package dev.dsf.common.auth;

import dev.dsf.common.auth.conf.PractitionerIdentity;
import jakarta.servlet.ServletRequest;
import org.eclipse.jetty.security.LoginService;
import org.eclipse.jetty.security.openid.OpenIdConfiguration;
import org.eclipse.jetty.security.openid.OpenIdCredentials;
import org.eclipse.jetty.security.openid.OpenIdLoginService;
import org.eclipse.jetty.server.UserIdentity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:dev/dsf/common/auth/DsfOpenIdLoginService.class */
public class DsfOpenIdLoginService extends OpenIdLoginService {
    private static final Logger logger = LoggerFactory.getLogger(DsfOpenIdLoginService.class);
    private final OpenIdConfiguration configuration;
    private final LoginService loginService;

    public DsfOpenIdLoginService(OpenIdConfiguration openIdConfiguration, LoginService loginService) {
        super(openIdConfiguration, loginService);
        this.configuration = openIdConfiguration;
        this.loginService = loginService;
    }

    public UserIdentity login(String str, Object obj, ServletRequest servletRequest) {
        OpenIdCredentials openIdCredentials = (OpenIdCredentials) obj;
        try {
            openIdCredentials.redeemAuthCode(this.configuration);
            return this.loginService.login(openIdCredentials.getUserId(), (OpenIdCredentials) obj, servletRequest);
        } catch (Throwable th) {
            logger.warn("Unable to redeem auth code", th);
            return null;
        }
    }

    public boolean validate(UserIdentity userIdentity) {
        if (!(userIdentity.getUserPrincipal() instanceof PractitionerIdentity)) {
            return false;
        }
        PractitionerIdentity userPrincipal = userIdentity.getUserPrincipal();
        if (userPrincipal.getCredentials().isEmpty()) {
            logger.warn("No credentials");
            return false;
        }
        if (((float) System.currentTimeMillis()) / 1000.0f <= ((DsfOpenIdCredentials) userPrincipal.getCredentials().get()).getLongClaim("exp").longValue()) {
            return this.loginService == null || this.loginService.validate(userIdentity);
        }
        logger.debug("ID Token has expired");
        return false;
    }
}
