package org.mule.module.spring.security;

import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.mule.api.MuleEvent;
import org.mule.api.lifecycle.InitialisationException;
import org.mule.api.security.Authentication;
import org.mule.api.security.CryptoFailureException;
import org.mule.api.security.EncryptionStrategyNotFoundException;
import org.mule.api.security.NotPermittedException;
import org.mule.api.security.SecurityException;
import org.mule.api.security.SecurityProviderNotFoundException;
import org.mule.api.security.UnauthorisedException;
import org.mule.api.security.UnknownAuthenticationTypeException;
import org.mule.config.i18n.CoreMessages;
import org.mule.module.spring.security.i18n.SpringSecurityMessages;
import org.mule.security.AbstractSecurityFilter;
import org.mule.util.StringUtils;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:org/mule/module/spring/security/AuthorizationFilter.class */
public class AuthorizationFilter extends AbstractSecurityFilter {
    protected final Log logger = LogFactory.getLog(getClass());
    private Collection<String> requiredAuthorities = new LinkedHashSet();

    public void doFilter(MuleEvent muleEvent) throws SecurityException, UnknownAuthenticationTypeException, CryptoFailureException, SecurityProviderNotFoundException, EncryptionStrategyNotFoundException, InitialisationException {
        Authentication authentication = muleEvent.getSession().getSecurityContext().getAuthentication();
        if (authentication == null) {
            throw new UnauthorisedException(CoreMessages.authNoCredentials());
        }
        if (!(authentication instanceof SpringAuthenticationAdapter)) {
            throw new UnauthorisedException(SpringSecurityMessages.springAuthenticationRequired());
        }
        SpringAuthenticationAdapter springAuthenticationAdapter = (SpringAuthenticationAdapter) authentication;
        String name = springAuthenticationAdapter.getName();
        GrantedAuthority[] authorities = springAuthenticationAdapter.getAuthorities();
        boolean z = false;
        if (authorities != null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Found authorities '" + Arrays.toString(authorities) + "' for principal '" + name + "'.");
            }
            int length = authorities.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (this.requiredAuthorities.contains(authorities[i].getAuthority())) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        if (z) {
            return;
        }
        this.logger.info(MessageFormat.format("Could not find required authorities for {0}. Required authorities: {1}. Authorities found: {2}.", name, Arrays.toString(this.requiredAuthorities.toArray()), Arrays.toString(authorities)));
        throw new NotPermittedException(SpringSecurityMessages.noGrantedAuthority(name));
    }

    public Collection<String> getRequiredAuthorities() {
        return this.requiredAuthorities;
    }

    public void setRequiredAuthorities(Collection<String> collection) {
        if (!(collection instanceof Set)) {
            this.requiredAuthorities = collection;
            return;
        }
        this.requiredAuthorities = new LinkedHashSet();
        Iterator it = ((Set) collection).iterator();
        while (it.hasNext()) {
            this.requiredAuthorities.addAll(Arrays.asList(StringUtils.splitAndTrim((String) it.next(), ",")));
        }
    }
}
