package org.georchestra.security;

import com.google.common.collect.ImmutableMap;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import org.georchestra.commons.security.SecurityHeaders;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:WEB-INF/classes/org/georchestra/security/ImpersonateUserRequestHeaderProvider.class */
public class ImpersonateUserRequestHeaderProvider extends HeaderProvider {
    private List<String> trustedUsers = new ArrayList();

    @PostConstruct
    public void init() {
        logger.info(String.format("User impersonation enabled through request headers %s and %s", SecurityHeaders.IMP_USERNAME, SecurityHeaders.IMP_ROLES));
    }

    @Override // org.georchestra.security.HeaderProvider
    public Map<String, String> getCustomRequestHeaders(HttpServletRequest httpServletRequest, String str) {
        Authentication authentication;
        return (httpServletRequest.getHeader(SecurityHeaders.IMP_USERNAME) == null || (authentication = SecurityContextHolder.getContext().getAuthentication()) == null || this.trustedUsers == null || !this.trustedUsers.contains(authentication.getName())) ? Collections.emptyMap() : ImmutableMap.of(SecurityHeaders.SEC_USERNAME, httpServletRequest.getHeader(SecurityHeaders.IMP_USERNAME), SecurityHeaders.SEC_ROLES, httpServletRequest.getHeader(SecurityHeaders.IMP_ROLES));
    }

    public void setTrustedUsers(List<String> list) {
        this.trustedUsers = list;
    }
}
