package org.datacleaner.monitor.server.security;

import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.datacleaner.monitor.shared.model.DCSecurityException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.context.support.WebApplicationContextUtils;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:WEB-INF/lib/DataCleaner-monitor-services-4.0-RC2.jar:org/datacleaner/monitor/server/security/TenantCheckFilter.class */
public class TenantCheckFilter extends GenericFilterBean {
    private static final Logger logger = LoggerFactory.getLogger(TenantCheckFilter.class);
    private final Pattern _pattern = Pattern.compile("/repository/([a-zA-Z0-9]+)/.*");
    private TenantResolver _tenantResolver;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.web.filter.GenericFilterBean
    public void initFilterBean() throws ServletException {
        super.initFilterBean();
        this._tenantResolver = (TenantResolver) WebApplicationContextUtils.getWebApplicationContext(getServletContext()).getBean(TenantResolver.class);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletRequest instanceof HttpServletRequest) {
            String requestURI = ((HttpServletRequest) servletRequest).getRequestURI();
            Matcher matcher = this._pattern.matcher(requestURI);
            if (matcher == null || !matcher.find()) {
                logger.debug("Could not match any tenant id in servlet path: {}", requestURI);
            } else {
                String group = matcher.group(1);
                logger.debug("Matched tenant id: '{}' in servlet path: {}", group, requestURI);
                Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
                if (authentication == null) {
                    logger.warn("Could not perform tenant check because Authentication is null");
                } else {
                    UserBean userBean = new UserBean(this._tenantResolver);
                    userBean.updateUser(authentication);
                    String tenant = userBean.getTenant();
                    if (!userBean.isGod() && !tenant.equalsIgnoreCase(group)) {
                        String str = "User " + userBean.getUsername() + " (" + tenant + ") is not authorized to access tenant: " + group;
                        if (!(servletResponse instanceof HttpServletResponse)) {
                            throw new DCSecurityException(str);
                        }
                        ((HttpServletResponse) servletResponse).sendError(401, str);
                        return;
                    }
                    logger.debug("Tenant check passed");
                }
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }
}
