package org.finra.herd.service.helper;

import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.TreeSet;
import org.apache.commons.lang3.StringUtils;
import org.finra.herd.core.helper.ConfigurationHelper;
import org.finra.herd.dao.NamespaceIamRoleAuthorizationDao;
import org.finra.herd.model.dto.ConfigurationValue;
import org.finra.herd.model.jpa.NamespaceEntity;
import org.finra.herd.model.jpa.NamespaceIamRoleAuthorizationEntity;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/herd-service-0.66.0.jar:org/finra/herd/service/helper/NamespaceIamRoleAuthorizationHelper.class */
public class NamespaceIamRoleAuthorizationHelper {

    @Autowired
    private ConfigurationHelper configurationHelper;

    @Autowired
    private NamespaceIamRoleAuthorizationDao namespaceIamRoleAuthorizationDao;

    public void checkPermissions(NamespaceEntity namespaceEntity, String... strArr) {
        checkPermissions(namespaceEntity, Arrays.asList(strArr));
    }

    public void checkPermissions(NamespaceEntity namespaceEntity, Collection<String> collection) {
        if (Boolean.TRUE.equals(this.configurationHelper.getBooleanProperty(ConfigurationValue.NAMESPACE_IAM_ROLE_AUTHORIZATION_ENABLED))) {
            HashSet hashSet = new HashSet();
            Iterator<NamespaceIamRoleAuthorizationEntity> it = this.namespaceIamRoleAuthorizationDao.getNamespaceIamRoleAuthorizations(namespaceEntity).iterator();
            while (it.hasNext()) {
                hashSet.add(it.next().getIamRoleName().toUpperCase().trim());
            }
            TreeSet treeSet = new TreeSet();
            for (String str : collection) {
                if (StringUtils.isNotBlank(str) && !hashSet.contains(str.toUpperCase().trim())) {
                    treeSet.add(str);
                }
            }
            if (!treeSet.isEmpty()) {
                throw new AccessDeniedException(String.format("The namespace \"%s\" does not have access to the following IAM roles: %s", namespaceEntity.getCode(), treeSet));
            }
        }
    }
}
