package org.gorpipe.gor.auth;

import com.google.common.base.Strings;
import java.nio.file.Paths;
import java.util.List;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.gorpipe.exceptions.GorSystemException;
import org.gorpipe.gor.auth.utils.CsaApiUtils;
import org.gorpipe.security.cred.CsaApiService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gorpipe/gor/auth/GorAuth.class */
public abstract class GorAuth implements AutoCloseable {
    public static final String REALM_ACCESS = "realm_access";
    public static final String ROLES = "roles";
    private static final String USER_DATA = "user_data";
    protected AuthConfig config;
    protected SecurityPolicy securityPolicy;
    protected CsaApiService csaApiService;
    private static final Logger log = LoggerFactory.getLogger(PlainAuth.class);

    public GorAuth(AuthConfig authConfig, CsaApiService csaApiService) {
        this.config = authConfig;
        this.csaApiService = csaApiService;
    }

    public abstract GorAuthInfo getGorAuthInfo(String str);

    public GorAuthInfo getGorAuthInfo(String str, JsonWebToken jsonWebToken) {
        return null;
    }

    public SecurityPolicy getSecurityPolicy() {
        return this.securityPolicy;
    }

    public boolean hasAccessBasedOnRoles(List<String> list, AuthorizationAction authorizationAction, String str) {
        return GorAuthRoleMatcher.hasRolebasedAccess(list, str, null, authorizationAction);
    }

    @Override // java.lang.AutoCloseable
    public void close() {
    }

    public GorAuthInfo updateGorAuthInfo(GorAuthInfo gorAuthInfo) {
        if (this.csaApiService == null) {
            log.warn("Csa Api Service was null, therefore not updating gor auth info");
            return gorAuthInfo;
        }
        if (!this.config.updateAuthInfoPolicy().equals(SecurityPolicy.CSA.name())) {
            log.warn("Update auth info policy was not CSA, therefore not updating gor auth info");
            return gorAuthInfo;
        }
        try {
            return CsaApiUtils.updateWithCsaApi(this.csaApiService, gorAuthInfo);
        } catch (Exception e) {
            log.warn("Could not update gor auth info from CSA because of an error.", e);
            return gorAuthInfo;
        }
    }

    public static boolean validateUserProject(String str, String str2) {
        return (Strings.isNullOrEmpty(str) || Strings.isNullOrEmpty(str2)) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasBasicAccess(GorAuthInfo gorAuthInfo, String str, String str2) {
        return gorAuthInfo.getProject() != null && gorAuthInfo.getProject().equals(str) && gorAuthInfo.getUsername() != null && gorAuthInfo.getUsername().equals(str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasReadAccess(GorAuthInfo gorAuthInfo, String str) {
        if (this.config.userRolesFromToken()) {
            return hasAccessBasedOnRoles(gorAuthInfo.getUserRoles(), AuthorizationAction.READ, str);
        }
        throw new GorSystemException("User missing since roles are not retrieved from token", null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasQueryAccess(GorAuthInfo gorAuthInfo, String str) {
        if (this.config.userRolesFromToken()) {
            return hasAccessBasedOnRoles(gorAuthInfo.getUserRoles(), AuthorizationAction.QUERY, str);
        }
        throw new GorSystemException("User missing since roles are not retrieved from token", null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasQueryAccess(GorAuthInfo gorAuthInfo, String str, String str2) {
        return !this.config.userRolesFromToken() ? hasBasicAccess(gorAuthInfo, str, str2) : hasAccessBasedOnRoles(gorAuthInfo.getUserRoles(), AuthorizationAction.QUERY, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasWriteAccess(String str, GorAuthInfo gorAuthInfo, String str2) {
        if (!this.config.userRolesFromToken()) {
            throw new GorSystemException("User missing since roles are not retrieved from token", null);
        }
        if (isInProject(str, str2)) {
            return startsWithUserData(str, str2) ? hasAccessBasedOnRoles(gorAuthInfo.getUserRoles(), AuthorizationAction.WRITE_TO_USER_DATA, str2) || hasAccessBasedOnRoles(gorAuthInfo.getUserRoles(), AuthorizationAction.WRITE, str2) : hasAccessBasedOnRoles(gorAuthInfo.getUserRoles(), AuthorizationAction.WRITE, str2);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasWriteAccess(String str, GorAuthInfo gorAuthInfo, String str2, String str3) {
        return !this.config.userRolesFromToken() ? hasBasicAccess(gorAuthInfo, str2, str3) : hasWriteAccess(str, gorAuthInfo, str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasLordSubmitAccess(GorAuthInfo gorAuthInfo, String str, String str2) {
        return !this.config.userRolesFromToken() ? hasBasicAccess(gorAuthInfo, str, str2) : hasAccessBasedOnRoles(gorAuthInfo.getUserRoles(), AuthorizationAction.SUBMIT_TO_LORD, str);
    }

    private boolean startsWithUserData(String str, String str2) {
        return Paths.get(this.config.projectRoot(), new String[0]).resolve(str2).resolve(str).normalize().startsWith(Paths.get(this.config.projectRoot(), new String[0]).resolve(str2).resolve(USER_DATA).normalize());
    }

    private boolean isInProject(String str, String str2) {
        return Paths.get(this.config.projectRoot(), new String[0]).resolve(str2).resolve(str).normalize().startsWith(Paths.get(this.config.projectRoot(), new String[0]).resolve(str2).normalize());
    }
}
