package org.kuali.kfs.sys.service.impl;

import java.util.Objects;
import java.util.Optional;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.kuali.kfs.core.api.config.property.ConfigurationService;
import org.kuali.kfs.krad.UserSession;
import org.kuali.kfs.sys.businessobject.CoreAuthUser;
import org.kuali.kfs.sys.rest.exception.NotOkStatusException;
import org.kuali.kfs.sys.service.CoreApiKeyAuthenticationService;
import org.kuali.kfs.sys.web.WebClientFactory;
import org.springframework.web.reactive.function.client.WebClient;
import org.springframework.web.reactive.function.client.WebClientResponseException;
import org.springframework.web.util.UriComponentsBuilder;
import reactor.core.publisher.Mono;

/* loaded from: input_file:WEB-INF/lib/kfs-core-2024-03-27.jar:org/kuali/kfs/sys/service/impl/CoreApiKeyAuthenticationServiceImpl.class */
public class CoreApiKeyAuthenticationServiceImpl implements CoreApiKeyAuthenticationService {
    private static final Logger LOG = LogManager.getLogger();
    private static final WebClient WEB_CLIENT = WebClientFactory.create();
    protected ConfigurationService configurationService;
    protected Optional<String> coreAuthBaseUrl;

    @Override // org.kuali.kfs.sys.service.ApiKeyAuthenticationService
    public Optional<String> getPrincipalIdFromApiKey(String str, UserSession userSession) {
        initializeUrlOrThrow();
        Optional<CoreAuthUser> userFromCore = getUserFromCore(str);
        if (userFromCore.isPresent() && userSession != null) {
            CoreAuthUser coreAuthUser = userFromCore.get();
            String impersonatedBy = coreAuthUser.getImpersonatedBy();
            if (StringUtils.isNotBlank(impersonatedBy)) {
                userSession.setImpersonatedBy(impersonatedBy);
            }
            String displayName = coreAuthUser.getDisplayName();
            if (StringUtils.isNotBlank(displayName)) {
                userSession.setDisplayName(displayName);
            }
        }
        return userFromCore.map((v0) -> {
            return v0.getUsername();
        });
    }

    @Override // org.kuali.kfs.sys.service.CoreApiKeyAuthenticationService
    public boolean useCore() {
        initializeUrl();
        return this.coreAuthBaseUrl.isPresent() && StringUtils.isNotBlank(this.coreAuthBaseUrl.get());
    }

    protected Optional<CoreAuthUser> getUserFromCore(String str) {
        try {
            return Optional.of(invokeWebResource(str));
        } catch (NotOkStatusException e) {
            Logger logger = LOG;
            Objects.requireNonNull(e);
            logger.debug("getUserFromCore() non-OK response from core: {}", e::getHttpStatus);
            return Optional.empty();
        } catch (WebClientResponseException e2) {
            LOG.debug("getUserFromCore(...) - error retrieving response from auth API: Content-Type={}; content={}", e2.getHeaders().getFirst("Content-Type"), e2.getResponseBodyAsString());
            return Optional.empty();
        }
    }

    /* JADX WARN: Type inference failed for: r0v8, types: [org.springframework.web.reactive.function.client.WebClient$RequestHeadersSpec] */
    protected CoreAuthUser invokeWebResource(String str) {
        return (CoreAuthUser) WEB_CLIENT.get().uri(UriComponentsBuilder.fromUriString(getCoreAuthBaseUrl() + "/api/v1/users/current").build().toUri()).header2("Accept", "application/json").header2("Authorization", "Bearer " + str).header2("Content-Type", "application/json").retrieve().onStatus((v0) -> {
            return v0.isError();
        }, clientResponse -> {
            return Mono.error(new NotOkStatusException(clientResponse.statusCode()));
        }).bodyToMono(CoreAuthUser.class).block();
    }

    protected String getCoreAuthBaseUrl() {
        initializeUrlOrThrow();
        return this.coreAuthBaseUrl.get();
    }

    protected void initializeUrlOrThrow() {
        initializeUrl();
        if (!this.coreAuthBaseUrl.isPresent()) {
            throw new RuntimeException("Core is not enabled");
        }
    }

    protected void initializeUrl() {
        if (this.coreAuthBaseUrl == null) {
            this.coreAuthBaseUrl = Optional.ofNullable(this.configurationService.getPropertyValueAsString("core.authentication.filter.authBaseUrl"));
        }
    }

    public void setConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }
}
