package org.georchestra.gateway.security.accessrules;

import com.google.common.annotations.VisibleForTesting;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Stream;
import org.georchestra.gateway.security.GeorchestraUserMapper;
import org.springframework.security.authorization.AuthorityAuthorizationDecision;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.util.Assert;
import reactor.core.publisher.Mono;

/* loaded from: input_file:BOOT-INF/classes/org/georchestra/gateway/security/accessrules/GeorchestraUserRolesAuthorizationManager.class */
class GeorchestraUserRolesAuthorizationManager<T> implements ReactiveAuthorizationManager<T> {
    private final GeorchestraUserMapper userMapper;
    private final List<GrantedAuthority> authorities;
    private final Set<String> authorityFilter;
    private final AuthorityAuthorizationDecision unauthorized;

    GeorchestraUserRolesAuthorizationManager(GeorchestraUserMapper georchestraUserMapper, String... strArr) {
        this.userMapper = georchestraUserMapper;
        this.authorities = AuthorityUtils.createAuthorityList(strArr);
        this.authorityFilter = Set.of((Object[]) strArr);
        this.unauthorized = new AuthorityAuthorizationDecision(false, this.authorities);
    }

    @Override // org.springframework.security.authorization.ReactiveAuthorizationManager
    public Mono<AuthorizationDecision> check(Mono<Authentication> mono, T t) {
        return mono.map(this::authorize).map(bool -> {
            return new AuthorityAuthorizationDecision(bool.booleanValue(), this.authorities);
        }).defaultIfEmpty(this.unauthorized);
    }

    @VisibleForTesting
    boolean authorize(Authentication authentication) {
        if (!authentication.isAuthenticated()) {
            return false;
        }
        Stream<T> distinct = Stream.concat((Stream) this.userMapper.resolve(authentication).map((v0) -> {
            return v0.getRoles();
        }).map((v0) -> {
            return v0.stream();
        }).orElse(Stream.empty()), authentication.getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        })).sorted().distinct();
        Set<String> set = this.authorityFilter;
        Objects.requireNonNull(set);
        return distinct.anyMatch((v1) -> {
            return r1.contains(v1);
        });
    }

    public static <T> GeorchestraUserRolesAuthorizationManager<T> hasAuthority(GeorchestraUserMapper georchestraUserMapper, String str) {
        Assert.notNull(str, "authority cannot be null");
        return new GeorchestraUserRolesAuthorizationManager<>(georchestraUserMapper, str);
    }

    public static <T> GeorchestraUserRolesAuthorizationManager<T> hasAnyAuthority(GeorchestraUserMapper georchestraUserMapper, String... strArr) {
        Assert.notNull(strArr, "authorities cannot be null");
        for (String str : strArr) {
            Assert.notNull(str, "authority cannot be null");
        }
        return new GeorchestraUserRolesAuthorizationManager<>(georchestraUserMapper, strArr);
    }

    public static <T> GeorchestraUserRolesAuthorizationManager<T> hasRole(GeorchestraUserMapper georchestraUserMapper, String str) {
        Assert.notNull(str, "role cannot be null");
        return hasAuthority(georchestraUserMapper, "ROLE_" + str);
    }

    public static <T> GeorchestraUserRolesAuthorizationManager<T> hasAnyRole(GeorchestraUserMapper georchestraUserMapper, String... strArr) {
        Assert.notNull(strArr, "roles cannot be null");
        for (String str : strArr) {
            Assert.notNull(str, "role cannot be null");
        }
        return hasAnyAuthority(georchestraUserMapper, toNamedRolesArray(strArr));
    }

    private static String[] toNamedRolesArray(String... strArr) {
        String[] strArr2 = new String[strArr.length];
        for (int i = 0; i < strArr.length; i++) {
            strArr2[i] = "ROLE_" + strArr[i];
        }
        return strArr2;
    }
}
