package org.genesys.blocks.security;

import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.genesys.blocks.security.model.AclSid;
import org.genesys.blocks.security.model.BasicUser;
import org.genesys.blocks.util.CurrentApplicationContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.security.access.PermissionEvaluator;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.oauth2.server.resource.authentication.AbstractOAuth2TokenAuthenticationToken;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

/* loaded from: input_file:org/genesys/blocks/security/SecurityContextUtil.class */
public class SecurityContextUtil {
    private static PermissionEvaluator permissionEvaluator;
    private static final Logger log = LoggerFactory.getLogger(SecurityContextUtil.class);
    private static final Authentication ANONYMOUS_AUTH = new PreAuthenticatedAuthenticationToken("Anyone", (Object) null, Arrays.asList(new SimpleGrantedAuthority("ROLE_EVERYONE")));

    private static synchronized boolean updatePermissionEvaluator() {
        PermissionEvaluator permissionEvaluator2 = (PermissionEvaluator) updateBean(PermissionEvaluator.class);
        permissionEvaluator = permissionEvaluator2;
        return permissionEvaluator2 != null;
    }

    static final <T> T updateBean(Class<T> cls) {
        ApplicationContext context = CurrentApplicationContext.getContext();
        if (context == null) {
            log.warn("You should initialize a bean instance of org.genesys.blocks.util.CurrentApplicationContext in your context");
            return null;
        }
        try {
            return (T) context.getBean(cls);
        } catch (BeansException e) {
            log.warn("Could not find {} instance in your context: {}", cls, e.getMessage());
            return null;
        }
    }

    public static String getUsername() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || !(authentication.getPrincipal() instanceof UserDetails)) {
            return null;
        }
        return ((UserDetails) authentication.getPrincipal()).getUsername();
    }

    public static <T extends BasicUser<?>> T getMe() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return null;
        }
        Object principal = authentication.getPrincipal();
        if (principal instanceof BasicUser) {
            return (T) principal;
        }
        log.warn("Principal {} is not BasicUser, but type {}", principal, principal.getClass());
        return null;
    }

    public static <T extends AclSid> T getCurrentUser() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return null;
        }
        Object principal = authentication.getPrincipal();
        if (principal instanceof AclSid) {
            return (T) principal;
        }
        log.warn("Principal {} is not AclSid, but type {}. Auth of type {}", new Object[]{principal, principal.getClass(), authentication.getClass()});
        return null;
    }

    public static boolean hasRole(String str) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return false;
        }
        Iterator it = authentication.getAuthorities().iterator();
        while (it.hasNext()) {
            if (((GrantedAuthority) it.next()).getAuthority().equals("ROLE_" + str)) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasAnyRole(String... strArr) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return false;
        }
        for (GrantedAuthority grantedAuthority : authentication.getAuthorities()) {
            for (String str : strArr) {
                if (grantedAuthority.getAuthority().equals("ROLE_" + str)) {
                    return true;
                }
            }
        }
        return false;
    }

    public static boolean hasAuthority(String str) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return false;
        }
        Iterator it = authentication.getAuthorities().iterator();
        while (it.hasNext()) {
            if (((GrantedAuthority) it.next()).getAuthority().equals(str)) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasPermission(Object obj, Object obj2) {
        return hasPermission(SecurityContextHolder.getContext().getAuthentication(), obj, obj2);
    }

    public static boolean hasPermission(Authentication authentication, Object obj, Object obj2) {
        if (permissionEvaluator == null) {
            log.info("permissionEvaluator not available. Checking context again");
            if (!updatePermissionEvaluator()) {
                log.warn("permissionEvaluator not available. No permissions.");
                return false;
            }
        }
        if (authentication != null) {
            return permissionEvaluator.hasPermission(authentication, obj, obj2);
        }
        return false;
    }

    public static boolean anyoneHasPermission(Object obj, Object obj2) {
        if (permissionEvaluator == null) {
            log.info("permissionEvaluator not available. Checking context again");
            if (!updatePermissionEvaluator()) {
                log.warn("permissionEvaluator not available. No permissions.");
                return false;
            }
        }
        if (ANONYMOUS_AUTH != null) {
            return permissionEvaluator.hasPermission(ANONYMOUS_AUTH, obj, obj2);
        }
        return false;
    }

    public static String getOAuthClientId() {
        AbstractOAuth2TokenAuthenticationToken authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication instanceof AbstractOAuth2TokenAuthenticationToken) {
            AbstractOAuth2TokenAuthenticationToken abstractOAuth2TokenAuthenticationToken = authentication;
            log.debug("OAuth authentication: {}", abstractOAuth2TokenAuthenticationToken);
            Object claim = abstractOAuth2TokenAuthenticationToken.getToken().getClaim("aud");
            return (!(claim instanceof List) || ((List) claim).isEmpty()) ? String.valueOf(claim) : String.valueOf(((List) claim).get(0));
        }
        if (authentication == null) {
            return null;
        }
        log.warn("TODO {} {}", authentication.getClass(), authentication);
        return null;
    }

    static {
        updatePermissionEvaluator();
    }
}
