package eu.openanalytics.containerproxy.service;

import eu.openanalytics.containerproxy.backend.strategy.IProxyLogoutStrategy;
import eu.openanalytics.containerproxy.model.runtime.Proxy;
import eu.openanalytics.containerproxy.model.spec.ProxySpec;
import eu.openanalytics.containerproxy.service.EventService;
import java.util.ArrayList;
import java.util.Iterator;
import javax.inject.Inject;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.context.ApplicationListener;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.event.AbstractAuthenticationEvent;
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
import org.springframework.security.authentication.event.AuthenticationSuccessEvent;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/lib/containerproxy-0.1.1-SNAPSHOT.jar:eu/openanalytics/containerproxy/service/UserService.class */
public class UserService implements ApplicationListener<AbstractAuthenticationEvent> {
    private Logger log = LogManager.getLogger((Class<?>) UserService.class);

    @Inject
    private Environment environment;

    @Inject
    private EventService eventService;

    @Inject
    private IProxyLogoutStrategy logoutStrategy;

    public Authentication getCurrentAuth() {
        return SecurityContextHolder.getContext().getAuthentication();
    }

    public String getCurrentUserId() {
        return getUserId(getCurrentAuth());
    }

    public String[] getAdminGroups() {
        String[] strArr = (String[]) this.environment.getProperty("proxy.admin-groups", String[].class);
        if (strArr == null) {
            strArr = new String[0];
        }
        for (int i = 0; i < strArr.length; i++) {
            strArr[i] = strArr[i].toUpperCase();
        }
        return strArr;
    }

    public String[] getGroups() {
        return getGroups(getCurrentAuth());
    }

    public String[] getGroups(Authentication authentication) {
        ArrayList arrayList = new ArrayList();
        if (authentication != null) {
            Iterator<? extends GrantedAuthority> it = authentication.getAuthorities().iterator();
            while (it.hasNext()) {
                String upperCase = it.next().getAuthority().toUpperCase();
                if (upperCase.startsWith("ROLE_")) {
                    upperCase = upperCase.substring(5);
                }
                arrayList.add(upperCase);
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public boolean isAdmin() {
        return isAdmin(getCurrentAuth());
    }

    public boolean isAdmin(Authentication authentication) {
        for (String str : getAdminGroups()) {
            if (isMember(authentication, str)) {
                return true;
            }
        }
        return false;
    }

    public boolean canAccess(ProxySpec proxySpec) {
        return canAccess(getCurrentAuth(), proxySpec);
    }

    public boolean canAccess(Authentication authentication, ProxySpec proxySpec) {
        String[] groups;
        if (authentication == null || proxySpec == null || (authentication instanceof AnonymousAuthenticationToken)) {
            return false;
        }
        if (proxySpec.getAccessControl() == null || (groups = proxySpec.getAccessControl().getGroups()) == null || groups.length == 0) {
            return true;
        }
        for (String str : groups) {
            if (isMember(authentication, str)) {
                return true;
            }
        }
        return false;
    }

    public boolean isOwner(Proxy proxy) {
        return isOwner(getCurrentAuth(), proxy);
    }

    public boolean isOwner(Authentication authentication, Proxy proxy) {
        if (authentication == null || (authentication instanceof AnonymousAuthenticationToken) || proxy == null) {
            return false;
        }
        return proxy.getUserId().equals(getUserId(authentication));
    }

    private boolean isMember(Authentication authentication, String str) {
        if (authentication == null || (authentication instanceof AnonymousAuthenticationToken) || str == null) {
            return false;
        }
        for (String str2 : getGroups(authentication)) {
            if (str2.equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }

    private String getUserId(Authentication authentication) {
        if (authentication == null) {
            return null;
        }
        return authentication.getName();
    }

    @Override // org.springframework.context.ApplicationListener
    public void onApplicationEvent(AbstractAuthenticationEvent abstractAuthenticationEvent) {
        Authentication authentication = abstractAuthenticationEvent.getAuthentication();
        if (abstractAuthenticationEvent instanceof AbstractAuthenticationFailureEvent) {
            this.log.info(String.format("Authentication failure [user: %s] [error: %s]", authentication.getName(), ((AbstractAuthenticationFailureEvent) abstractAuthenticationEvent).getException().getMessage()));
        } else if (abstractAuthenticationEvent instanceof AuthenticationSuccessEvent) {
            String name = authentication.getName();
            this.log.info(String.format("User logged in [user: %s]", name));
            this.eventService.post(EventService.EventType.Login.toString(), name, null);
        }
    }

    public void logout(Authentication authentication) {
        String userId = getUserId(authentication);
        if (userId == null) {
            return;
        }
        this.eventService.post(EventService.EventType.Logout.toString(), userId, null);
        if (this.logoutStrategy != null) {
            this.logoutStrategy.onLogout(userId);
        }
        this.log.info(String.format("User logged out [user: %s]", userId));
    }
}
