package io.confluent.ksql.api.auth;

import com.google.common.collect.ImmutableList;
import io.confluent.ksql.api.server.Server;
import io.confluent.ksql.security.DefaultKsqlPrincipal;
import io.confluent.ksql.security.KsqlPrincipal;
import io.vertx.ext.auth.User;
import io.vertx.ext.web.RoutingContext;
import java.util.List;
import java.util.Map;
import java.util.Optional;

/* loaded from: input_file:io/confluent/ksql/api/auth/DefaultApiSecurityContext.class */
public final class DefaultApiSecurityContext implements ApiSecurityContext {
    private final Optional<KsqlPrincipal> principal;
    private final Optional<String> authToken;
    private final List<Map.Entry<String, String>> requestHeaders;

    public static DefaultApiSecurityContext create(RoutingContext routingContext, Server server) {
        DefaultKsqlPrincipal defaultKsqlPrincipal;
        User user = routingContext.user();
        if (user != null && !(user instanceof ApiUser)) {
            throw new IllegalStateException("Not an ApiUser: " + String.valueOf(user));
        }
        ApiUser apiUser = (ApiUser) user;
        String header = routingContext.request().getHeader("Authorization");
        if (server.getAuthenticationPlugin().isPresent()) {
            header = server.getAuthenticationPlugin().get().getAuthHeader(routingContext);
        }
        List entries = routingContext.request().headers().entries();
        String host = routingContext.request().remoteAddress().host();
        int port = routingContext.request().remoteAddress().port();
        if (apiUser != null) {
            defaultKsqlPrincipal = apiUser.getPrincipal().withIpAddressAndPort(host == null ? "" : host, port);
        } else {
            defaultKsqlPrincipal = null;
        }
        return new DefaultApiSecurityContext(defaultKsqlPrincipal, header, entries);
    }

    private DefaultApiSecurityContext(KsqlPrincipal ksqlPrincipal, String str, List<Map.Entry<String, String>> list) {
        this.principal = Optional.ofNullable(ksqlPrincipal);
        this.authToken = Optional.ofNullable(str);
        this.requestHeaders = list;
    }

    @Override // io.confluent.ksql.api.auth.ApiSecurityContext
    public Optional<KsqlPrincipal> getPrincipal() {
        return this.principal;
    }

    @Override // io.confluent.ksql.api.auth.ApiSecurityContext
    public Optional<String> getAuthHeader() {
        return this.authToken;
    }

    @Override // io.confluent.ksql.api.auth.ApiSecurityContext
    public List<Map.Entry<String, String>> getRequestHeaders() {
        return ImmutableList.copyOf(this.requestHeaders);
    }
}
