package com.appiancorp.oauth.inbound.authserver.tokens;

import com.appiancorp.oauth.inbound.authserver.GrantedAuthorization;
import com.appiancorp.oauth.inbound.authserver.S2SGrantedAuthorizationService;
import com.appiancorp.oauth.inbound.authserver.clients.UserCheck;
import com.appiancorp.oauth.inbound.authserver.exceptions.OAuthInvalidRequestException;
import com.appiancorp.oauth.inbound.authserver.exceptions.OAuthUnauthorizedClientException;
import com.appiancorp.oauth.inbound.exceptions.OAuthException;
import com.appiancorp.security.auth.SecurityContext;
import com.appiancorp.security.auth.SecurityContextProvider;
import com.google.common.base.Strings;
import java.net.URI;
import java.util.Collections;
import java.util.Optional;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/appiancorp/oauth/inbound/authserver/tokens/S2SGrantedAuthorizationServiceImpl.class */
public class S2SGrantedAuthorizationServiceImpl implements S2SGrantedAuthorizationService {
    private final Logger LOG = LoggerFactory.getLogger(S2SGrantedAuthorizationServiceImpl.class);
    private final SecurityContextProvider securityContextProvider;
    private final UserCheck userCheck;

    /* loaded from: input_file:com/appiancorp/oauth/inbound/authserver/tokens/S2SGrantedAuthorizationServiceImpl$S2SGrantedAuthorization.class */
    private static final class S2SGrantedAuthorization implements GrantedAuthorization {
        private String userUuid;

        private S2SGrantedAuthorization(String str) {
            this.userUuid = str;
        }

        public String getUserUuid() {
            return this.userUuid;
        }

        public Optional<String> getState() {
            return Optional.empty();
        }

        public Optional<String> getCodeChallenge() {
            return Optional.empty();
        }

        public Set<String> getScopes() {
            return Collections.EMPTY_SET;
        }

        public Optional<String> getSessionId() {
            return Optional.empty();
        }

        public Optional<URI> getRedirectURI() {
            return Optional.empty();
        }

        public boolean isAuthorizationForSystemToSystem() {
            return true;
        }
    }

    public S2SGrantedAuthorizationServiceImpl(SecurityContextProvider securityContextProvider, UserCheck userCheck) {
        this.securityContextProvider = securityContextProvider;
        this.userCheck = userCheck;
    }

    public GrantedAuthorization requestSystemToSystemGrantedAuthorization() throws OAuthException {
        SecurityContext securityContext = this.securityContextProvider.get();
        if (securityContext == null) {
            throw new OAuthInvalidRequestException("No user was set in context.");
        }
        String userUuid = securityContext.getUserUuid();
        if (Strings.isNullOrEmpty(userUuid)) {
            throw new OAuthInvalidRequestException("User uuid is either null or empty.");
        }
        String name = securityContext.getName();
        if (this.userCheck.isUserAuthorized(name)) {
            return new S2SGrantedAuthorization(userUuid);
        }
        this.LOG.error("{} user is not authorized for Process Mining access.", name);
        throw new OAuthUnauthorizedClientException("User is not authorized for Process Mining access");
    }
}
