package com.cleveranalytics.service.authn.authentication;

import com.cleveranalytics.service.authn.rest.dto.AccountIdentity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;

/* loaded from: input_file:BOOT-INF/lib/authn-client-1.0.0-SNAPSHOT.jar:com/cleveranalytics/service/authn/authentication/AccountIdentityService.class */
public class AccountIdentityService {
    static final Logger logger = LoggerFactory.getLogger((Class<?>) AccountIdentityService.class);

    public static AccountIdentity getAccountIdentityFromContext() {
        return getAccountIdentityFromAuthentication(SecurityContextHolder.getContext().getAuthentication());
    }

    public static AccountIdentity getAccountIdentityFromAuthentication(Authentication authentication) {
        validateAuthentication(authentication);
        return (AccountIdentity) authentication.getPrincipal();
    }

    public static String getBearerTokenValue(Authentication authentication) {
        validateAuthentication(authentication);
        Jwt token = ((JwtAuthenticationToken) authentication).getToken();
        if (token == null) {
            throw new AuthenticationCredentialsNotFoundException("Jwt token is empty.");
        }
        return token.getTokenValue();
    }

    public static String getBearerTokenValueFromContext() {
        return getBearerTokenValue(SecurityContextHolder.getContext().getAuthentication());
    }

    public static String getBearerTokenWithPrefixFromContext() {
        return "Bearer " + getBearerTokenValueFromContext();
    }

    private static void validateAuthentication(Authentication authentication) {
        if (authentication == null) {
            throw new AuthenticationCredentialsNotFoundException("Authentication parameter must not be null");
        }
        if (!(authentication instanceof AccountIdentityJwtAuthenticationToken)) {
            logger.warn("Expected authentication class type=AccountIdentityJwtAuthenticationToken but got={}", authentication.getClass().getSimpleName());
            throw new AuthenticationCredentialsNotFoundException("Authentication class type does not match the expected 'AccountIdentityJwtAuthenticationToken' type.");
        }
        if (authentication.getPrincipal() instanceof AccountIdentity) {
            return;
        }
        logger.warn("Expected authentication principal class is type=AccountIdentity but got={}", authentication.getClass().getSimpleName());
        throw new AuthenticationCredentialsNotFoundException("Authentication principal class type does not match the expected 'AccountIdentity' type.");
    }
}
