package oracle.nuviaq.common;

import java.security.Principal;
import java.util.HashSet;
import java.util.Set;
import javax.security.auth.Subject;
import oracle.cloud.paas.exception.ResourcePermissionException;
import oracle.cloud.paas.nls.MessageBundleUtil;
import oracle.cloud.paas.nls.MessageID;
import weblogic.security.Security;

/* loaded from: input_file:oracle.cloud.paas.api.jar:oracle/nuviaq/common/AccessController.class */
public abstract class AccessController {
    private static final String CSR_ADMINS_GROUP = "CSRAdmins";
    private static final String TENANT_ADMIN_GROUP = "TenantAdminGroup";
    private static final String ADMIN_SUFFIX = "Administrators";
    public static final String JAVA_ADMIN_SUFFIX = "Java_Administrators";
    private static final String SYSTEM_ROLE = "SystemAdministrators";
    private static final String SDI_APPID = "OCLOUD9_SDI_APPID";

    protected abstract String getAuthenticatedUser();

    public final void checkSystemRole() {
        if (!hasSystemRole()) {
            throw new ResourcePermissionException(MessageBundleUtil.msg.getString(MessageID.NO_SYSTEM_ROLE_FOR_OPERATION));
        }
    }

    public final void checkSystemOrCsrTenantAdminRole() {
        Set<String> roles = getRoles();
        if (!hasSystemRole(getRoles()) && !hasCSRTenantAdminRole(roles)) {
            throw new ResourcePermissionException(MessageBundleUtil.msg.getString(MessageID.NO_SYSTEM_ROLE_FOR_OPERATION));
        }
    }

    public final void checkAdminRole(String str, String str2) {
        if (!hasAdminRole(str, str2)) {
            throw new ResourcePermissionException(MessageBundleUtil.msg.getString(MessageID.NO_ADMIN_ROLE_FOR_OPERATION, str2, str));
        }
    }

    public final boolean hasSystemRole() {
        return hasSystemRole(getRoles());
    }

    protected final boolean hasSystemRole(Set<String> set) {
        return getAuthenticatedUser().equalsIgnoreCase(SDI_APPID) || set.contains(SYSTEM_ROLE);
    }

    public final boolean hasAdminRole(String str, String str2) {
        Set<String> roles = getRoles();
        return roles.contains(new StringBuilder().append(str2).append(".").append(JAVA_ADMIN_SUFFIX).toString()) || roles.contains(new StringBuilder().append(str2).append(".").append(ADMIN_SUFFIX).toString()) || hasSystemRole(roles) || hasCSRTenantAdminRole(roles);
    }

    protected final Set<String> getRoles() {
        Subject currentSubject = Security.getCurrentSubject();
        String authenticatedUser = getAuthenticatedUser();
        HashSet hashSet = new HashSet();
        String str = "";
        for (Principal principal : currentSubject.getPrincipals()) {
            if (!authenticatedUser.equals(principal.getName())) {
                hashSet.add(principal.getName());
            }
            str = str + principal.getName() + " ";
        }
        System.out.println("[Nuviaq debug] authenticatedUser: " + authenticatedUser + ", Principals: " + str);
        return hashSet;
    }

    protected final boolean hasCSRTenantAdminRole(Set<String> set) {
        return set.contains(CSR_ADMINS_GROUP) && set.contains(TENANT_ADMIN_GROUP);
    }
}
