package org.ojbc.mondrian.rest;

import java.util.Map;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.ojbc.mondrian.rest.RequestAuthorizer;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/classes/org/ojbc/mondrian/rest/BearerTokenRequestAuthorizer.class */
public class BearerTokenRequestAuthorizer implements RequestAuthorizer {
    private final Log log = LogFactory.getLog(BearerTokenRequestAuthorizer.class);
    private Map<String, Map<String, String>> tokenRoleMappings;

    @Value("${bearerTokenRequestAuthorizerConfigFileName:bearer-token-request-authorizer.json}")
    private String bearerTokenRequestAuthorizerConfigFileName;

    @PostConstruct
    public void init() throws Exception {
        this.tokenRoleMappings = RequestAuthorizer.AuthorizerUtil.convertRoleConnectionJsonToMaps(this.bearerTokenRequestAuthorizerConfigFileName);
    }

    public void setBearerTokenRequestAuthorizerConfigFileName(String str) {
        this.bearerTokenRequestAuthorizerConfigFileName = str;
    }

    public Map<String, Map<String, String>> getTokenRoleMappings() {
        return this.tokenRoleMappings;
    }

    void setTokenRoleMappings(Map<String, Map<String, String>> map) {
        this.tokenRoleMappings = map;
    }

    @Override // org.ojbc.mondrian.rest.RequestAuthorizer
    public RequestAuthorizer.RequestAuthorizationStatus authorizeRequest(HttpServletRequest httpServletRequest, String str) {
        RequestAuthorizer.RequestAuthorizationStatus requestAuthorizationStatus = new RequestAuthorizer.RequestAuthorizationStatus();
        requestAuthorizationStatus.authorized = false;
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.matches("^Bearer .+")) {
            requestAuthorizationStatus.message = "Authentication failed, no bearer authentication header present in request.";
        } else {
            String replaceFirst = header.replaceFirst("^Bearer (.+)", "$1");
            requestAuthorizationStatus.token = replaceFirst;
            Map<String, String> map = this.tokenRoleMappings.get(replaceFirst);
            if (map == null) {
                requestAuthorizationStatus.message = "Authentication failed.  Token " + replaceFirst + " not found in config.";
            } else if (str != null) {
                String str2 = map.get(str);
                if (str2 != null) {
                    requestAuthorizationStatus.authorized = true;
                    requestAuthorizationStatus.mondrianRole = str2;
                    if (str2.equals(ALL_ACCESS_ROLE_NAME)) {
                        requestAuthorizationStatus.mondrianRole = null;
                    }
                } else {
                    requestAuthorizationStatus.message = "Authentication failed.  Token " + replaceFirst + " found in config but not mapped to any connections.";
                }
            } else {
                requestAuthorizationStatus.message = "Authentication failed.  Query request did not specify a connection.";
            }
        }
        return requestAuthorizationStatus;
    }
}
