package org.eclipse.kura.example.rest.authentication.provider;

import java.security.Principal;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Priority;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.container.ContainerRequestContext;
import org.eclipse.kura.audit.AuditConstants;
import org.eclipse.kura.audit.AuditContext;
import org.eclipse.kura.crypto.CryptoService;
import org.eclipse.kura.rest.auth.AuthenticationProvider;
import org.osgi.service.useradmin.User;
import org.osgi.service.useradmin.UserAdmin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Priority(50)
/* loaded from: input_file:org/eclipse/kura/example/rest/authentication/provider/ExampleRestAuthenticationProvider.class */
public class ExampleRestAuthenticationProvider implements AuthenticationProvider {
    private static final String KURA_USER_PREFIX = "kura.user.";
    private static final String KURA_NEED_PASSWORD_CHANGE = "kura.need.password.change";
    private static final String KURA_PASSWORD_CREDENTIAL = "kura.password";
    private static final Logger auditLogger = LoggerFactory.getLogger("AuditLogger");
    private static final Logger logger = LoggerFactory.getLogger(ExampleRestAuthenticationProvider.class);
    private UserAdmin userAdmin;
    private CryptoService cryptoService;

    public void bindUserAdmin(UserAdmin userAdmin) {
        this.userAdmin = userAdmin;
    }

    public void bindCryptoService(CryptoService cryptoService) {
        this.cryptoService = cryptoService;
    }

    public void onEnabled() {
        logger.info("Example auth provider enabled");
    }

    public void onDisabled() {
        logger.info("Example auth provider disabled");
    }

    public Optional<Principal> authenticate(HttpServletRequest httpServletRequest, ContainerRequestContext containerRequestContext) {
        AuditContext currentOrInternal = AuditContext.currentOrInternal();
        Optional<String> header = getHeader(containerRequestContext, "X-Example-Username");
        Optional<String> header2 = getHeader(containerRequestContext, "X-Example-Password");
        if (!header.isPresent() || !header2.isPresent()) {
            return Optional.empty();
        }
        currentOrInternal.getProperties().put(AuditConstants.KEY_IDENTITY.getValue(), header.get());
        User role = this.userAdmin.getRole(KURA_USER_PREFIX + header.get());
        if ("true".equals(role.getProperties().get(KURA_NEED_PASSWORD_CHANGE))) {
            return Optional.empty();
        }
        String str = (String) role.getCredentials().get(KURA_PASSWORD_CREDENTIAL);
        if (Objects.isNull(str)) {
            return Optional.empty();
        }
        try {
            if (!this.cryptoService.sha256Hash(header2.get()).equals(str)) {
                auditLogger.warn("{} Rest - Failure - Example Password Authentication failed", currentOrInternal);
                return Optional.empty();
            }
            auditLogger.info("{} Rest - Success - Example Password Authentication succeeded", currentOrInternal);
            header.getClass();
            return Optional.of(header::get);
        } catch (Exception unused) {
            auditLogger.warn("{} Rest - Failure - Example Password Authentication failed", currentOrInternal);
            return Optional.empty();
        }
    }

    private final Optional<String> getHeader(ContainerRequestContext containerRequestContext, String str) {
        List list = (List) containerRequestContext.getHeaders().get(str);
        return (list == null || list.isEmpty()) ? Optional.empty() : Optional.ofNullable((String) list.get(0));
    }
}
