package org.finra.herd.service.helper;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.finra.herd.model.api.xml.NamespaceAuthorization;
import org.finra.herd.model.api.xml.NamespacePermissionEnum;
import org.finra.herd.model.dto.ApplicationUser;
import org.finra.herd.model.dto.SecurityUserWrapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/herd-service-0.88.0.jar:org/finra/herd/service/helper/NamespaceSecurityHelper.class */
public class NamespaceSecurityHelper {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) NamespaceSecurityHelper.class);

    public void checkPermission(Object obj, NamespacePermissionEnum[] namespacePermissionEnumArr) {
        ArrayList arrayList = new ArrayList();
        checkPermission(obj, namespacePermissionEnumArr, arrayList);
        if (!arrayList.isEmpty()) {
            throw getAccessDeniedException(arrayList);
        }
    }

    public void checkPermission(String str, NamespacePermissionEnum[] namespacePermissionEnumArr) {
        if (!isAuthenticated() || StringUtils.isBlank(str)) {
            return;
        }
        String trim = str.trim();
        ApplicationUser applicationUser = getApplicationUser();
        if (isAuthorized(applicationUser, trim, namespacePermissionEnumArr)) {
            return;
        }
        String str2 = "[" + ((String) Arrays.asList(namespacePermissionEnumArr).stream().map(namespacePermissionEnum -> {
            return namespacePermissionEnum.toString();
        }).collect(Collectors.joining(" OR "))) + "]";
        LOGGER.warn(String.format("User does not have permission(s) to the namespace. %s namespace=\"%s\" permissions=\"%s\"", applicationUser, trim, str2));
        if (applicationUser == null) {
            throw new AccessDeniedException(String.format("Current user does not have \"%s\" permission(s) to the namespace \"%s\"", str2, trim));
        }
        throw new AccessDeniedException(String.format("User \"%s\" does not have \"%s\" permission(s) to the namespace \"%s\"", applicationUser.getUserId(), str2, trim));
    }

    public AccessDeniedException getAccessDeniedException(List<AccessDeniedException> list) {
        StringBuilder sb = new StringBuilder();
        Iterator<AccessDeniedException> it = list.iterator();
        while (it.hasNext()) {
            sb.append(String.format("%s%n", it.next().getMessage()));
        }
        return new AccessDeniedException(sb.toString().trim());
    }

    public Set<String> getAuthorizedNamespaces(NamespacePermissionEnum... namespacePermissionEnumArr) {
        ApplicationUser applicationUser;
        HashSet hashSet = new HashSet();
        if (SecurityContextHolder.getContext().getAuthentication() != null && (applicationUser = getApplicationUser()) != null) {
            for (NamespaceAuthorization namespaceAuthorization : applicationUser.getNamespaceAuthorizations()) {
                if (namespaceAuthorization.getNamespacePermissions().containsAll(Arrays.asList(namespacePermissionEnumArr))) {
                    hashSet.add(namespaceAuthorization.getNamespace());
                }
            }
        }
        return hashSet;
    }

    private boolean isAuthorized(ApplicationUser applicationUser, String str, NamespacePermissionEnum... namespacePermissionEnumArr) {
        if (applicationUser == null || applicationUser.getNamespaceAuthorizations() == null) {
            return false;
        }
        for (NamespaceAuthorization namespaceAuthorization : applicationUser.getNamespaceAuthorizations()) {
            List<NamespacePermissionEnum> namespacePermissions = namespaceAuthorization.getNamespacePermissions();
            if (namespacePermissions == null) {
                namespacePermissions = Collections.emptyList();
            }
            if (StringUtils.equalsIgnoreCase(namespaceAuthorization.getNamespace(), str)) {
                Stream<NamespacePermissionEnum> stream = namespacePermissions.stream();
                List asList = Arrays.asList(namespacePermissionEnumArr);
                asList.getClass();
                if (stream.anyMatch((v1) -> {
                    return r1.contains(v1);
                })) {
                    return true;
                }
            }
        }
        return false;
    }

    private void checkPermission(Object obj, NamespacePermissionEnum[] namespacePermissionEnumArr, List<AccessDeniedException> list) {
        if (obj != null) {
            if (obj instanceof Collection) {
                Iterator it = ((Collection) obj).iterator();
                while (it.hasNext()) {
                    checkPermission(it.next(), namespacePermissionEnumArr, list);
                }
            } else {
                if (!(obj instanceof String)) {
                    throw new IllegalStateException(String.format("Object must be of type %s or %s. Actual object.class = %s", String.class, Collection.class, obj.getClass()));
                }
                try {
                    checkPermission((String) obj, namespacePermissionEnumArr);
                } catch (AccessDeniedException e) {
                    list.add(e);
                }
            }
        }
    }

    private ApplicationUser getApplicationUser() {
        Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        if (principal == null || !(principal instanceof SecurityUserWrapper)) {
            return null;
        }
        return ((SecurityUserWrapper) principal).getApplicationUser();
    }

    private boolean isAuthenticated() {
        return SecurityContextHolder.getContext().getAuthentication() != null;
    }
}
