package org.restlet.ext.apispark.internal.agent.module;

import java.util.Iterator;
import java.util.List;
import java.util.logging.Logger;
import org.restlet.Context;
import org.restlet.Request;
import org.restlet.Response;
import org.restlet.Restlet;
import org.restlet.data.Status;
import org.restlet.ext.apispark.internal.ApiSparkConfig;
import org.restlet.ext.apispark.internal.agent.AgentConfigurationException;
import org.restlet.ext.apispark.internal.agent.AgentUtils;
import org.restlet.ext.apispark.internal.agent.bean.ModulesSettings;
import org.restlet.ext.apispark.internal.agent.bean.OperationAuthorization;
import org.restlet.ext.apispark.internal.agent.bean.OperationsAuthorization;
import org.restlet.ext.apispark.internal.agent.resource.AuthorizationOperationsResource;
import org.restlet.routing.Filter;
import org.restlet.routing.Router;
import org.restlet.routing.TemplateRoute;
import org.restlet.security.Role;

/* loaded from: input_file:org/restlet/ext/apispark/internal/agent/module/AuthorizationModule.class */
public class AuthorizationModule extends Filter {
    protected static Logger LOGGER = Logger.getLogger(AuthorizationModule.class.getName());
    public static final String MODULE_PATH = "/authorization";
    public static final String OPERATIONS_AUTHORIZATIONS_PATH = "/authorization/operations";
    private Router router;

    /* loaded from: input_file:org/restlet/ext/apispark/internal/agent/module/AuthorizationModule$RestletOperationAuthorization.class */
    private static class RestletOperationAuthorization extends Restlet {
        private OperationAuthorization operationAuthorization;

        private RestletOperationAuthorization(OperationAuthorization operationAuthorization) {
            this.operationAuthorization = operationAuthorization;
        }

        public OperationAuthorization getOperationAuthorization() {
            return this.operationAuthorization;
        }

        public void setOperationAuthorization(OperationAuthorization operationAuthorization) {
            this.operationAuthorization = operationAuthorization;
        }
    }

    public AuthorizationModule(ApiSparkConfig apiSparkConfig, ModulesSettings modulesSettings) {
        this(apiSparkConfig, modulesSettings, null);
    }

    public AuthorizationModule(ApiSparkConfig apiSparkConfig, ModulesSettings modulesSettings, Context context) {
        super(context);
        try {
            OperationsAuthorization authorizations = ((AuthorizationOperationsResource) AgentUtils.getClientResource(apiSparkConfig, modulesSettings, AuthorizationOperationsResource.class, OPERATIONS_AUTHORIZATIONS_PATH)).getAuthorizations();
            this.router = new Router();
            for (OperationAuthorization operationAuthorization : authorizations) {
                this.router.attach(operationAuthorization.getPathTemplate(), new RestletOperationAuthorization(operationAuthorization));
            }
        } catch (Exception e) {
            throw new AgentConfigurationException("Could not get authorization module configuration from APISpark connector service", e);
        }
    }

    protected int beforeHandle(Request request, Response response) {
        TemplateRoute next = this.router.getNext(request, response);
        if (next == null) {
            response.setStatus(Status.CLIENT_ERROR_NOT_FOUND);
            return 2;
        }
        RestletOperationAuthorization restletOperationAuthorization = (RestletOperationAuthorization) next.getNext();
        List<Role> roles = request.getClientInfo().getRoles();
        boolean z = false;
        OperationAuthorization operationAuthorization = restletOperationAuthorization.getOperationAuthorization();
        List<String> groupsAllowed = operationAuthorization.getGroupsAllowed();
        if (groupsAllowed != null) {
            for (String str : groupsAllowed) {
                if (hasRole(roles, str) || "anyone".equals(str)) {
                    z = true;
                    break;
                }
            }
        } else {
            LOGGER.warning("No group is allowed for method " + operationAuthorization.getMethod() + " on this resource: " + operationAuthorization.getPathTemplate());
        }
        if (z) {
            return 0;
        }
        response.setStatus(Status.CLIENT_ERROR_FORBIDDEN);
        return 2;
    }

    protected boolean hasRole(List<Role> list, String str) {
        Iterator<Role> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().getName().equals(str)) {
                return true;
            }
        }
        return false;
    }
}
