package de.qfm.erp.service.service.security.impl;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.ImmutableList;
import de.qfm.erp.service.configuration.ApplicationConfig;
import de.qfm.erp.service.model.exception.request.IllegalValueException;
import de.qfm.erp.service.service.security.AuthenticationHelper;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.regex.Pattern;
import javax.annotation.Nonnull;
import lombok.NonNull;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:BOOT-INF/classes/de/qfm/erp/service/service/security/impl/AuthenticationHelperImpl.class */
public final class AuthenticationHelperImpl implements AuthenticationHelper {
    private static final Pattern BASE64 = Pattern.compile("^([A-Za-z0-9+/]{4})*([A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{2}==)?$");
    private final ApplicationConfig applicationConfig;

    @Override // de.qfm.erp.service.service.security.AuthenticationHelper
    @Nonnull
    public User currentUser() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication instanceof AnonymousAuthenticationToken)) {
            Object principal = authentication.getPrincipal();
            if (principal instanceof User) {
                return (User) principal;
            }
        }
        throw new IllegalStateException("Not logged in");
    }

    @Override // de.qfm.erp.service.service.security.AuthenticationHelper
    @Nonnull
    public String currentUserName() {
        return currentUser().getUsername();
    }

    public boolean canBeDecoded(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("password is marked non-null but is null");
        }
        if (!this.applicationConfig.isSecurityAuthPasswordEncodingEnabled() || BASE64.asPredicate().test(str)) {
            return true;
        }
        throw new IllegalValueException(String.format("Password '%s' is not of BASE64", str), ImmutableList.of());
    }

    @Override // de.qfm.erp.service.service.security.AuthenticationHelper
    @VisibleForTesting
    @Nonnull
    public String decodePassword(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("password is marked non-null but is null");
        }
        return (this.applicationConfig.isSecurityAuthPasswordEncodingEnabled() && canBeDecoded(str)) ? decodeBase64(str) : str;
    }

    @VisibleForTesting
    @Nonnull
    static String decodeBase64(@NonNull String str) {
        if (str == null) {
            throw new NullPointerException("password is marked non-null but is null");
        }
        return new String(Base64.getDecoder().decode(str), StandardCharsets.ISO_8859_1);
    }

    public AuthenticationHelperImpl(ApplicationConfig applicationConfig) {
        this.applicationConfig = applicationConfig;
    }
}
