package org.lockss.spring.auth;

import java.security.AccessControlException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import org.lockss.log.L4JLogger;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:org/lockss/spring/auth/AuthUtil.class */
public class AuthUtil {
    private static final L4JLogger log = L4JLogger.getLogger();

    public static void checkHasRole(String... strArr) {
        checkHasRole(SecurityContextHolder.getContext().getAuthentication(), strArr);
    }

    public static void checkHasRole(Authentication authentication, String... strArr) {
        String name = authentication.getName();
        ArrayList arrayList = new ArrayList();
        Iterator it = authentication.getAuthorities().iterator();
        while (it.hasNext()) {
            arrayList.add(((GrantedAuthority) it.next()).getAuthority());
        }
        log.debug2("userName = {}", name);
        log.debug2("userRoles = {}", arrayList);
        log.debug2("permissibleRoles = {}", Arrays.toString(strArr));
        if (arrayList.contains("userAdminRole")) {
            log.debug2("Authorized as administrator.");
            return;
        }
        if (strArr == null || strArr.length == 0) {
            log.debug2("Unauthorized like any non-administrator");
            throw new AccessControlException("Unauthorized like any non-administrator");
        }
        for (String str : strArr) {
            log.trace("permissibleRole = {}", str);
            if (Roles.ROLE_ANY.equals(str)) {
                log.debug2("Authorized like everybody else.");
                return;
            } else {
                if (arrayList.contains(str)) {
                    log.debug2("Authorized because user is in role.");
                    return;
                }
            }
        }
        String str2 = "Unauthorized because user '" + name + "'does not have any of the permissible roles";
        log.debug2(str2);
        throw new AccessControlException(str2);
    }
}
