package org.damap.base.security;

import io.quarkus.arc.DefaultBean;
import io.quarkus.arc.Unremovable;
import io.quarkus.oidc.runtime.OidcJwtCallerPrincipal;
import io.quarkus.security.UnauthorizedException;
import io.quarkus.security.identity.SecurityIdentity;
import io.smallrye.jwt.auth.principal.JWTParser;
import io.smallrye.jwt.auth.principal.ParseException;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
import jakarta.ws.rs.core.HttpHeaders;
import lombok.Generated;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.jboss.logging.Logger;

@Unremovable
@ApplicationScoped
@DefaultBean
/* loaded from: input_file:org/damap/base/security/SecurityService.class */
public class SecurityService {

    @Generated
    private static final Logger log = Logger.getLogger(SecurityService.class);

    @Inject
    SecurityIdentity securityIdentity;

    @ConfigProperty(name = "damap.auth.user")
    String authUser;

    @ConfigProperty(name = "invenio.shared-secret")
    String sharedSecret;

    @Inject
    JWTParser parser;

    public String getUserId() {
        OidcJwtCallerPrincipal principal = this.securityIdentity.getPrincipal();
        if (principal instanceof OidcJwtCallerPrincipal) {
            return principal.getClaims().getClaimValue(this.authUser).toString();
        }
        return null;
    }

    public String getUserName() {
        OidcJwtCallerPrincipal principal = this.securityIdentity.getPrincipal();
        if (principal instanceof OidcJwtCallerPrincipal) {
            return principal.getName();
        }
        return null;
    }

    public boolean isAdmin() {
        return this.securityIdentity.hasRole("Damap Admin");
    }

    public JsonWebToken validateAuthHeader(HttpHeaders httpHeaders) {
        String headerString = httpHeaders.getHeaderString("X-Auth");
        if (headerString == null || headerString.isEmpty()) {
            return null;
        }
        try {
            JsonWebToken verify = this.parser.verify(headerString, this.sharedSecret);
            if (System.currentTimeMillis() / 1000 >= verify.getExpirationTime()) {
                throw new UnauthorizedException("Token expired.");
            }
            return verify;
        } catch (ParseException e) {
            log.error("Failed to parse JWT: ", e);
            return null;
        }
    }

    public JsonWebToken checkIfUserIsAuthorized(HttpHeaders httpHeaders) {
        JsonWebToken validateAuthHeader = validateAuthHeader(httpHeaders);
        if (validateAuthHeader == null) {
            throw new UnauthorizedException("User unauthorized.");
        }
        return validateAuthHeader;
    }
}
