package org.eclipse.edc.identityhub.api.authentication.filter;

import jakarta.annotation.Priority;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerRequestFilter;
import jakarta.ws.rs.container.PreMatching;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext;
import java.security.Principal;
import java.util.List;
import org.eclipse.edc.identityhub.spi.authentication.ServicePrincipal;
import org.eclipse.edc.identityhub.spi.authentication.ServicePrincipalResolver;

@PreMatching
@Priority(1000)
/* loaded from: input_file:org/eclipse/edc/identityhub/api/authentication/filter/ServicePrincipalAuthenticationFilter.class */
public class ServicePrincipalAuthenticationFilter implements ContainerRequestFilter {
    private static final String API_KEY_HEADER = "x-api-key";
    private final ServicePrincipalResolver servicePrincipalResolver;

    public ServicePrincipalAuthenticationFilter(ServicePrincipalResolver servicePrincipalResolver) {
        this.servicePrincipalResolver = servicePrincipalResolver;
    }

    public void filter(final ContainerRequestContext containerRequestContext) {
        List list = (List) containerRequestContext.getHeaders().get(API_KEY_HEADER);
        if (list == null || list.size() != 1) {
            containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
            return;
        }
        final ServicePrincipal findByCredential = this.servicePrincipalResolver.findByCredential((String) list.get(0));
        containerRequestContext.setSecurityContext(new SecurityContext() { // from class: org.eclipse.edc.identityhub.api.authentication.filter.ServicePrincipalAuthenticationFilter.1
            public Principal getUserPrincipal() {
                return findByCredential;
            }

            public boolean isUserInRole(String str) {
                return findByCredential.getRoles().contains(str);
            }

            public boolean isSecure() {
                return containerRequestContext.getUriInfo().getBaseUri().toString().startsWith("https");
            }

            public String getAuthenticationScheme() {
                return null;
            }
        });
    }
}
