package org.geoserver.security;

import java.util.Set;
import org.geoserver.ows.DispatcherCallback;
import org.geoserver.ows.Request;
import org.geoserver.platform.Operation;
import org.geoserver.platform.Service;
import org.geoserver.platform.ServiceException;
import org.geoserver.security.impl.ServiceAccessRule;
import org.geoserver.security.impl.ServiceAccessRuleDAO;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.InsufficientAuthenticationException;
import org.springframework.security.context.SecurityContextHolder;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/main-2.1.1.TECGRAF-3.jar:org/geoserver/security/OperationSecurityCallback.class
  input_file:WEB-INF/lib/main-2.1.1.TECGRAF-4-SNAPSHOT.jar:org/geoserver/security/OperationSecurityCallback.class
  input_file:WEB-INF/lib/main-2.1.1.TECGRAF-4.jar:org/geoserver/security/OperationSecurityCallback.class
  input_file:WEB-INF/lib/main-2.1.1.TECGRAF-5-SNAPSHOT.jar:org/geoserver/security/OperationSecurityCallback.class
  input_file:WEB-INF/lib/main-2.1.1.TECGRAF-5.jar:org/geoserver/security/OperationSecurityCallback.class
 */
/* loaded from: input_file:WEB-INF/lib/main-2.1.1.TECGRAF-SNAPSHOT.jar:org/geoserver/security/OperationSecurityCallback.class */
public class OperationSecurityCallback implements DispatcherCallback {
    ServiceAccessRuleDAO dao;

    public OperationSecurityCallback(ServiceAccessRuleDAO serviceAccessRuleDAO) {
        this.dao = serviceAccessRuleDAO;
    }

    @Override // org.geoserver.ows.DispatcherCallback
    public void finished(Request request) {
    }

    @Override // org.geoserver.ows.DispatcherCallback
    public Request init(Request request) {
        return request;
    }

    @Override // org.geoserver.ows.DispatcherCallback
    public Operation operationDispatched(Request request, Operation operation) {
        String service = request.getService();
        String request2 = request.getRequest();
        ServiceAccessRule serviceAccessRule = null;
        for (ServiceAccessRule serviceAccessRule2 : this.dao.getRules()) {
            if (serviceAccessRule2.getService().equals("*") || serviceAccessRule2.getService().equalsIgnoreCase(service)) {
                if (serviceAccessRule2.getMethod().equals("*") || serviceAccessRule2.getMethod().equalsIgnoreCase(request2)) {
                    serviceAccessRule = serviceAccessRule2;
                }
            }
        }
        if (serviceAccessRule != null) {
            Set<String> roles = serviceAccessRule.getRoles();
            if (!roles.contains("*") && !roles.isEmpty()) {
                Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
                if (authentication == null || authentication.getAuthorities().length == 0) {
                    throw new InsufficientAuthenticationException("Cannot access " + service + "." + request2 + " as anonymous");
                }
                boolean z = false;
                GrantedAuthority[] authorities = authentication.getAuthorities();
                int length = authorities.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (roles.contains(authorities[i].getAuthority())) {
                        z = true;
                        break;
                    }
                    i++;
                }
                if (!z) {
                    throw new AccessDeniedException("Cannot access " + service + "." + request2 + " with the current privileges");
                }
            }
        }
        return operation;
    }

    @Override // org.geoserver.ows.DispatcherCallback
    public Object operationExecuted(Request request, Operation operation, Object obj) {
        return obj;
    }

    @Override // org.geoserver.ows.DispatcherCallback
    public org.geoserver.ows.Response responseDispatched(Request request, Operation operation, Object obj, org.geoserver.ows.Response response) {
        return response;
    }

    @Override // org.geoserver.ows.DispatcherCallback
    public Service serviceDispatched(Request request, Service service) throws ServiceException {
        return service;
    }
}
