package io.devhq.client.credentials;

import javax.servlet.http.HttpServletRequest;
import javax.validation.ValidationException;
import org.keycloak.TokenVerifier;
import org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount;
import org.keycloak.representations.JsonWebToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:io/devhq/client/credentials/JwtUtils.class */
public class JwtUtils {
    private static final Logger logger = LoggerFactory.getLogger(JwtUtils.class);
    private final TokenManagerConfig tokenManagerConfig;

    public JwtUtils(TokenManagerConfig tokenManagerConfig) {
        this.tokenManagerConfig = tokenManagerConfig;
    }

    private int extractUserIdFromJwt(String str) {
        Integer extractIntegerFromJwt = extractIntegerFromJwt(str, this.tokenManagerConfig.getUserIdAttributeName());
        if (extractIntegerFromJwt == null) {
            logger.error("Requesting client is not an end user, hence token does not contain gitlab user id!");
            throw new ValidationException();
        }
        if (extractIntegerFromJwt.intValue() > 0) {
            return extractIntegerFromJwt.intValue();
        }
        logger.error("User id may not be none positive number! API seems to be hacked! Please report this to admin");
        throw new ValidationException();
    }

    private int extractUserIdFromJwt() {
        Integer extractIntegerFromJwt = extractIntegerFromJwt(this.tokenManagerConfig.getUserIdAttributeName());
        if (extractIntegerFromJwt == null) {
            logger.error("Requesting client is not an end user, hence token does not contain gitlab user id!");
            throw new ValidationException();
        }
        if (extractIntegerFromJwt.intValue() > 0) {
            return extractIntegerFromJwt.intValue();
        }
        logger.error("User id may not be none positive number! API seems to be hacked! Please report this to admin");
        throw new ValidationException();
    }

    public String extractStringFromJwt(String str) {
        Object claim = getClaim(str);
        if (claim == null) {
            return null;
        }
        return String.valueOf(claim);
    }

    public String extractStringFromJwt(String str, String str2) {
        Object claim = getClaim(str, str2);
        if (claim == null) {
            return null;
        }
        return String.valueOf(claim);
    }

    public Integer extractIntegerFromJwt(String str) {
        String extractStringFromJwt = extractStringFromJwt(str);
        if (extractStringFromJwt == null) {
            return null;
        }
        return Integer.valueOf(extractStringFromJwt);
    }

    public Integer extractIntegerFromJwt(String str, String str2) {
        String extractStringFromJwt = extractStringFromJwt(str, str2);
        if (extractStringFromJwt == null) {
            return null;
        }
        return Integer.valueOf(extractStringFromJwt);
    }

    private Object getClaim(String str) {
        return ((SimpleKeycloakAccount) SecurityContextHolder.getContext().getAuthentication().getDetails()).getKeycloakSecurityContext().getToken().getOtherClaims().get(str);
    }

    private Object getClaim(String str, String str2) {
        try {
            return TokenVerifier.create(str, JsonWebToken.class).getToken().getOtherClaims().get(str2);
        } catch (Exception e) {
            return null;
        }
    }

    public String extractJwtToken() {
        return ((SimpleKeycloakAccount) SecurityContextHolder.getContext().getAuthentication().getDetails()).getKeycloakSecurityContext().getTokenString();
    }

    public String getName() {
        return ((SimpleKeycloakAccount) SecurityContextHolder.getContext().getAuthentication().getDetails()).getKeycloakSecurityContext().getToken().getName();
    }

    public boolean isInternalUser(HttpServletRequest httpServletRequest) {
        return httpServletRequest.isUserInRole(this.tokenManagerConfig.getMachineRole()) || httpServletRequest.isUserInRole(this.tokenManagerConfig.getAdminRole());
    }

    public boolean isExternalUser(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.isUserInRole(this.tokenManagerConfig.getMachineRole()) || httpServletRequest.isUserInRole(this.tokenManagerConfig.getAdminRole()) || (!httpServletRequest.isUserInRole(this.tokenManagerConfig.getUserRole()) && !httpServletRequest.isUserInRole(this.tokenManagerConfig.getSuperCustomerRole()) && !httpServletRequest.isUserInRole(this.tokenManagerConfig.getCustomerRole()))) ? false : true;
    }

    public boolean isCustomer(HttpServletRequest httpServletRequest) {
        return httpServletRequest.isUserInRole(this.tokenManagerConfig.getCustomerRole());
    }

    public boolean isCustomer(String str) {
        String extractStringFromJwt = extractStringFromJwt(str, this.tokenManagerConfig.getCustomerIdAttributeName());
        return extractStringFromJwt != null && extractStringFromJwt.equalsIgnoreCase(this.tokenManagerConfig.getCustomerRole());
    }

    public boolean isSuperCustomer(HttpServletRequest httpServletRequest) {
        return httpServletRequest.isUserInRole(this.tokenManagerConfig.getSuperCustomerRole());
    }

    public boolean isSuperCustomer(String str) {
        String extractStringFromJwt = extractStringFromJwt(str, this.tokenManagerConfig.getCustomerIdAttributeName());
        return extractStringFromJwt != null && extractStringFromJwt.equalsIgnoreCase(this.tokenManagerConfig.getSuperCustomerRole());
    }

    public boolean isCustomerOrSuperCustomer(String str) {
        return isCustomer(str) || isSuperCustomer(str);
    }

    public boolean isChmOrCore(HttpServletRequest httpServletRequest) {
        return isInternalUser(httpServletRequest);
    }

    public boolean isCustomerOrSuperCustomer(HttpServletRequest httpServletRequest) {
        return isCustomer(httpServletRequest) || isSuperCustomer(httpServletRequest);
    }

    public String getCustomerId(HttpServletRequest httpServletRequest) {
        String extractStringFromJwt = extractStringFromJwt(this.tokenManagerConfig.getCustomerIdAttributeName());
        if (extractStringFromJwt == null && isChmOrCore(httpServletRequest)) {
            return TokenManagerConfig.DEVHQ_ADMIN_CUSTOMER_ID;
        }
        if (extractStringFromJwt == null && isExternalUser(httpServletRequest)) {
            return TokenManagerConfig.DEVELOPER_CUSTOMER_ID;
        }
        if (extractStringFromJwt != null || !isCustomerOrSuperCustomer(httpServletRequest)) {
            return extractStringFromJwt;
        }
        logger.error("Requesting client is not an end user, hence token does not contain customer id!");
        throw new ValidationException();
    }

    public int getGitlabUserId(HttpServletRequest httpServletRequest) {
        if (isChmOrCore(httpServletRequest)) {
            return 0;
        }
        return extractUserIdFromJwt();
    }

    public TokenManagerConfig getTokenManagerConfig() {
        return this.tokenManagerConfig;
    }
}
