package org.duracloud.security.vote;

import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import net.sf.json.util.JSONUtils;
import org.duracloud.common.model.AclType;
import org.duracloud.common.model.RootUserCredential;
import org.duracloud.security.domain.HttpVerb;
import org.duracloud.security.impl.DuracloudUserDetails;
import org.duracloud.storage.error.NotFoundException;
import org.duracloud.storage.error.StorageException;
import org.duracloud.storage.provider.StorageProvider;
import org.duracloud.storage.util.StorageProviderFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.FilterInvocation;

/* loaded from: input_file:WEB-INF/lib/security-3.2.1.jar:org/duracloud/security/vote/SpaceAccessVoter.class */
public abstract class SpaceAccessVoter implements AccessDecisionVoter {
    private final Logger log = LoggerFactory.getLogger(SpaceAccessVoter.class);
    private StorageProviderFactory storageProviderFactory;
    private UserDetailsService userDetailsService;

    public SpaceAccessVoter(StorageProviderFactory storageProviderFactory, UserDetailsService userDetailsService) {
        this.storageProviderFactory = storageProviderFactory;
        this.userDetailsService = userDetailsService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public StorageProviderFactory getStorageProviderFactory() {
        return this.storageProviderFactory;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isOpenResource(HttpServletRequest httpServletRequest) {
        String spaceId = getSpaceId(httpServletRequest);
        if (null == spaceId) {
            return false;
        }
        return spaceId.equals("spaces") || spaceId.equals("stores") || spaceId.equals("acl") || spaceId.equals("init");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getStoreId(HttpServletRequest httpServletRequest) {
        int indexOf;
        String str = null;
        String queryString = httpServletRequest.getQueryString();
        if (null == queryString) {
            return null;
        }
        String lowerCase = queryString.toLowerCase();
        int indexOf2 = lowerCase.indexOf("storeid");
        if (indexOf2 > -1 && (indexOf = lowerCase.indexOf("=", indexOf2) + 1) == indexOf2 + "storeid".length() + 1) {
            int indexOf3 = lowerCase.indexOf(BeanFactory.FACTORY_BEAN_PREFIX, indexOf);
            str = lowerCase.substring(indexOf, indexOf3 > -1 ? indexOf3 : lowerCase.length());
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getSpaceId(HttpServletRequest httpServletRequest) {
        String pathInfo = httpServletRequest.getPathInfo();
        if (null == pathInfo) {
            return null;
        }
        if (pathInfo.startsWith("/")) {
            pathInfo = pathInfo.substring(1);
        }
        if (pathInfo.startsWith("acl/")) {
            pathInfo = pathInfo.substring("acl/".length());
        }
        int indexOf = pathInfo.indexOf("/");
        if (indexOf > 0) {
            pathInfo = pathInfo.substring(0, indexOf);
        }
        return pathInfo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasContentId(HttpServletRequest httpServletRequest) {
        String spaceId = getSpaceId(httpServletRequest);
        return (null == spaceId || httpServletRequest.getPathInfo().endsWith(spaceId)) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, AclType> getSpaceACLs(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        String storeId = getStoreId(httpServletRequest);
        String spaceId = getSpaceId(httpServletRequest);
        if (null == spaceId) {
            return hashMap;
        }
        if (spaceId.equals("security") || spaceId.equals("init")) {
            return hashMap;
        }
        StorageProvider storageProvider = getStorageProvider(storeId);
        if (null == storageProvider) {
            return hashMap;
        }
        try {
            return storageProvider.getSpaceACLs(spaceId);
        } catch (NotFoundException e) {
            this.log.info("Space !exist: {}, exception: {}", spaceId, e);
            return hashMap;
        } catch (StorageException e2) {
            this.log.warn("Error getting space ACLs: {}, exception: {}", spaceId, e2);
            return hashMap;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpVerb getHttpVerb(HttpServletRequest httpServletRequest) {
        String method = httpServletRequest.getMethod();
        try {
            return HttpVerb.valueOf(method);
        } catch (RuntimeException e) {
            this.log.error("Error determining verb: {}, exception: {}", method, e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<String> getUserGroups(Authentication authentication) {
        return ((DuracloudUserDetails) authentication.getPrincipal()).getGroups();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean groupsHaveReadAccess(List<String> list, Map<String, AclType> map) {
        return groupsHaveAccess(list, map, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean groupsHaveWriteAccess(List<String> list, Map<String, AclType> map) {
        return groupsHaveAccess(list, map, false);
    }

    private boolean groupsHaveAccess(List<String> list, Map<String, AclType> map, boolean z) {
        if (null == list) {
            return false;
        }
        for (String str : list) {
            if (z && hasReadAccess(str, map)) {
                return true;
            }
            if (!z && hasWriteAccess(str, map)) {
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasReadAccess(String str, Map<String, AclType> map) {
        return hasAccess(str, map, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasWriteAccess(String str, Map<String, AclType> map) {
        return hasAccess(str, map, false);
    }

    private boolean hasAccess(String str, Map<String, AclType> map, boolean z) {
        if (RootUserCredential.getRootUsername().equals(str)) {
            return true;
        }
        if (null == map) {
            return false;
        }
        String str2 = StorageProvider.PROPERTIES_SPACE_ACL + str;
        if (!map.containsKey(str2)) {
            return false;
        }
        AclType aclType = map.get(str2);
        return z ? AclType.READ.equals(aclType) || AclType.WRITE.equals(aclType) : AclType.WRITE.equals(aclType);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isAdmin(String str) {
        try {
            Iterator<? extends GrantedAuthority> it = this.userDetailsService.loadUserByUsername(str).getAuthorities().iterator();
            while (it.hasNext()) {
                if ("ROLE_ADMIN".equals(it.next().getAuthority())) {
                    return true;
                }
            }
            return false;
        } catch (UsernameNotFoundException e) {
            this.log.debug("Not admin: {}, error: {}", str, e);
            return false;
        }
    }

    protected StorageProvider getStorageProvider(String str) {
        return this.storageProviderFactory.getStorageProvider(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpServletRequest getHttpServletRequest(Object obj) {
        HttpServletRequest httpRequest = ((FilterInvocation) obj).getHttpRequest();
        if (null == httpRequest) {
            this.log.warn("HttpServletRequest was null!  " + ("null request: '" + obj + JSONUtils.SINGLE_QUOTE));
        }
        return httpRequest;
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public boolean supports(Class cls) {
        return FilterInvocation.class.isAssignableFrom(cls);
    }
}
