package fi.evolver.basics.spring.auth;

import fi.evolver.basics.spring.auth.entity.JwtToken;
import jakarta.servlet.http.HttpServletRequest;
import java.util.function.Supplier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.access.intercept.RequestAuthorizationContext;
import org.springframework.stereotype.Component;

@ConditionalOnProperty({JwtAuthorization.ENV_AUTHORIZATION_SECRET})
@Component
/* loaded from: input_file:fi/evolver/basics/spring/auth/JwtAuthorizationManager.class */
public final class JwtAuthorizationManager implements AuthorizationManager<RequestAuthorizationContext> {
    private static final Logger LOG = LoggerFactory.getLogger(JwtAuthorizationManager.class);

    @Autowired
    private JwtAuthorization jwtAuthorization;

    public AuthorizationDecision check(Supplier<Authentication> supplier, RequestAuthorizationContext requestAuthorizationContext) {
        HttpServletRequest request = requestAuthorizationContext.getRequest();
        JwtToken authorizeToken = this.jwtAuthorization.authorizeToken(request.getHeader("Authorization"));
        if (!authorizeToken.isFullyAuthenticated()) {
            LOG.info("Token: {} not authenticated", authorizeToken.getJwtId());
            return new AuthorizationDecision(false);
        }
        String servletPath = request.getServletPath();
        boolean hasPermission = authorizeToken.hasPermission(servletPath);
        LOG.info("HasPermission: {} => {}", servletPath, Boolean.valueOf(hasPermission));
        if (!hasPermission) {
            LOG.warn("Token {} missing permission {}", authorizeToken.getJwtId(), servletPath);
        }
        return new AuthorizationDecision(hasPermission);
    }

    public /* bridge */ /* synthetic */ AuthorizationDecision check(Supplier supplier, Object obj) {
        return check((Supplier<Authentication>) supplier, (RequestAuthorizationContext) obj);
    }
}
