package org.kuali.kfs.sys.service.impl;

import com.fasterxml.jackson.jaxrs.json.JacksonJaxbJsonProvider;
import java.util.Optional;
import javax.ws.rs.ProcessingException;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.glassfish.jersey.client.ClientConfig;
import org.kuali.kfs.sys.businessobject.CoreAuthUser;
import org.kuali.kfs.sys.service.CoreApiKeyAuthenticationService;
import org.kuali.rice.core.api.config.property.ConfigurationService;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2021-01-14.jar:org/kuali/kfs/sys/service/impl/CoreApiKeyAuthenticationServiceImpl.class */
public class CoreApiKeyAuthenticationServiceImpl implements CoreApiKeyAuthenticationService {
    private static final Logger LOG = LogManager.getLogger();
    private static final String AUTHORIZATION_PREFIX = "Bearer ";
    private static final String AUTHORIZATION_HEADER_NAME = "Authorization";
    private static final String CONTENT_TYPE = "application/json";
    protected ConfigurationService configurationService;
    protected Optional<String> coreAuthBaseUrl;

    @Override // org.kuali.kfs.sys.service.ApiKeyAuthenticationService
    public Optional<String> getPrincipalIdFromApiKey(String str) {
        initializeUrlOrThrow();
        return getUserFromCore(str).map((v0) -> {
            return v0.getUsername();
        });
    }

    @Override // org.kuali.kfs.sys.service.CoreApiKeyAuthenticationService
    public boolean useCore() {
        initializeUrl();
        return this.coreAuthBaseUrl.isPresent() && !StringUtils.isBlank(this.coreAuthBaseUrl.get());
    }

    protected Optional<CoreAuthUser> getUserFromCore(String str) {
        Response invokeWebResource = invokeWebResource(str);
        if (invokeWebResource.getStatus() != 200) {
            LOG.debug("getUserFromCore() non-OK response from core: " + invokeWebResource.getStatus());
            return Optional.empty();
        }
        try {
            return Optional.ofNullable((CoreAuthUser) invokeWebResource.readEntity(CoreAuthUser.class));
        } catch (IllegalStateException | ProcessingException e) {
            LOG.error("Invalid response from auth API, failed to parse response. Content-Type was: " + invokeWebResource.getHeaders().getFirst("Content-Type") + ". Content was: " + ((String) invokeWebResource.readEntity(String.class)), e);
            return Optional.empty();
        }
    }

    protected WebTarget getWebTarget() {
        String str = getCoreAuthBaseUrl() + "/api/v1/users/current";
        ClientConfig clientConfig = new ClientConfig();
        clientConfig.register(JacksonJaxbJsonProvider.class);
        return ClientBuilder.newClient(clientConfig).target(str);
    }

    protected Response invokeWebResource(String str) {
        return getWebTarget().request().header("Authorization", "Bearer " + str).get();
    }

    protected String getCoreAuthBaseUrl() {
        initializeUrlOrThrow();
        return this.coreAuthBaseUrl.get();
    }

    protected void initializeUrlOrThrow() {
        initializeUrl();
        if (!this.coreAuthBaseUrl.isPresent()) {
            throw new RuntimeException("Core is not enabled");
        }
    }

    protected void initializeUrl() {
        if (this.coreAuthBaseUrl == null) {
            this.coreAuthBaseUrl = Optional.ofNullable(this.configurationService.getPropertyValueAsString("core.authentication.filter.authBaseUrl"));
        }
    }

    public void setConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }
}
