package org.mycore.mir.authorization;

import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.mycore.common.MCRSessionMgr;
import org.mycore.datamodel.metadata.MCRObjectID;
import org.mycore.mir.authorization.accesskeys.MIRAccessKeyManager;
import org.mycore.mir.authorization.accesskeys.MIRAccessKeyPair;

/* loaded from: input_file:org/mycore/mir/authorization/MIRKeyStrategyHelper.class */
public class MIRKeyStrategyHelper {
    private static final Logger LOGGER = LogManager.getLogger();

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkObjectPermission(MCRObjectID mCRObjectID, String str) {
        String userKey;
        boolean equals = "writedb".equals(str);
        boolean equals2 = MIRAccessKeyPair.PERMISSION_READ.equals(str);
        if ((!equals && !equals2) || (userKey = getUserKey(mCRObjectID)) == null) {
            return false;
        }
        MIRAccessKeyPair keyPair = MIRAccessKeyManager.getKeyPair(mCRObjectID);
        if (keyPair != null && (userKey.equals(keyPair.getWriteKey()) || (equals2 && userKey.equals(keyPair.getReadKey())))) {
            LOGGER.debug("Access granted. User has a key to access the resource {}.", mCRObjectID);
            return true;
        }
        if (keyPair == null || userKey.equals(keyPair.getWriteKey()) || userKey.equals(keyPair.getReadKey())) {
            return false;
        }
        LOGGER.warn("Neither read nor write key matches. Remove access key from user.");
        MIRAccessKeyManager.deleteAccessKey(mCRObjectID);
        return false;
    }

    private static String getUserKey(MCRObjectID mCRObjectID) {
        return MCRSessionMgr.getCurrentSession().getUserInformation().getUserAttribute("acckey_" + mCRObjectID.toString());
    }
}
