package org.mapfish.print.config.access;

import com.google.common.collect.Collections2;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;
import org.mapfish.print.config.Configuration;
import org.mapfish.print.config.ConfigurationException;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:org/mapfish/print/config/access/RoleAccessAssertion.class */
public final class RoleAccessAssertion implements AccessAssertion {
    private static final String JSON_ROLES = "roles";
    private Set<String> requiredRoles;

    public AccessAssertion setRequiredRoles(Collection<String> collection) {
        if (this.requiredRoles != null) {
            throw new AssertionError(getClass() + "#setRequiredRoles() may only be called once any further calls result in an exception");
        }
        if (collection == null) {
            this.requiredRoles = Collections.unmodifiableSet(Collections.emptySet());
        } else if (collection instanceof Set) {
            this.requiredRoles = Collections.unmodifiableSet((Set) collection);
        } else {
            this.requiredRoles = Collections.unmodifiableSet(new HashSet(collection));
        }
        return this;
    }

    @Override // org.mapfish.print.config.access.AccessAssertion
    public void assertAccess(String str, Object obj) {
        SecurityContext context = SecurityContextHolder.getContext();
        if (context == null || context.getAuthentication() == null) {
            throw new AuthenticationCredentialsNotFoundException(str + " requires an authenticated user");
        }
        if (!this.requiredRoles.isEmpty()) {
            Collection transform = Collections2.transform(context.getAuthentication().getAuthorities(), grantedAuthority -> {
                return grantedAuthority == null ? "" : grantedAuthority.toString();
            });
            Iterator<String> it = this.requiredRoles.iterator();
            while (it.hasNext()) {
                if (transform.contains(it.next())) {
                    return;
                }
            }
        } else if (!context.getAuthentication().getAuthorities().isEmpty()) {
            return;
        }
        throw new AccessDeniedException("User " + context.getAuthentication().getPrincipal() + " does not have one of the required roles to access: " + str);
    }

    @Override // org.mapfish.print.config.access.AccessAssertion
    public JSONObject marshal() {
        JSONObject jSONObject = new JSONObject();
        JSONArray jSONArray = new JSONArray();
        try {
            jSONObject.put(JSON_ROLES, jSONArray);
            if (this.requiredRoles != null) {
                Iterator<String> it = this.requiredRoles.iterator();
                while (it.hasNext()) {
                    jSONArray.put(it.next());
                }
            }
            return jSONObject;
        } catch (JSONException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.mapfish.print.config.access.AccessAssertion
    public void unmarshal(JSONObject jSONObject) {
        try {
            this.requiredRoles = new HashSet();
            JSONArray jSONArray = jSONObject.getJSONArray(JSON_ROLES);
            for (int i = 0; i < jSONArray.length(); i++) {
                this.requiredRoles.add(jSONArray.getString(i));
            }
        } catch (JSONException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.mapfish.print.config.ConfigurationObject
    public void validate(List<Throwable> list, Configuration configuration) {
        if (this.requiredRoles == null) {
            list.add(new ConfigurationException("requiredRoles must be defined"));
        }
    }

    public boolean equals(Object obj) {
        if (obj instanceof RoleAccessAssertion) {
            return ((RoleAccessAssertion) obj).requiredRoles.equals(this.requiredRoles);
        }
        return false;
    }

    public int hashCode() {
        return this.requiredRoles.hashCode();
    }

    @Override // org.mapfish.print.config.access.AccessAssertion
    public AccessAssertion copy() {
        RoleAccessAssertion roleAccessAssertion = new RoleAccessAssertion();
        roleAccessAssertion.requiredRoles = Collections.unmodifiableSet(new HashSet(this.requiredRoles));
        return roleAccessAssertion;
    }
}
