package io.bdeploy.jersey;

import io.bdeploy.common.security.ApiAccessToken;
import io.bdeploy.common.security.ScopedPermission;
import jakarta.ws.rs.core.SecurityContext;
import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.Objects;

/* loaded from: input_file:io/bdeploy/jersey/JerseySecurityContext.class */
public class JerseySecurityContext implements SecurityContext {
    private static final ScopedPermission WEAK_READ = new ScopedPermission(ScopedPermission.Permission.READ);
    private final ApiAccessToken token;
    private final String onBehalfOf;

    public JerseySecurityContext(ApiAccessToken apiAccessToken, String str) {
        this.token = apiAccessToken;
        this.onBehalfOf = str;
    }

    @Override // jakarta.ws.rs.core.SecurityContext
    public Principal getUserPrincipal() {
        if (this.onBehalfOf != null) {
            return () -> {
                return "[" + this.onBehalfOf + "]";
            };
        }
        ApiAccessToken apiAccessToken = this.token;
        Objects.requireNonNull(apiAccessToken);
        return apiAccessToken::getIssuedTo;
    }

    @Override // jakarta.ws.rs.core.SecurityContext
    public boolean isUserInRole(String str) {
        return false;
    }

    @Override // jakarta.ws.rs.core.SecurityContext
    public boolean isSecure() {
        return true;
    }

    @Override // jakarta.ws.rs.core.SecurityContext
    public String getAuthenticationScheme() {
        return JerseyAuthenticationProvider.AUTHENTICATION_SCHEME;
    }

    public Collection<ScopedPermission> getPermissions() {
        return this.token.getPermissions();
    }

    public boolean isAuthorized(ScopedPermission scopedPermission) {
        Collection<ScopedPermission> permissions = this.token.getPermissions();
        if (this.token.isWeak()) {
            permissions = Collections.singleton(WEAK_READ);
        }
        Iterator<ScopedPermission> it = permissions.iterator();
        while (it.hasNext()) {
            if (it.next().satisfies(scopedPermission)) {
                return true;
            }
        }
        return false;
    }
}
