package io.sdsolutions.particle.security.filter;

import io.sdsolutions.particle.exceptions.NotFoundException;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:io/sdsolutions/particle/security/filter/ProviderAuthorizationFilter.class */
public abstract class ProviderAuthorizationFilter extends AbstractSecurityFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(ProviderAuthorizationFilter.class);
    protected static final int PROVIDER_ID_LENGTH = 8;
    protected static final String PROVIDERS_URL_TOKEN = "providers";

    @Override // io.sdsolutions.particle.security.filter.AbstractSecurityFilter
    public void doFilterImpl(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) {
        isAuthorized((HttpServletRequest) servletRequest, getPrincipal());
    }

    private boolean isAuthorized(HttpServletRequest httpServletRequest, Authentication authentication) {
        if (!isUserInRoles(authentication, getRolesToCheck())) {
            return true;
        }
        if (isUserAuthorizedForProvider(authentication.getName(), getProviderIdFromUrl(httpServletRequest.getRequestURL().toString()))) {
            return true;
        }
        throw new AccessDeniedException(authentication.getName() + " does not have access to this provider.");
    }

    private boolean isUserInRoles(Authentication authentication, String... strArr) {
        for (String str : strArr) {
            Iterator it = authentication.getAuthorities().iterator();
            while (it.hasNext()) {
                if (str.equalsIgnoreCase(((GrantedAuthority) it.next()).getAuthority())) {
                    return true;
                }
            }
        }
        return false;
    }

    private boolean isUserAuthorizedForProvider(String str, String str2) {
        if (str2 == null) {
            return true;
        }
        return getProvidersForUser(str).contains(str2);
    }

    private String getProviderIdFromUrl(String str) {
        String str2 = null;
        for (String str3 : str.split("/")) {
            if (PROVIDERS_URL_TOKEN.equalsIgnoreCase(str2) && str3.length() == PROVIDER_ID_LENGTH && StringUtils.isNumeric(str3)) {
                if (validateProviderId(str3)) {
                    return str3;
                }
                throw new NotFoundException("Provider " + str3 + " is not found.");
            }
            str2 = str3;
        }
        return null;
    }

    public abstract boolean validateProviderId(String str);

    public abstract List<String> getProvidersForUser(String str);

    public abstract String[] getRolesToCheck();
}
