package net.krotscheck.kangaroo.authz.oauth2.authn;

import java.security.Principal;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import javax.security.auth.Subject;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.common.database.entity.OAuthToken;
import net.krotscheck.kangaroo.authz.oauth2.exception.RFC6749;
import net.krotscheck.kangaroo.common.hibernate.entity.AbstractEntity;
import net.krotscheck.kangaroo.util.ObjectUtil;

/* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/authn/O2Principal.class */
public final class O2Principal implements Principal {
    private final Client contextClient;
    private final OAuthToken oAuthToken;

    public O2Principal() {
        this(null, null);
    }

    public O2Principal(Client client) {
        this(client, null);
    }

    public O2Principal(OAuthToken oAuthToken) {
        this((Client) Optional.ofNullable(oAuthToken).map((v0) -> {
            return v0.getClient();
        }).orElse(null), oAuthToken);
    }

    private O2Principal(Client client, OAuthToken oAuthToken) {
        this.contextClient = (Client) Optional.ofNullable(client).filter(client2 -> {
            return !Objects.isNull(client2.getId());
        }).orElse(null);
        this.oAuthToken = (OAuthToken) Optional.ofNullable(oAuthToken).filter(oAuthToken2 -> {
            return !Objects.isNull(oAuthToken2.getId());
        }).orElse(null);
    }

    public OAuthToken getOAuthToken() {
        return this.oAuthToken;
    }

    protected <T extends AbstractEntity> T sameOrOne(T t, T t2) {
        if (t == null) {
            return t2;
        }
        if (t2 != null && !t.equals(t2)) {
            throw new RFC6749.AccessDeniedException();
        }
        return t;
    }

    @Override // java.security.Principal
    public String getName() {
        if (Objects.isNull(this.contextClient)) {
            return null;
        }
        return this.contextClient.getName();
    }

    @Override // java.security.Principal
    public boolean implies(Subject subject) {
        return false;
    }

    public String getScheme() {
        return this.oAuthToken == null ? ((O2AuthScheme) Optional.ofNullable(this.contextClient).map(client -> {
            return client.isPublic().booleanValue() ? O2AuthScheme.ClientPublic : O2AuthScheme.ClientPrivate;
        }).orElse(O2AuthScheme.None)).toString() : O2AuthScheme.BearerToken.toString();
    }

    public Client getContext() {
        return this.contextClient;
    }

    public O2Principal merge(Principal principal) {
        O2Principal o2Principal = (O2Principal) ObjectUtil.safeCast(principal, O2Principal.class).orElse(null);
        if (Objects.isNull(o2Principal)) {
            return new O2Principal(this.contextClient, this.oAuthToken);
        }
        O2Principal o2Principal2 = new O2Principal((Client) sameOrOne(this.contextClient, o2Principal.contextClient), (OAuthToken) sameOrOne(this.oAuthToken, o2Principal.oAuthToken));
        if (Stream.of((Object[]) new String[]{getScheme(), o2Principal.getScheme()}).map(O2AuthScheme::valueOf).distinct().filter(o2AuthScheme -> {
            return !o2AuthScheme.equals(O2AuthScheme.None);
        }).count() > 1) {
            throw new RFC6749.AccessDeniedException();
        }
        return o2Principal2;
    }

    @Override // java.security.Principal
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        return ObjectUtil.safeCast(obj, O2Principal.class).filter(o2Principal -> {
            return com.google.common.base.Objects.equal(getScheme(), o2Principal.getScheme());
        }).filter(o2Principal2 -> {
            return com.google.common.base.Objects.equal(getContext(), o2Principal2.getContext());
        }).filter(o2Principal3 -> {
            return com.google.common.base.Objects.equal(getOAuthToken(), o2Principal3.getOAuthToken());
        }).isPresent();
    }

    @Override // java.security.Principal
    public int hashCode() {
        return com.google.common.base.Objects.hashCode(new Object[]{getScheme(), getContext(), getOAuthToken()});
    }
}
