package io.camunda.zeebe.gateway.rest.validator;

import io.camunda.zeebe.gateway.rest.RequestMapper;
import io.camunda.zeebe.gateway.rest.RestErrorMapper;
import io.camunda.zeebe.protocol.record.RejectionType;
import io.camunda.zeebe.util.Either;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.regex.Pattern;
import org.springframework.http.HttpStatus;
import org.springframework.http.ProblemDetail;

/* loaded from: input_file:io/camunda/zeebe/gateway/rest/validator/MultiTenancyValidator.class */
public final class MultiTenancyValidator {
    private static final Pattern TENANT_ID_MASK = Pattern.compile("^[\\w\\.-]{1,31}$");

    public static Optional<ProblemDetail> validateAuthorization(String str, boolean z, String str2) {
        if (!z) {
            return Optional.empty();
        }
        List authenticatedTenantIds = RequestMapper.getAuthentication().authenticatedTenantIds();
        return (authenticatedTenantIds == null || !authenticatedTenantIds.contains(str)) ? Optional.of(RestErrorMapper.createProblemDetail(HttpStatus.UNAUTHORIZED, ErrorMessages.ERROR_MESSAGE_INVALID_TENANT.formatted(str2, str, "tenant is not authorized to perform this request"), HttpStatus.UNAUTHORIZED.name())) : Optional.empty();
    }

    public static Either<ProblemDetail, String> validateTenantId(String str, boolean z, String str2) {
        boolean z2 = (str == null || str.isBlank()) ? false : true;
        if (!z) {
            return (!z2 || "<default>".equals(str)) ? Either.right("<default>") : Either.left(RestErrorMapper.createProblemDetail(HttpStatus.BAD_REQUEST, ErrorMessages.ERROR_MESSAGE_INVALID_TENANT.formatted(str2, str, "multi-tenancy is disabled"), RejectionType.INVALID_ARGUMENT.name()));
        }
        ArrayList arrayList = new ArrayList();
        if (!z2) {
            arrayList.add(ErrorMessages.ERROR_MESSAGE_INVALID_TENANT.formatted(str2, str, "no tenant identifier was provided"));
        } else if (str.length() > 31) {
            arrayList.add(ErrorMessages.ERROR_MESSAGE_INVALID_TENANT.formatted(str2, str, "tenant identifier is longer than 31 characters"));
        } else if (!"<default>".equals(str) && !TENANT_ID_MASK.matcher(str).matches()) {
            arrayList.add(ErrorMessages.ERROR_MESSAGE_INVALID_TENANT.formatted(str2, str, "tenant identifier contains illegal characters"));
        }
        return (Either) RequestValidator.createProblemDetail(arrayList).map((v0) -> {
            return Either.left(v0);
        }).orElseGet(() -> {
            return Either.right(str);
        });
    }
}
