package org.gcube.service.idm.controller;

import jakarta.ws.rs.ForbiddenException;
import java.util.List;
import org.gcube.common.keycloak.model.ModelUtils;
import org.gcube.common.security.Owner;
import org.gcube.common.security.providers.SecretManagerProvider;
import org.keycloak.util.TokenUtil;

/* loaded from: input_file:WEB-INF/classes/org/gcube/service/idm/controller/AuthController.class */
public class AuthController {
    public static final String IDM_SERVICE_READ = "idm-service-read";
    public static final String IDM_SERVICE_ADMIN = "idm-service-admin";
    public static final String IDM_SERVICE_REALM = "idm-service-realm";
    public static final List<String> ACCESS_READ_ROLES = List.of(IDM_SERVICE_READ, IDM_SERVICE_ADMIN, IDM_SERVICE_REALM);
    public static final List<String> ACCESS_ADMIN_ROLES = List.of(IDM_SERVICE_ADMIN, IDM_SERVICE_REALM);
    public static final List<String> ACCESS_ADMIN_REALM_ROLES = List.of(IDM_SERVICE_REALM);

    public static String getAccessToken() {
        return ((String) SecretManagerProvider.get().getHTTPAuthorizationHeaders().get("Authorization")).replace(TokenUtil.TOKEN_TYPE_BEARER, "").trim();
    }

    public static Owner getOwner() {
        return SecretManagerProvider.get().getOwner();
    }

    public static boolean checkRealmRole(String str) {
        return checkRealmRole(str, getAccessToken());
    }

    public static boolean checkRealmRole(String str, String str2) {
        try {
            return ModelUtils.getAccessTokenFrom(str2).getRealmAccess().getRoles().contains(str);
        } catch (Exception e) {
            e.printStackTrace();
            return false;
        }
    }

    public static boolean checkContextRole(String str) {
        return checkContextRole(str, getOwner());
    }

    public static boolean checkContextRole(String str, Owner owner) {
        return owner.getRoles().contains(str);
    }

    public static boolean checkRole(String str) {
        return checkContextRole(str) || checkRealmRole(str);
    }

    public static boolean checkAnyRole(List<String> list) {
        String accessToken = getAccessToken();
        Owner owner = getOwner();
        for (String str : list) {
            if (checkContextRole(str, owner) || checkRealmRole(str, accessToken)) {
                return true;
            }
        }
        return false;
    }

    public static boolean userIsMe(String str) {
        return userIsMe(str, getOwner());
    }

    public static boolean userIsMe(String str, Owner owner) {
        return !owner.isApplication() && owner.getId().equals(str);
    }

    public static void checkIsRealmAdmin(String str) throws ForbiddenException {
        if (!checkAnyRole(ACCESS_ADMIN_ROLES)) {
            throw new ForbiddenException(str);
        }
    }

    public static void checkIsContextmAdmin(String str) throws ForbiddenException {
        if (!checkAnyRole(ACCESS_ADMIN_REALM_ROLES)) {
            throw new ForbiddenException(str);
        }
    }
}
