package com.cumulocity.microservice.security.token;

import com.cumulocity.microservice.context.credentials.Credentials;
import com.cumulocity.microservice.security.filter.provider.PostAuthorizationContextProvider;
import com.cumulocity.microservice.subscription.service.MicroserviceSubscriptionsService;
import com.google.common.base.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;

@Component
/* loaded from: input_file:com/cumulocity/microservice/security/token/OAuthPostAuthorizationContextProvider.class */
class OAuthPostAuthorizationContextProvider implements PostAuthorizationContextProvider<SecurityContext> {
    private static final Logger log = LoggerFactory.getLogger(OAuthPostAuthorizationContextProvider.class);
    private final String applicationName;
    private MicroserviceSubscriptionsService subscriptionsService;

    public OAuthPostAuthorizationContextProvider(@Value("${application.name:}") String str) {
        this.applicationName = str;
    }

    @Autowired(required = false)
    public void setSubscriptionsService(MicroserviceSubscriptionsService microserviceSubscriptionsService) {
        this.subscriptionsService = microserviceSubscriptionsService;
    }

    @Override // com.cumulocity.microservice.security.filter.provider.PostAuthorizationContextProvider
    public boolean supports(SecurityContext securityContext) {
        if (this.subscriptionsService == null) {
            log.warn("Subscription service not available.");
            return false;
        }
        if (securityContext != null && securityContext.getAuthentication() != null) {
            return securityContext.getAuthentication() instanceof JwtTokenAuthentication;
        }
        log.warn("Security context not available.");
        return false;
    }

    @Override // com.cumulocity.microservice.security.filter.provider.PostAuthorizationContextProvider
    public Credentials get(SecurityContext securityContext) {
        Optional<String> tenantName = getTenantName(securityContext);
        if (!tenantName.isPresent() || this.subscriptionsService == null) {
            return null;
        }
        Optional credentials = this.subscriptionsService.getCredentials((String) tenantName.get());
        if (credentials.isPresent()) {
            return (Credentials) credentials.get();
        }
        throw new AccessDeniedException("Microservice " + this.applicationName + " is not subscribed by tenant " + ((String) tenantName.get()));
    }

    private Optional<String> getTenantName(SecurityContext securityContext) {
        String tenantName = ((JwtTokenAuthentication) securityContext.getAuthentication()).getTenantName();
        return StringUtils.hasText(tenantName) ? Optional.of(tenantName) : Optional.absent();
    }
}
