package io.dialob.security.spring.tenant;

import io.dialob.security.tenant.ImmutableTenant;
import io.dialob.security.tenant.LoggingContextKeys;
import io.dialob.security.tenant.ResysSecurityConstants;
import io.dialob.security.tenant.Tenant;
import io.dialob.security.tenant.TenantContextHolderCurrentTenant;
import java.io.IOException;
import java.util.Objects;
import java.util.Optional;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.lang.NonNull;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:BOOT-INF/lib/dialob-security-spring-2.1.17.jar:io/dialob/security/spring/tenant/RequestParameterTenantScopeFilter.class */
public class RequestParameterTenantScopeFilter extends OncePerRequestFilter {
    public static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) RequestParameterTenantScopeFilter.class);
    public static final String CURRENT_TENANT_ATTR = "CURRENT_TENANT_ATTR";
    private String parameterName;
    private final TenantAccessEvaluator tenantAccessEvaluator;
    private final DefaultTenantSupplier defaultTenantSupplier;
    private RequestMatcher tenantRequiredMatcher;

    public RequestParameterTenantScopeFilter(@NonNull TenantAccessEvaluator tenantAccessEvaluator) {
        this(tenantAccessEvaluator, () -> {
            return Optional.of(ResysSecurityConstants.DEFAULT_TENANT);
        });
    }

    public RequestParameterTenantScopeFilter(@NonNull TenantAccessEvaluator tenantAccessEvaluator, @NonNull DefaultTenantSupplier defaultTenantSupplier) {
        this.parameterName = LoggingContextKeys.MDC_TENANT_ID_KEY;
        this.tenantRequiredMatcher = AnyRequestMatcher.INSTANCE;
        this.tenantAccessEvaluator = (TenantAccessEvaluator) Objects.requireNonNull(tenantAccessEvaluator);
        this.defaultTenantSupplier = (DefaultTenantSupplier) Objects.requireNonNull(defaultTenantSupplier);
    }

    public void setParameterName(@NonNull String str) {
        this.parameterName = str;
    }

    public void setTenantRequiredMatcher(@NonNull RequestMatcher requestMatcher) {
        this.tenantRequiredMatcher = (RequestMatcher) Objects.requireNonNull(requestMatcher);
    }

    private Tenant resolveTenantFromRequest(HttpServletRequest httpServletRequest) {
        Tenant tenant = (Tenant) httpServletRequest.getAttribute(CURRENT_TENANT_ATTR);
        if (tenant == null) {
            String parameter = httpServletRequest.getParameter(this.parameterName);
            tenant = parameter != null ? ImmutableTenant.of(parameter, Optional.empty()) : this.defaultTenantSupplier.get().orElse(null);
        }
        return tenant;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(@NonNull HttpServletRequest httpServletRequest, @NonNull HttpServletResponse httpServletResponse, @NonNull FilterChain filterChain) throws ServletException, IOException {
        try {
            Tenant resolveTenantFromRequest = resolveTenantFromRequest(httpServletRequest);
            if (resolveTenantFromRequest != null) {
                if (!this.tenantAccessEvaluator.doesUserHaveAccessToTenant(resolveTenantFromRequest)) {
                    tenantAccessDenied(String.format("Access to tenant %s denied.", resolveTenantFromRequest.getId()));
                    httpServletRequest.removeAttribute(CURRENT_TENANT_ATTR);
                    TenantContextHolderCurrentTenant.removeTenant();
                    return;
                }
                httpServletRequest.setAttribute(CURRENT_TENANT_ATTR, resolveTenantFromRequest);
                TenantContextHolderCurrentTenant.setTenant(resolveTenantFromRequest);
            } else if (this.tenantRequiredMatcher.matches(httpServletRequest)) {
                tenantAccessDenied("User do not have access to any tenant.");
                httpServletRequest.removeAttribute(CURRENT_TENANT_ATTR);
                TenantContextHolderCurrentTenant.removeTenant();
                return;
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            httpServletRequest.removeAttribute(CURRENT_TENANT_ATTR);
            TenantContextHolderCurrentTenant.removeTenant();
        } catch (Throwable th) {
            httpServletRequest.removeAttribute(CURRENT_TENANT_ATTR);
            TenantContextHolderCurrentTenant.removeTenant();
            throw th;
        }
    }

    private void tenantAccessDenied(String str) {
        throw new AccessDeniedException(str);
    }
}
