package no.nav.apiapp.security;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import no.nav.brukerdialog.security.domain.IdentType;
import no.nav.common.auth.AuthorizationModule;
import no.nav.common.auth.SecurityLevel;
import no.nav.common.auth.Subject;

/* loaded from: input_file:no/nav/apiapp/security/ApiAppAuthorizationModule.class */
public class ApiAppAuthorizationModule implements AuthorizationModule {
    private AuthorizationModule customAuthorizationModule;
    private SecurityLevel defaultSecurityLevel;
    private Map<String, SecurityLevel> pathToSecurityLevel;

    public ApiAppAuthorizationModule(AuthorizationModule authorizationModule, SecurityLevel securityLevel, Map<SecurityLevel, List<String>> map) {
        this.customAuthorizationModule = authorizationModule;
        this.defaultSecurityLevel = securityLevel;
        this.pathToSecurityLevel = mapAndValidateSecurityLevels(map);
    }

    private Map<String, SecurityLevel> mapAndValidateSecurityLevels(Map<SecurityLevel, List<String>> map) {
        HashMap hashMap = new HashMap();
        map.forEach((securityLevel, list) -> {
            list.forEach(str -> {
                if (hashMap.containsKey(str)) {
                    throw new IllegalStateException("Ambiguous security level for " + str);
                }
                if (!str.matches("^[^/?&=]+$")) {
                    throw new IllegalStateException("Invalid path for security level " + str);
                }
                hashMap.put(str, securityLevel);
            });
        });
        return hashMap;
    }

    public boolean authorized(Subject subject, HttpServletRequest httpServletRequest) {
        return securityLevelAuthorization(subject, httpServletRequest) && customAuthorization(subject, httpServletRequest);
    }

    private boolean securityLevelAuthorization(Subject subject, HttpServletRequest httpServletRequest) {
        return !IdentType.EksternBruker.equals(subject.getIdentType()) || securityLevelForPathsAuthorization(subject, httpServletRequest).orElse(Boolean.valueOf(defaultSecurityLevelAuthorization(subject, httpServletRequest))).booleanValue();
    }

    private boolean defaultSecurityLevelAuthorization(Subject subject, HttpServletRequest httpServletRequest) {
        return ((Boolean) Optional.ofNullable(this.defaultSecurityLevel).map(securityLevel -> {
            return Boolean.valueOf(SecurityLevelAuthorizationModule.authorized(subject, httpServletRequest, securityLevel));
        }).orElse(true)).booleanValue();
    }

    private Optional<Boolean> securityLevelForPathsAuthorization(Subject subject, HttpServletRequest httpServletRequest) {
        SecurityLevel securityLevel = SecurityLevelAuthorizationModule.getSecurityLevel(subject);
        return getRequiredSecurityLevel(httpServletRequest).map(securityLevel2 -> {
            return Boolean.valueOf(securityLevel.getSecurityLevel() >= securityLevel2.getSecurityLevel());
        });
    }

    private Optional<SecurityLevel> getRequiredSecurityLevel(HttpServletRequest httpServletRequest) {
        return getSecurityLevelKey(httpServletRequest).flatMap(str -> {
            return Optional.ofNullable(this.pathToSecurityLevel.get(str));
        });
    }

    private Optional<String> getSecurityLevelKey(HttpServletRequest httpServletRequest) {
        return Optional.ofNullable(httpServletRequest.getPathInfo()).map(str -> {
            return str.substring(1);
        }).map(str2 -> {
            return str2.indexOf(47) != -1 ? str2.substring(0, str2.indexOf(47)) : str2;
        });
    }

    private boolean customAuthorization(Subject subject, HttpServletRequest httpServletRequest) {
        return ((Boolean) Optional.ofNullable(this.customAuthorizationModule).map(authorizationModule -> {
            return Boolean.valueOf(authorizationModule.authorized(subject, httpServletRequest));
        }).orElse(true)).booleanValue();
    }
}
