package io.apiman.gateway.engine.policies;

import io.apiman.gateway.engine.beans.ApiRequest;
import io.apiman.gateway.engine.beans.PolicyFailureType;
import io.apiman.gateway.engine.components.IPolicyFailureFactoryComponent;
import io.apiman.gateway.engine.policies.config.AuthorizationConfig;
import io.apiman.gateway.engine.policies.config.AuthorizationRule;
import io.apiman.gateway.engine.policies.config.IgnoredResource;
import io.apiman.gateway.engine.policies.config.MultipleMatchType;
import io.apiman.gateway.engine.policies.config.UnmatchedRequestType;
import io.apiman.gateway.engine.policies.i18n.Messages;
import io.apiman.gateway.engine.policy.IPolicyChain;
import io.apiman.gateway.engine.policy.IPolicyContext;
import java.util.HashSet;
import java.util.Set;

/* loaded from: input_file:io/apiman/gateway/engine/policies/AuthorizationPolicy.class */
public class AuthorizationPolicy extends AbstractMappedPolicy<AuthorizationConfig> {
    public static final String AUTHENTICATED_USER_ROLES = "io.apiman.policies.auth::authenticated-user-roles";

    @Override // io.apiman.gateway.engine.policies.AbstractMappedPolicy
    protected Class<AuthorizationConfig> getConfigurationClass() {
        return AuthorizationConfig.class;
    }

    /* renamed from: doApply, reason: avoid collision after fix types in other method */
    protected void doApply2(ApiRequest apiRequest, IPolicyContext iPolicyContext, AuthorizationConfig authorizationConfig, IPolicyChain<ApiRequest> iPolicyChain) {
        Set<String> set = (Set) iPolicyContext.getAttribute(AUTHENTICATED_USER_ROLES, (HashSet) null);
        String type = apiRequest.getType();
        String destination = apiRequest.getDestination();
        if (set == null) {
            iPolicyChain.doFailure(iPolicyContext.getComponent(IPolicyFailureFactoryComponent.class).createFailure(PolicyFailureType.Other, PolicyFailureCodes.CONFIGURATION_ERROR, Messages.i18n.format("AuthorizationPolicy.MissingRoles", new Object[0])));
        } else if (isAuthorized(authorizationConfig, type, destination, set)) {
            iPolicyChain.doApply(apiRequest);
        } else {
            iPolicyChain.doFailure(iPolicyContext.getComponent(IPolicyFailureFactoryComponent.class).createFailure(PolicyFailureType.Authorization, PolicyFailureCodes.USER_NOT_AUTHORIZED, Messages.i18n.format("AuthorizationPolicy.Unauthorized", new Object[0])));
        }
    }

    private boolean isAuthorized(AuthorizationConfig authorizationConfig, String str, String str2, Set<String> set) {
        if (str2 == null || str2.trim().length() == 0) {
            str2 = "/";
        }
        boolean z = authorizationConfig.getMultiMatch() != MultipleMatchType.any;
        boolean z2 = false;
        for (AuthorizationRule authorizationRule : authorizationConfig.getRules()) {
            boolean z3 = IgnoredResource.VERB_MATCH_ALL.equals(authorizationRule.getVerb()) || str.equalsIgnoreCase(authorizationRule.getVerb());
            boolean matches = str2.matches(authorizationRule.getPathPattern());
            if (z3 && matches) {
                boolean contains = set.contains(authorizationRule.getRole());
                z2 = true;
                z = authorizationConfig.getMultiMatch() == MultipleMatchType.any ? z || contains : z && contains;
            }
        }
        if (!z2) {
            z = authorizationConfig.getRequestUnmatched() == UnmatchedRequestType.pass;
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // io.apiman.gateway.engine.policies.AbstractMappedPolicy
    public /* bridge */ /* synthetic */ void doApply(ApiRequest apiRequest, IPolicyContext iPolicyContext, AuthorizationConfig authorizationConfig, IPolicyChain iPolicyChain) {
        doApply2(apiRequest, iPolicyContext, authorizationConfig, (IPolicyChain<ApiRequest>) iPolicyChain);
    }
}
