package org.gcube.usecases.ws.thredds.engine.impl.security;

import org.gcube.common.authorization.client.Constants;
import org.gcube.common.authorization.client.exceptions.ObjectNotFound;
import org.gcube.common.authorization.library.provider.AccessTokenProvider;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.usecases.ws.thredds.model.SynchFolderConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gcube/usecases/ws/thredds/engine/impl/security/Security.class */
public class Security {
    private static final Logger log = LoggerFactory.getLogger(Security.class);

    public static User getCurrent() throws SecurityException {
        String str = ScopeProvider.instance.get();
        if (str == null) {
            throw new SecurityException("Cannot determine context");
        }
        log.debug("Context is {}, checking tokens..", str);
        try {
            AuthorizationProvider.instance.get().getClient();
        } catch (Throwable th) {
            log.warn("Unable to get client info ", th);
        }
        User user = new User(null, AccessTokenProvider.instance.get(), SecurityTokenProvider.instance.get(), str);
        log.info("Current User is {} ", user);
        return user;
    }

    public static void set(User user) {
        resetUser();
        log.debug("Setting User {} ", user);
        if (user.getUma_token() != null) {
            AccessTokenProvider.instance.set(user.getUma_token());
        }
        if (user.getGcube_token() != null) {
            SecurityTokenProvider.instance.set(user.getGcube_token());
        }
        if (user.getContext() != null) {
            ScopeProvider.instance.set(user.getContext());
        }
    }

    public static void resetUser() {
        log.debug("Resetting user");
        SecurityTokenProvider.instance.reset();
        AccessTokenProvider.instance.reset();
        ScopeProvider.instance.reset();
    }

    public static void checkOperator(SynchFolderConfiguration synchFolderConfiguration) throws SecurityException {
        User current = getCurrent();
        log.debug("Checking if current user {} can synch {} ", getCurrent(), synchFolderConfiguration);
        String targetContext = synchFolderConfiguration.getTargetContext();
        String context = current.getContext();
        if (!targetContext.equals(context)) {
            throw new SecurityException("Illegal access to folder [root : " + synchFolderConfiguration.getRootFolderId() + ", expected context : " + targetContext + "] from context " + context);
        }
    }

    public static String getContextFromgcubeToken(String str) throws ObjectNotFound, Exception {
        log.debug("Checking context of gcube-token {}...", str.substring(0, 6));
        User current = getCurrent();
        try {
            resetUser();
            String context = Constants.authorizationService().get(str).getContext();
            log.debug("Resetting user " + current);
            set(current);
            return context;
        } catch (Throwable th) {
            log.debug("Resetting user " + current);
            set(current);
            throw th;
        }
    }
}
