package io.streamthoughts.azkarra.http.security.authorizer;

import io.streamthoughts.azkarra.api.config.Conf;
import io.streamthoughts.azkarra.api.config.Configurable;
import io.streamthoughts.azkarra.http.security.SecurityConfig;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;

/* loaded from: input_file:io/streamthoughts/azkarra/http/security/authorizer/SimpleAuthorizationManager.class */
public class SimpleAuthorizationManager implements AuthorizationManager, Configurable {
    private static final String AUTHORIZE_ANY_ROLE = "*";
    private boolean authorizeAll = false;
    private List<String> roles = Collections.emptyList();
    private List<String> restricted = Collections.emptyList();

    public void configure(Conf conf) {
        SecurityConfig securityConfig = new SecurityConfig(conf);
        if (securityConfig.getAuthenticationRoles().equals(AUTHORIZE_ANY_ROLE)) {
            this.authorizeAll = true;
        }
        this.roles = splitRoles(securityConfig.getAuthenticationRoles());
        this.restricted = splitRoles(securityConfig.getAuthenticationRestricted());
    }

    private List<String> splitRoles(String str) {
        return (List) Arrays.stream(str.split(",")).map((v0) -> {
            return v0.trim();
        }).collect(Collectors.toList());
    }

    @Override // io.streamthoughts.azkarra.http.security.authorizer.AuthorizationManager
    public AuthorizationResult authenticate(AuthorizationContext authorizationContext) {
        if (this.authorizeAll || hasRole(this.roles, authorizationContext)) {
            return (hasRole(this.restricted, authorizationContext) && isWriteAccess(authorizationContext.resource())) ? AuthorizationResult.DENIED : AuthorizationResult.ALLOWED;
        }
        return AuthorizationResult.DENIED;
    }

    private static boolean isWriteAccess(HttpResource httpResource) {
        String httpMethod = httpResource.httpMethod();
        return httpMethod.equals("POST") || httpMethod.equals("PUT") || httpMethod.equals("DELETE");
    }

    private static boolean hasRole(List<String> list, AuthorizationContext authorizationContext) {
        if (list.contains(authorizationContext.principal().getName())) {
            return true;
        }
        Iterator it = ((List) authorizationContext.authorities().stream().map((v0) -> {
            return v0.get();
        }).collect(Collectors.toList())).iterator();
        while (it.hasNext()) {
            if (list.contains((String) it.next())) {
                return true;
            }
        }
        return false;
    }
}
