package de.devhq.client.credentials;

import javax.servlet.http.HttpServletRequest;
import javax.validation.ValidationException;
import org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:de/devhq/client/credentials/JwtValidator.class */
public class JwtValidator {
    private static final Logger logger = LoggerFactory.getLogger(JwtValidator.class);

    @Value("${de.devhq.gitlab.user.id}")
    private String gitlabUserId;

    @Value("${de.devhq.role.machine}")
    private String roleMachine;

    @Value("${de.devhq.role.admin}")
    private String roleAdmin;

    @Value("${de.devhq.role.user}")
    private String roleUser;

    @Value("${de.devhq.customer.id}")
    private String customerId;

    @Value("${de.devhq.role.customer}")
    private String roleCustomer;

    @Value("${de.devhq.role.supercustomer}")
    private String roleSuperCustomer;

    public Integer tryExtractUserIdFromJwt() {
        Object obj = ((SimpleKeycloakAccount) SecurityContextHolder.getContext().getAuthentication().getDetails()).getKeycloakSecurityContext().getToken().getOtherClaims().get(this.gitlabUserId);
        if (obj != null) {
            return Integer.valueOf((String) obj);
        }
        return null;
    }

    public int extractUserIdFromJwt() {
        Integer tryExtractUserIdFromJwt = tryExtractUserIdFromJwt();
        if (tryExtractUserIdFromJwt == null) {
            logger.error("Requesting client is not an end user, hence token does not contain gitlab user id!");
            throw new ValidationException();
        }
        if (tryExtractUserIdFromJwt.intValue() > 0) {
            return tryExtractUserIdFromJwt.intValue();
        }
        logger.error("User id may not be none positive number! API seems to be hacked! Please report this to admin");
        throw new ValidationException();
    }

    public String getCustomerId() {
        return (String) extractValueFromJwt(this.customerId);
    }

    public Object extractValueFromJwt(String str) {
        return ((SimpleKeycloakAccount) SecurityContextHolder.getContext().getAuthentication().getDetails()).getKeycloakSecurityContext().getToken().getOtherClaims().get(str);
    }

    public String getName() {
        return ((SimpleKeycloakAccount) SecurityContextHolder.getContext().getAuthentication().getDetails()).getKeycloakSecurityContext().getToken().getName();
    }

    public boolean isInternalUser(HttpServletRequest httpServletRequest) {
        return httpServletRequest.isUserInRole(this.roleMachine) || httpServletRequest.isUserInRole(this.roleAdmin);
    }

    public boolean isExternalUser(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.isUserInRole(this.roleMachine) || httpServletRequest.isUserInRole(this.roleAdmin) || !httpServletRequest.isUserInRole(this.roleUser)) ? false : true;
    }

    public boolean isCustomer(HttpServletRequest httpServletRequest) {
        return httpServletRequest.isUserInRole(this.roleCustomer);
    }

    public boolean isSuperCustomer(HttpServletRequest httpServletRequest) {
        return httpServletRequest.isUserInRole(this.roleSuperCustomer);
    }
}
