package com.dbp.core.auth;

import com.dbp.core.api.factory.BusinessDelegateFactory;
import com.dbp.core.api.factory.impl.DBPAPIAbstractFactoryImpl;
import com.dbp.core.constants.DBPConstants;
import com.dbp.core.delegate.ServicePermissionsBusinessDelegate;
import com.dbp.core.dto.ServicePermissionsDTO;
import com.dbp.core.fabric.extn.DBPServiceExecutorBuilder;
import com.dbp.core.util.JSONUtils;
import com.konylabs.middleware.api.ConfigurableParametersHelper;
import com.konylabs.middleware.api.OperationData;
import com.konylabs.middleware.api.OperationSecurityLevel;
import com.konylabs.middleware.api.ServicesManager;
import com.konylabs.middleware.api.ServicesManagerHelper;
import com.konylabs.middleware.dataobject.Result;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.TreeMap;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/dbp/core/auth/DBPAuthorizationHelper.class */
public final class DBPAuthorizationHelper {
    private static final Logger LOG = LogManager.getLogger(DBPAuthorizationHelper.class);
    private static Map<String, List<String>> servicesPermissions = null;
    private static final Object lockObject = new Object();

    private DBPAuthorizationHelper() {
    }

    public static boolean isAuthorized(HttpServletRequest httpServletRequest) throws Exception {
        ServicesManager servicesManager;
        boolean z = false;
        try {
            servicesManager = ServicesManagerHelper.getServicesManager(httpServletRequest);
        } catch (Exception e) {
            LOG.error("Exception occured while performing the authorization checks for the requested service", e);
        }
        if (isDBPAuthZDisabled(servicesManager.getConfigurableParametersHelper())) {
            LOG.debug("Authorizing the request because of either the AUTHZ for DBP is disbaled explictly");
            return true;
        }
        OperationData operationData = servicesManager.getOperationData();
        String serviceId = operationData.getServiceId();
        String objectId = operationData.getObjectId();
        String operationId = operationData.getOperationId();
        String securityName = operationData.getSecurityLevel() != null ? operationData.getSecurityLevel().getSecurityName() : "";
        String header = httpServletRequest.getHeader("x-kony-authorization");
        if (StringUtils.isNotBlank(securityName) && !OperationSecurityLevel.AUTHENTICATED_APP_USER.getSecurityName().equalsIgnoreCase(securityName)) {
            LOG.debug("{}/{}/{} & SecurityLevel: {} :: Authorizing the request because Service Operation Level is not Authenticated App User.", serviceId, objectId, operationId, securityName);
            return true;
        }
        LOG.debug("{}/{}/{} & SecurityLevel: {} :: Trying to verify authorization.", serviceId, objectId, operationId, securityName);
        z = isAuthorized(serviceId, objectId, operationId, getUserPermissions(servicesManager, header));
        return z;
    }

    private static boolean isAuthorized(String str, String str2, String str3, List<String> list) {
        boolean z;
        boolean z2 = false;
        Map<String, List<String>> servicesPermissions2 = getServicesPermissions();
        if (StringUtils.isNoneBlank(new CharSequence[]{str, str2, str3}) && list != null && !list.isEmpty() && servicesPermissions2 != null && !servicesPermissions2.isEmpty()) {
            String joinWith = StringUtils.joinWith("_", new Object[]{str, str2, str3});
            List<String> list2 = servicesPermissions2.get(joinWith);
            if (list2 != null && !list2.isEmpty()) {
                if (list.contains(DBPConstants.PERMISSION_API_ACCESS)) {
                    z = list2.contains(DBPConstants.PERMISSION_API_ACCESS);
                } else {
                    if (!list2.contains(DBPConstants.PERMISSION_ALLOW)) {
                        Stream<String> stream = list.stream();
                        Objects.requireNonNull(list2);
                        if (!stream.anyMatch((v1) -> {
                            return r1.contains(v1);
                        })) {
                            z = false;
                        }
                    }
                    z = true;
                }
                z2 = z;
            }
            LOG.debug("isAuthorized status {} for serviceId_objectId_operationId {}", Boolean.valueOf(z2), joinWith);
        }
        return z2;
    }

    private static boolean isDBPAuthZDisabled(ConfigurableParametersHelper configurableParametersHelper) {
        try {
            return BooleanUtils.toBoolean(configurableParametersHelper.getServerProperty(DBPConstants.IS_DBP_AUTHZ_DISABLED_KEY));
        } catch (Exception e) {
            LOG.error("Exception occured while verifying for AuthZ is disabled or not, reverting to default AuthZ mode enabled", e);
            return false;
        }
    }

    private static Map<String, List<String>> getServicesPermissions() {
        if (servicesPermissions == null) {
            synchronized (lockObject) {
                if (servicesPermissions == null) {
                    ServicePermissionsBusinessDelegate servicePermissionsBusinessDelegate = (ServicePermissionsBusinessDelegate) ((BusinessDelegateFactory) DBPAPIAbstractFactoryImpl.getInstance().getFactoryInstance(BusinessDelegateFactory.class)).getBusinessDelegate(ServicePermissionsBusinessDelegate.class);
                    if (servicePermissionsBusinessDelegate != null) {
                        try {
                            List<ServicePermissionsDTO> servicePermissionsMappings = servicePermissionsBusinessDelegate.getServicePermissionsMappings();
                            if (servicePermissionsMappings != null) {
                                servicesPermissions = transformServicePermissionsMapings(servicePermissionsMappings);
                            }
                        } catch (Exception e) {
                            LOG.error("Exception occured while fetching the services permissions from implemented class: " + servicePermissionsBusinessDelegate.getClass().getName(), e);
                        }
                    }
                }
            }
        }
        return servicesPermissions;
    }

    private static List<String> getUserPermissions(ServicesManager servicesManager, String str) {
        try {
            Map securityAttributes = servicesManager.getIdentityHandler().getSecurityAttributes();
            Map map = (Map) securityAttributes.get("user_attributes");
            String str2 = (String) securityAttributes.get("permissionsEndpoint");
            LOG.debug("secAttr permissionsEndpoint :: " + str2);
            if (StringUtils.isBlank(str2) && map != null) {
                str2 = (String) map.get("permissionsEndpoint");
                LOG.debug("usrAttr permissionsEndpoint :: " + str2);
            }
            String[] split = str2.split("/");
            Result result = DBPServiceExecutorBuilder.builder().withServiceId(split[0]).withOperationId(split[1]).withFabricAuthToken(str).build().getResult();
            if (result != null && result.hasParamByName(DBPConstants.PERMISSIONS_IDENTITY_KEY)) {
                String paramValueByName = result.getParamValueByName(DBPConstants.PERMISSIONS_IDENTITY_KEY);
                LOG.debug("userPermissions :: " + paramValueByName);
                return JSONUtils.parseAsList(paramValueByName, String.class);
            }
        } catch (Exception e) {
            LOG.error("exception occured while getting logged in user permission", e);
        }
        return new ArrayList();
    }

    private static Map<String, List<String>> transformServicePermissionsMapings(List<ServicePermissionsDTO> list) {
        return (Map) list.stream().filter(servicePermissionsDTO -> {
            return StringUtils.isNoneBlank(new CharSequence[]{servicePermissionsDTO.getServiceId(), servicePermissionsDTO.getObjectId(), servicePermissionsDTO.getOperationId()});
        }).collect(Collectors.toMap(servicePermissionsDTO2 -> {
            return StringUtils.joinWith("_", new Object[]{servicePermissionsDTO2.getServiceId(), servicePermissionsDTO2.getObjectId(), servicePermissionsDTO2.getOperationId()});
        }, servicePermissionsDTO3 -> {
            return servicePermissionsDTO3.getPermissions();
        }, (list2, list3) -> {
            return list3;
        }, TreeMap::new));
    }
}
