package de.otto.hmac.authorization;

import de.otto.hmac.StringUtils;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import javax.annotation.Resource;
import org.springframework.beans.factory.annotation.Required;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:de/otto/hmac/authorization/DefaultAuthorizationService.class */
public class DefaultAuthorizationService implements AuthorizationService {
    private RoleRepository userRepository;

    @Resource
    @Required
    public void setUserRepository(RoleRepository roleRepository) {
        this.userRepository = roleRepository;
    }

    @Override // de.otto.hmac.authorization.AuthorizationService
    public void authorize(String str, Set<String> set) {
        if (!DISABLE_AUTHORIZATION_FOR_UNSIGNED_REQUESTS(str) && intersection(set, this.userRepository.getRolesForUser(str)).isEmpty()) {
            throw new AuthorizationException(createErrorMessage(str, set));
        }
    }

    private Set<String> intersection(Collection<String> collection, Collection<String> collection2) {
        HashSet hashSet = new HashSet(collection);
        hashSet.retainAll(collection2);
        return hashSet;
    }

    private static boolean DISABLE_AUTHORIZATION_FOR_UNSIGNED_REQUESTS(String str) {
        return str == null;
    }

    private static String createErrorMessage(String str, Set<String> set) {
        return String.format("%s is not in one of these groups: %s.", StringUtils.isNullOrEmpty(str) ? "Anonymous user" : "[" + str + "]", set);
    }
}
