StringPermissionLookup();
        }
        List retrieveAllPermissions = this.permissionRequestor.retrieveAllPermissions();
        if (!retrieveAllPermissions.isEmpty()) {
            return new StringPermissionLookup(retrieveAllPermissions);
        }
        if (isFakeLoginActive()) {
        }
        throw new ConfigurationException("Unable to create StringPermissionLookup, See ??? for solutions");
    }

    private boolean isFakeLoginActive() {
        return false;
    }
}
