package org.duracloud.security.vote;

import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.duracloud.common.model.AclType;
import org.duracloud.security.domain.HttpVerb;
import org.duracloud.security.impl.DuracloudUserDetails;
import org.duracloud.security.util.AuthorizationHelper;
import org.duracloud.storage.util.StorageProviderFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.FilterInvocation;

/* loaded from: input_file:org/duracloud/security/vote/SpaceAccessVoter.class */
public abstract class SpaceAccessVoter implements AccessDecisionVoter {
    private final Logger log = LoggerFactory.getLogger(SpaceAccessVoter.class);
    private UserDetailsService userDetailsService;
    private AuthorizationHelper authHelper;
    private StorageProviderFactory storageProviderFactory;
    private static String[] EXCEPTIONAL_PATH_PREFIXES = {"/manifest/", "/bit-integrity/", "/report/space/"};

    public SpaceAccessVoter(StorageProviderFactory storageProviderFactory, UserDetailsService userDetailsService) {
        this.storageProviderFactory = storageProviderFactory;
        this.userDetailsService = userDetailsService;
        this.authHelper = new AuthorizationHelper(storageProviderFactory);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isOpenResource(HttpServletRequest httpServletRequest) {
        String spaceId = getSpaceId(httpServletRequest);
        if (null == spaceId) {
            return false;
        }
        return spaceId.equals("spaces") || spaceId.equals("stores") || spaceId.equals("acl") || spaceId.equals("task");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getStoreId(HttpServletRequest httpServletRequest) {
        int indexOf;
        String str = null;
        String queryString = httpServletRequest.getQueryString();
        if (null == queryString) {
            return null;
        }
        String lowerCase = queryString.toLowerCase();
        int indexOf2 = lowerCase.indexOf("storeid");
        if (indexOf2 > -1 && (indexOf = lowerCase.indexOf("=", indexOf2) + 1) == indexOf2 + "storeid".length() + 1) {
            int indexOf3 = lowerCase.indexOf("&", indexOf);
            str = lowerCase.substring(indexOf, indexOf3 > -1 ? indexOf3 : lowerCase.length());
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getSpaceId(HttpServletRequest httpServletRequest) {
        String pathInfo = httpServletRequest.getPathInfo();
        if (null == pathInfo) {
            return null;
        }
        return extractSpaceId(pathInfo);
    }

    protected String extractSpaceId(String str) {
        for (String str2 : EXCEPTIONAL_PATH_PREFIXES) {
            if (str.startsWith(str2)) {
                return str.substring(str2.length());
            }
        }
        String str3 = str;
        if (str3.startsWith("/")) {
            str3 = str.substring(1);
        }
        int indexOf = str3.indexOf("/");
        if (indexOf > 0) {
            str3 = str3.substring(0, indexOf);
        }
        return str3;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasContentId(HttpServletRequest httpServletRequest) {
        return getContentId(httpServletRequest) != null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getContentId(HttpServletRequest httpServletRequest) {
        String spaceId = getSpaceId(httpServletRequest);
        if (null == spaceId) {
            return null;
        }
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo.endsWith(spaceId)) {
            return null;
        }
        return pathInfo.substring(pathInfo.indexOf(spaceId) + spaceId.length() + 1);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, AclType> getSpaceACLs(HttpServletRequest httpServletRequest) {
        return getSpaceACLs(getStoreId(httpServletRequest), getSpaceId(httpServletRequest));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, AclType> getSpaceACLs(String str, String str2) {
        return this.authHelper.getSpaceACLs(str, str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpVerb getHttpVerb(HttpServletRequest httpServletRequest) {
        String method = httpServletRequest.getMethod();
        try {
            return HttpVerb.valueOf(method);
        } catch (RuntimeException e) {
            this.log.error("Error determining verb: {}, exception: {}", method, e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<String> getUserGroups(Authentication authentication) {
        return ((DuracloudUserDetails) authentication.getPrincipal()).getGroups();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean groupsHaveReadAccess(List<String> list, Map<String, AclType> map) {
        return this.authHelper.groupsHaveReadAccess(list, map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean groupsHaveWriteAccess(List<String> list, Map<String, AclType> map) {
        return this.authHelper.groupsHaveAccess(list, map, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasReadAccess(String str, Map<String, AclType> map) {
        return this.authHelper.hasReadAccess(str, map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasWriteAccess(String str, Map<String, AclType> map) {
        return this.authHelper.hasWriteAccess(str, map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isAdmin(String str) {
        try {
            Iterator it = this.userDetailsService.loadUserByUsername(str).getAuthorities().iterator();
            while (it.hasNext()) {
                if ("ROLE_ADMIN".equals(((GrantedAuthority) it.next()).getAuthority())) {
                    return true;
                }
            }
            return false;
        } catch (UsernameNotFoundException e) {
            this.log.debug("Not admin: {}, error: {}", str, e);
            return false;
        }
    }

    public StorageProviderFactory getStorageProviderFactory() {
        return this.storageProviderFactory;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpServletRequest getHttpServletRequest(Object obj) {
        HttpServletRequest httpRequest = ((FilterInvocation) obj).getHttpRequest();
        if (null == httpRequest) {
            this.log.warn("HttpServletRequest was null!  " + ("null request: '" + obj + "'"));
        }
        return httpRequest;
    }

    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    public boolean supports(Class cls) {
        return FilterInvocation.class.isAssignableFrom(cls);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isSnapshotMetadataSpace(HttpServletRequest httpServletRequest) {
        return "x-snapshot-metadata".equals(getSpaceId(httpServletRequest));
    }
}
