package cern.c2mon.web.ui.security;

import cern.c2mon.client.common.service.SessionService;
import cern.c2mon.client.common.util.RbacAuthorizationDetailsParser;
import cern.c2mon.shared.client.command.RbacAuthorizationDetails;
import java.io.IOException;
import java.util.Collection;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDecisionManager;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.FilterInvocation;

/* loaded from: input_file:cern/c2mon/web/ui/security/RbacDecisionManager.class */
public class RbacDecisionManager implements AccessDecisionManager {
    private static final Logger log = LoggerFactory.getLogger(RbacDecisionManager.class);
    private final Map<String, String> authorizationDetails;
    private final SessionService sessionService;

    public RbacDecisionManager(SessionService sessionService, Map<String, String> map) {
        this.sessionService = sessionService;
        this.authorizationDetails = map;
    }

    public void decide(Authentication authentication, Object obj, Collection collection) throws AccessDeniedException, InsufficientAuthenticationException {
        String str = (String) authentication.getPrincipal();
        String requestUrl = ((FilterInvocation) obj).getRequestUrl();
        log.debug(str + " tries to access url:" + requestUrl);
        RbacAuthorizationDetails requiredPermissions = getRequiredPermissions(requestUrl);
        if (requiredPermissions == null) {
            log.debug("no special permissions required to access: " + requestUrl);
            return;
        }
        if (!this.sessionService.isUserLogged(str)) {
            log.debug(str + " tried to access: " + requestUrl + " but is not logged in.");
            authentication.setAuthenticated(false);
            throw new AccessDeniedException("User not logged in");
        }
        if (this.sessionService.isAuthorized(str, requiredPermissions)) {
            log.info(str + " successfully authorised to access: " + requestUrl);
        } else {
            log.debug(str + " tried to access: " + requestUrl + " but does not have permission.");
            throw new AccessDeniedException("Permission denied");
        }
    }

    private RbacAuthorizationDetails getRequiredPermissions(String str) {
        for (String str2 : this.authorizationDetails.keySet()) {
            if (str.contains(str2)) {
                return splitDetails(this.authorizationDetails.get(str2));
            }
        }
        return null;
    }

    private RbacAuthorizationDetails splitDetails(String str) {
        try {
            return RbacAuthorizationDetailsParser.parseRbacDetails(str);
        } catch (IOException e) {
            throw new AccessDeniedException("Not able to fetch RbacAuthorizationDetails. Access has been denied.");
        }
    }

    public boolean supports(Class cls) {
        return FilterInvocation.class.isAssignableFrom(cls);
    }

    public boolean supports(ConfigAttribute configAttribute) {
        return true;
    }
}
