package org.tangram.components;

import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.tangram.Constants;
import org.tangram.content.BeanFactory;
import org.tangram.content.Content;
import org.tangram.controller.ControllerHook;
import org.tangram.link.TargetDescriptor;
import org.tangram.protection.ProtectedContent;
import org.tangram.protection.Protection;

@Singleton
@Named
/* loaded from: input_file:org/tangram/components/ProtectionHook.class */
public class ProtectionHook implements ControllerHook {
    private static final Logger LOG = LoggerFactory.getLogger(ProtectionHook.class);

    @Inject
    private BeanFactory beanFactory;

    public Map<String, Protection> getRequiredProtections(ProtectedContent protectedContent) {
        Map<String, Protection> emptyMap = Collections.emptyMap();
        if (protectedContent instanceof Protection) {
            emptyMap = new HashMap();
            Protection protection = (Protection) protectedContent;
            emptyMap.put(protection.getProtectionKey(), protection);
        } else {
            List<Protection> listBeans = this.beanFactory.listBeans(Protection.class);
            LOG.info("getRequiredProtections() total # of protections: {}", Integer.valueOf(listBeans.size()));
            if (listBeans.size() > 0) {
                emptyMap = new HashMap();
                for (Protection protection2 : listBeans) {
                    if (StringUtils.isNotBlank(protection2.getProtectionKey()) && isProtectedBy(protectedContent, protection2)) {
                        emptyMap.put(protection2.getProtectionKey(), protection2);
                    }
                }
            }
        }
        return emptyMap;
    }

    private String getFailingProtectionKey(HttpServletRequest httpServletRequest, Map<String, Protection> map) throws Exception {
        for (Protection protection : map.values()) {
            if (!protection.isContentVisible(httpServletRequest)) {
                return protection.getProtectionKey();
            }
        }
        return null;
    }

    public boolean isProtectedBy(ProtectedContent protectedContent, Protection protection) {
        boolean z = false;
        List<? extends Content> protectionPath = protectedContent.getProtectionPath();
        try {
            List<? extends Content> protectedContents = protection.getProtectedContents();
            if (protectedContents != null) {
                Iterator<? extends Content> it = protectedContents.iterator();
                while (it.hasNext()) {
                    if (protectionPath.contains(it.next())) {
                        z = true;
                    }
                }
            }
        } catch (Exception e) {
            LOG.error("isProtectedBy(" + protectedContent.getId() + ") " + protection.getId(), e);
        }
        return z;
    }

    @Override // org.tangram.controller.ControllerHook
    public boolean intercept(TargetDescriptor targetDescriptor, Map<String, Object> map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        String failingProtectionKey;
        Protection protection = null;
        String str = null;
        if (targetDescriptor.bean instanceof ProtectedContent) {
            ProtectedContent protectedContent = (ProtectedContent) targetDescriptor.bean;
            Map<String, Protection> requiredProtections = getRequiredProtections(protectedContent);
            LOG.info("render() # of relevant protections: {}", Integer.valueOf(requiredProtections.size()));
            String parameter = httpServletRequest.getParameter(Constants.PARAMETER_PROTECTION_KEY);
            if (parameter != null && "POST".equals(httpServletRequest.getMethod())) {
                LOG.info("render() handling login {} for topic {}", parameter, protectedContent.getId());
                str = requiredProtections.get(parameter).handleLogin(httpServletRequest, httpServletResponse);
            }
            if (getFailingProtectionKey(httpServletRequest, requiredProtections) != null) {
                LOG.info("render() topic {} is not visible", protectedContent.getId());
                for (Protection protection2 : requiredProtections.values()) {
                    if (protection2.needsAuthorization(httpServletRequest)) {
                        LOG.info("render() Protection specific authorization necessary: {}", protection2.getProtectionKey());
                        protection = protection2;
                    }
                }
                if (protection == null && (failingProtectionKey = getFailingProtectionKey(httpServletRequest, requiredProtections)) != null) {
                    httpServletResponse.sendError(403, failingProtectionKey);
                    return true;
                }
            }
        }
        map.put(Constants.ATTRIBUTE_PROTECTION, protection);
        map.put(Constants.ATTRIBUTE_LOGIN_RESULT, str);
        return false;
    }
}
