package org.duracloud.security.util;

import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.velocity.tools.OldToolInfo;
import org.duracloud.common.model.AclType;
import org.duracloud.security.impl.DuracloudUserDetails;
import org.duracloud.storage.error.NotFoundException;
import org.duracloud.storage.error.StorageException;
import org.duracloud.storage.provider.StorageProvider;
import org.duracloud.storage.util.StorageProviderFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:WEB-INF/lib/security-4.1.9.jar:org/duracloud/security/util/AuthorizationHelper.class */
public class AuthorizationHelper {
    private final Logger log = LoggerFactory.getLogger(AuthorizationHelper.class);
    private StorageProviderFactory storageProviderFactory;

    public AuthorizationHelper(StorageProviderFactory storageProviderFactory) {
        this.storageProviderFactory = storageProviderFactory;
    }

    public List<String> getUserGroups(Authentication authentication) {
        return getUserDetails(authentication).getGroups();
    }

    protected DuracloudUserDetails getUserDetails(Authentication authentication) {
        return (DuracloudUserDetails) authentication.getPrincipal();
    }

    public Collection<GrantedAuthority> getAuthorities(Authentication authentication) {
        return getUserDetails(authentication).getAuthorities();
    }

    public boolean groupsHaveReadAccess(Authentication authentication, Map<String, AclType> map) {
        return groupsHaveAccess(getUserGroups(authentication), map, true);
    }

    public boolean groupsHaveReadAccess(List<String> list, Map<String, AclType> map) {
        return groupsHaveAccess(list, map, true);
    }

    public boolean groupsHaveWriteAccess(List<String> list, Map<String, AclType> map) {
        return groupsHaveAccess(list, map, false);
    }

    public boolean groupsHaveAccess(List<String> list, Map<String, AclType> map, boolean z) {
        if (null == list) {
            return false;
        }
        for (String str : list) {
            if (z && hasReadAccess(str, map)) {
                return true;
            }
            if (!z && hasWriteAccess(str, map)) {
                return true;
            }
        }
        return false;
    }

    public boolean hasReadAccess(String str, Map<String, AclType> map) {
        return hasAccess(str, map, true);
    }

    public boolean hasWriteAccess(String str, Map<String, AclType> map) {
        return hasAccess(str, map, false);
    }

    private boolean hasAccess(String str, Map<String, AclType> map, boolean z) {
        if (null == map) {
            return false;
        }
        String str2 = StorageProvider.PROPERTIES_SPACE_ACL + str;
        if (!map.containsKey(str2)) {
            return false;
        }
        AclType aclType = map.get(str2);
        return z ? AclType.READ.equals(aclType) || AclType.WRITE.equals(aclType) : AclType.WRITE.equals(aclType);
    }

    public boolean hasRole(Authentication authentication, String str) {
        return hasRole(str, getAuthorities(authentication));
    }

    public boolean hasAdmin(Authentication authentication) {
        return hasRole(authentication, "ROLE_ADMIN");
    }

    public boolean hasRole(String str, Collection<GrantedAuthority> collection) {
        Iterator<GrantedAuthority> it = collection.iterator();
        while (it.hasNext()) {
            if (str.equals(it.next().getAuthority())) {
                return true;
            }
        }
        return false;
    }

    public Map<String, AclType> getSpaceACLs(String str, String str2) {
        HashMap hashMap = new HashMap();
        if (null == str2) {
            return hashMap;
        }
        if (str2.equals("security") || str2.equals(OldToolInfo.INIT_METHOD_NAME)) {
            return hashMap;
        }
        StorageProvider storageProvider = this.storageProviderFactory.getStorageProvider(str);
        if (null == storageProvider) {
            return hashMap;
        }
        try {
            return storageProvider.getSpaceACLs(str2);
        } catch (NotFoundException e) {
            this.log.info("Space !exist: {}, exception: {}", str2, e);
            return hashMap;
        } catch (StorageException e2) {
            this.log.warn("Error getting space ACLs: {}, exception: {}", str2, e2);
            return hashMap;
        }
    }
}
