package io.apiman.manager.api.security.impl;

import io.apiman.common.logging.ApimanLoggerFactory;
import io.apiman.common.logging.IApimanLogger;
import io.apiman.manager.api.beans.idm.DiscoverabilityLevel;
import io.apiman.manager.api.beans.idm.PermissionType;
import io.apiman.manager.api.beans.idm.UserDto;
import io.apiman.manager.api.beans.idm.UserMapper;
import io.apiman.manager.api.core.IStorage;
import io.apiman.manager.api.core.IStorageQuery;
import io.apiman.manager.api.core.config.ApiManagerConfig;
import io.apiman.manager.api.core.exceptions.StorageException;
import io.apiman.manager.api.rest.exceptions.NotAuthorizedException;
import io.apiman.manager.api.rest.exceptions.SystemErrorException;
import io.apiman.manager.api.rest.exceptions.util.ExceptionFactory;
import io.apiman.manager.api.security.ISecurityContext;
import io.apiman.manager.api.security.i18n.Messages;
import io.apiman.manager.api.security.impl.IndexedDiscoverabilities;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:io/apiman/manager/api/security/impl/AbstractSecurityContext.class */
public abstract class AbstractSecurityContext implements ISecurityContext {
    protected static final ThreadLocal<HttpServletRequest> servletRequest = new ThreadLocal<>();
    private static final ThreadLocal<IndexedPermissions> permissions = new ThreadLocal<>();
    private static final IApimanLogger LOGGER = ApimanLoggerFactory.getLogger(AbstractSecurityContext.class);
    private static final ThreadLocal<IndexedDiscoverabilities> discoverabilities = ThreadLocal.withInitial(IndexedDiscoverabilities::new);
    private static final UserMapper userMapper = UserMapper.INSTANCE;
    private final IStorageQuery query;
    private final IStorage storage;
    private final DiscoverabilityOptionsParser discoverabilityConfig;

    public AbstractSecurityContext(IStorageQuery iStorageQuery, IStorage iStorage, ApiManagerConfig apiManagerConfig) {
        this.query = iStorageQuery;
        this.storage = iStorage;
        this.discoverabilityConfig = new DiscoverabilityOptionsParser(apiManagerConfig.getIdmDiscoverabilityMappings());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void clearPermissions() {
        permissions.remove();
        discoverabilities.remove();
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public boolean isAdmin() {
        return servletRequest.get().isUserInRole("apiadmin");
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public String getRequestHeader(String str) {
        return servletRequest.get().getHeader(str);
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public String getCurrentUser() {
        return servletRequest.get().getRemoteUser();
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public String getEmail() {
        return null;
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public String getFullName() {
        return null;
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public boolean hasPermission(PermissionType permissionType, String str) {
        return isAdmin() || getPermissions().hasQualifiedPermission(permissionType, str);
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public boolean hasAllPermissions(Set<PermissionType> set, String str) {
        return set.stream().allMatch(permissionType -> {
            return hasPermission(permissionType, str);
        });
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public boolean hasAnyPermission(Set<PermissionType> set, String str) {
        return set.stream().anyMatch(permissionType -> {
            return hasPermission(permissionType, str);
        });
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public boolean isMemberOf(String str) {
        if (isAdmin()) {
            return true;
        }
        return getPermissions().isMemberOf(str);
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public Set<String> getPermittedOrganizations(PermissionType permissionType) {
        return getPermissions().getOrgQualifiers(permissionType);
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public Set<DiscoverabilityLevel> getPermittedDiscoverabilities() {
        return getDiscoverabilities();
    }

    private IndexedPermissions getPermissions() {
        IndexedPermissions indexedPermissions = permissions.get();
        if (indexedPermissions == null) {
            indexedPermissions = loadPermissions();
            permissions.set(indexedPermissions);
        }
        return indexedPermissions;
    }

    private IndexedPermissions loadPermissions() {
        String currentUser = getCurrentUser();
        if (currentUser == null || currentUser.isBlank()) {
            return new IndexedPermissions(Collections.emptySet());
        }
        try {
            return new IndexedPermissions(this.query.getPermissions(currentUser));
        } catch (StorageException e) {
            LOGGER.error(Messages.getString("AbstractSecurityContext.ErrorLoadingPermissions") + currentUser, e);
            return new IndexedPermissions(new HashSet());
        }
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public void checkPermissions(PermissionType permissionType, String str) throws NotAuthorizedException {
        if (!hasPermission(permissionType, str)) {
            throw ExceptionFactory.notAuthorizedException();
        }
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public void checkAllPermissions(Set<PermissionType> set, String str) throws NotAuthorizedException {
        if (!hasAllPermissions(set, str)) {
            throw ExceptionFactory.notAuthorizedException();
        }
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public void checkAnyPermission(Set<PermissionType> set, String str) throws NotAuthorizedException {
        if (!hasAnyPermission(set, str)) {
            throw ExceptionFactory.notAuthorizedException();
        }
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public void checkAdminPermissions() throws NotAuthorizedException {
        if (!isAdmin()) {
            throw ExceptionFactory.notAuthorizedException();
        }
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public void checkPermissionsOrDiscoverability(ISecurityContext.EntityType entityType, String str, String str2, Set<PermissionType> set) {
        if (!hasPermissionsOrDiscoverable(entityType, str, str2, set)) {
            throw ExceptionFactory.notAuthorizedException();
        }
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public void checkPermissionsOrDiscoverability(ISecurityContext.EntityType entityType, String str, String str2, String str3, Set<PermissionType> set) {
        if (!hasPermissionsOrDiscoverable(entityType, str, str2, str3, set)) {
            throw ExceptionFactory.notAuthorizedException();
        }
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public boolean hasPermissionsOrDiscoverable(ISecurityContext.EntityType entityType, String str, String str2, Set<PermissionType> set) {
        return hasPermissionsOrDiscoverable(entityType, str, str2, null, set);
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public boolean hasPermissionsOrDiscoverable(ISecurityContext.EntityType entityType, String str, String str2, String str3, Set<PermissionType> set) {
        return hasAnyPermission(set, str) || isDiscoverable(entityType, str, str2, str3);
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public boolean isDiscoverable(ISecurityContext.EntityType entityType, String str, String str2) {
        return isDiscoverable(entityType, str, str2, null);
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public boolean isDiscoverable(ISecurityContext.EntityType entityType, String str, String str2, String str3) {
        return isDiscoverable(entityType, str, str2, str3, getDiscoverabilities());
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public boolean isDiscoverable(ISecurityContext.EntityType entityType, String str, String str2, String str3, Set<DiscoverabilityLevel> set) {
        IndexedDiscoverabilities.DILookupResult isVis = isVis(entityType, str, str2, str3, set);
        switch (isVis) {
            case DISCOVERABLE:
                return true;
            case NOT_DISCOVERABLE:
                return false;
            case NOT_IN_INDEX:
                discoverabilities.get().index(this.storage.getOrgApiPlansWithDiscoverability(str, Set.of((Object[]) DiscoverabilityLevel.values())));
                return isVis(entityType, str, str2, str3, set) == IndexedDiscoverabilities.DILookupResult.DISCOVERABLE;
            default:
                throw new IllegalArgumentException("Unhandled index state: " + isVis);
        }
    }

    private IndexedDiscoverabilities.DILookupResult isVis(ISecurityContext.EntityType entityType, String str, String str2, String str3, Set<DiscoverabilityLevel> set) {
        IndexedDiscoverabilities indexedDiscoverabilities = discoverabilities.get();
        return (str3 == null || str3.isBlank()) ? indexedDiscoverabilities.isAnyDiscoverable(entityType, str, str2, set) : indexedDiscoverabilities.isDiscoverable(entityType, str, str2, str3, set);
    }

    private Set<DiscoverabilityLevel> getDiscoverabilities() {
        HttpServletRequest httpServletRequest = servletRequest.get();
        if (httpServletRequest.getRemoteUser() == null) {
            return Set.of(DiscoverabilityLevel.PORTAL, DiscoverabilityLevel.ANONYMOUS);
        }
        HashSet hashSet = new HashSet(4);
        this.discoverabilityConfig.getSourceToDiscoverability().forEach((source, roleSourceDiscoverability) -> {
            switch (source) {
                case IDM_ROLE:
                    if (httpServletRequest.isUserInRole(roleSourceDiscoverability.getName())) {
                        hashSet.addAll(roleSourceDiscoverability.getDiscoverabilities());
                        return;
                    }
                    return;
                case IDM_ATTRIBUTE:
                case APIMAN_ROLE:
                case APIMAN_PERMISSION:
                    throw new UnsupportedOperationException("Support for " + source + " not available on this platform.");
                default:
                    throw new IllegalStateException("Unexpected value: " + source);
            }
        });
        if (hashSet.isEmpty()) {
            hashSet.add(DiscoverabilityLevel.PORTAL);
            hashSet.add(DiscoverabilityLevel.ANONYMOUS);
        }
        return hashSet;
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public void checkIfUserIsCurrentUser(String str) throws NotAuthorizedException {
        if (!isAdmin() && !getCurrentUser().equals(str)) {
            throw ExceptionFactory.notAuthorizedException();
        }
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public List<UserDto> getUsersWithPermission(PermissionType permissionType, String str) {
        try {
            Stream stream = this.storage.getAllUsersWithPermission(permissionType, str).stream();
            UserMapper userMapper2 = userMapper;
            Objects.requireNonNull(userMapper2);
            return (List) stream.map(userMapper2::toDto).collect(Collectors.toList());
        } catch (StorageException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    @Override // io.apiman.manager.api.security.ISecurityContext
    public abstract Locale getLocale();

    @Override // io.apiman.manager.api.security.ISecurityContext
    public List<UserDto> getUsersWithRole(String str, String str2) {
        try {
            Stream stream = this.storage.getAllUsersWithRole(str, str2).stream();
            UserMapper userMapper2 = userMapper;
            Objects.requireNonNull(userMapper2);
            return (List) stream.map(userMapper2::toDto).collect(Collectors.toList());
        } catch (StorageException e) {
            throw new SystemErrorException(e);
        }
    }
}
