package com.brienwheeler.web.spring.security;

import com.brienwheeler.lib.db.domain.DbId;
import com.brienwheeler.lib.util.ValidationUtils;
import com.brienwheeler.svc.users.IUserService;
import com.brienwheeler.svc.users.domain.User;
import java.util.ArrayList;
import java.util.Collection;
import javax.servlet.http.HttpSession;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:com/brienwheeler/web/spring/security/SecurityUtils.class */
public class SecurityUtils {
    private static final String LOGGED_IN_USER = "com.brienwheeler.web.spring.security.SecurityUtils.loggedInUser";

    private SecurityUtils() {
    }

    public static long getLoggedInUserId() {
        UserDetails loggedInUserDetails = getLoggedInUserDetails();
        if (loggedInUserDetails instanceof UserDetails) {
            return loggedInUserDetails.getUserId();
        }
        return 0L;
    }

    public static long ensureLoggedInUserId() {
        long loggedInUserId = getLoggedInUserId();
        if (loggedInUserId == 0) {
            throw new NoLoggedInUserException();
        }
        return loggedInUserId;
    }

    public static User getLoggedInUser(HttpSession httpSession, IUserService iUserService) {
        ValidationUtils.assertNotNull(httpSession, "session cannot be null");
        ValidationUtils.assertNotNull(iUserService, "userService cannot be null");
        long ensureLoggedInUserId = ensureLoggedInUserId();
        Object attribute = httpSession.getAttribute(LOGGED_IN_USER);
        if ((attribute instanceof User) && ((User) attribute).getId() == ensureLoggedInUserId) {
            return (User) attribute;
        }
        User findById = iUserService.findById(new DbId(User.class, ensureLoggedInUserId));
        if (findById == null) {
            throw new IllegalStateException("logged in user id not found in database");
        }
        httpSession.setAttribute(LOGGED_IN_USER, findById);
        return findById;
    }

    public static void setLoggedInUser(User user, Collection<? extends GrantedAuthority> collection) {
        ValidationUtils.assertNotNull(user, "user cannot be null");
        ValidationUtils.assertTrue(user.getId() != 0, "user cannot be unpersisted");
        ValidationUtils.assertNotNull(collection, "authorities cannot be null");
        SecurityContext context = SecurityContextHolder.getContext();
        if (context == null) {
            throw new IllegalStateException("can't set logged in user if securityContext is null");
        }
        if (context.getAuthentication() != null && !(context.getAuthentication() instanceof AnonymousAuthenticationToken) && context.getAuthentication().getPrincipal() != null) {
            Object principal = context.getAuthentication().getPrincipal();
            if (!(principal instanceof UserDetails) || ((UserDetails) principal).getUserId() != user.getId()) {
                throw new IllegalStateException("cannot overwrite currently logged in user");
            }
        }
        context.setAuthentication(new UsernamePasswordAuthenticationToken(new UserDetails(user, collection), user.getHashedPassword(), collection));
    }

    public static boolean loggedInUserHasRole(String str) {
        return getLoggedInUserGrantedAuthorities().contains(new SimpleGrantedAuthority(ValidationUtils.assertNotEmpty(str, "role cannot be empty")));
    }

    private static org.springframework.security.core.userdetails.UserDetails getLoggedInUserDetails() {
        SecurityContext context = SecurityContextHolder.getContext();
        if (context == null || context.getAuthentication() == null || context.getAuthentication().getPrincipal() == null || !(context.getAuthentication().getPrincipal() instanceof org.springframework.security.core.userdetails.UserDetails)) {
            return null;
        }
        return (org.springframework.security.core.userdetails.UserDetails) context.getAuthentication().getPrincipal();
    }

    private static Collection<? extends GrantedAuthority> getLoggedInUserGrantedAuthorities() {
        org.springframework.security.core.userdetails.UserDetails loggedInUserDetails = getLoggedInUserDetails();
        return loggedInUserDetails == null ? new ArrayList() : loggedInUserDetails.getAuthorities();
    }
}
