package io.apicurio.registry.auth;

import io.apicurio.common.apps.multitenancy.MultitenancyProperties;
import io.apicurio.common.apps.multitenancy.TenantContext;
import io.quarkus.security.identity.SecurityIdentity;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.enterprise.inject.Instance;
import jakarta.inject.Inject;
import java.util.Optional;
import org.eclipse.microprofile.jwt.JsonWebToken;

@ApplicationScoped
/* loaded from: input_file:io/apicurio/registry/auth/AdminOverride.class */
public class AdminOverride {

    @Inject
    AuthConfig authConfig;

    @Inject
    SecurityIdentity securityIdentity;

    @Inject
    Instance<JsonWebToken> jsonWebToken;

    @Inject
    TenantContext tenantContext;

    @Inject
    MultitenancyProperties mtProperties;

    public boolean isAdmin() {
        if (this.mtProperties.isMultitenancyEnabled() && this.authConfig.isTenantOwnerAdminEnabled() && isTenantOwner()) {
            return true;
        }
        if (!this.authConfig.adminOverrideEnabled || !"token".equals(this.authConfig.adminOverrideFrom)) {
            return false;
        }
        if ("role".equals(this.authConfig.adminOverrideType)) {
            return hasAdminRole();
        }
        if ("claim".equals(this.authConfig.adminOverrideType)) {
            return hasAdminClaim();
        }
        return false;
    }

    private boolean isTenantOwner() {
        String tenantOwner = this.tenantContext.tenantOwner();
        return (tenantOwner == null || this.securityIdentity == null || this.securityIdentity.getPrincipal() == null || !tenantOwner.equals(this.securityIdentity.getPrincipal().getName())) ? false : true;
    }

    private boolean hasAdminRole() {
        return this.securityIdentity.hasRole(this.authConfig.adminOverrideRole);
    }

    private boolean hasAdminClaim() {
        Optional claim = ((JsonWebToken) this.jsonWebToken.get()).claim(this.authConfig.adminOverrideClaim);
        if (claim.isPresent()) {
            return this.authConfig.adminOverrideClaimValue.equals(claim.get().toString());
        }
        return false;
    }
}
