package org.rundeck.core.auth.access;

import com.dtolabs.rundeck.core.authorization.AuthContextProcessor;
import com.dtolabs.rundeck.core.authorization.AuthResource;
import com.dtolabs.rundeck.core.authorization.UserAndRolesAuthContext;
import javax.security.auth.Subject;
import org.rundeck.core.auth.app.NamedAuthRequest;

/* loaded from: input_file:org/rundeck/core/auth/access/BaseAuthorizingAccess.class */
public abstract class BaseAuthorizingAccess implements AuthorizingAccess {
    private final AuthContextProcessor rundeckAuthContextProcessor;
    private final Subject subject;
    private final NamedAuthProvider namedAuthActions;
    private UserAndRolesAuthContext authContext = null;

    public BaseAuthorizingAccess(AuthContextProcessor authContextProcessor, Subject subject, NamedAuthProvider namedAuthProvider) {
        this.rundeckAuthContextProcessor = authContextProcessor;
        this.subject = subject;
        this.namedAuthActions = namedAuthProvider;
    }

    @Override // org.rundeck.core.auth.access.AuthorizingAccess
    public UserAndRolesAuthContext getAuthContext() {
        if (null == this.authContext) {
            this.authContext = getRundeckAuthContextProcessor().getAuthContextForSubject(getSubject());
        }
        return this.authContext;
    }

    @Override // org.rundeck.core.auth.access.AuthorizingAccess
    public void authorizeNamed(NamedAuthRequest namedAuthRequest) throws UnauthorizedAccess, NotFound {
        authorize(getNamedAuth(namedAuthRequest).withDescription(namedAuthRequest.getDescription()));
    }

    public AuthActions getNamedAuth(NamedAuthRequest namedAuthRequest) {
        return this.namedAuthActions.getNamedAuth(namedAuthRequest.getAuthGroup(), namedAuthRequest.getNamedAuth());
    }

    @Override // org.rundeck.core.auth.access.AuthorizingAccess
    public boolean isAuthorized(NamedAuthRequest namedAuthRequest) throws NotFound {
        return isAuthorized(getNamedAuth(namedAuthRequest).withDescription(namedAuthRequest.getDescription()));
    }

    @Override // org.rundeck.core.auth.access.AuthorizingAccess
    public void authorize(AuthActions authActions) throws UnauthorizedAccess, NotFound {
        if (!isAuthorized(authActions)) {
            throw new UnauthorizedAccess(authActions.getDescription(), getResourceTypeName(), getResourceIdent());
        }
    }

    @Override // org.rundeck.core.auth.access.AuthorizingAccess
    public boolean isAuthorized(AuthActions authActions) throws NotFound {
        AuthResource authResource = getAuthResource();
        if (authResource.getContext() != AuthResource.Context.System) {
            throw new IllegalStateException("Cannot authorize Project-level resource without a project name");
        }
        return getRundeckAuthContextProcessor().authorizeApplicationResourceAny(getAuthContext(), authResource.getResourceMap(), authActions.getActions());
    }

    protected abstract AuthResource getAuthResource() throws NotFound;

    protected abstract String getResourceTypeName();

    protected abstract String getResourceIdent();

    public AuthContextProcessor getRundeckAuthContextProcessor() {
        return this.rundeckAuthContextProcessor;
    }

    public Subject getSubject() {
        return this.subject;
    }
}
