package org.cloudfoundry.multiapps.controller.web.security;

import java.io.IOException;
import java.text.MessageFormat;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.cloudfoundry.multiapps.controller.core.auditlogging.LoginAttemptAuditLog;
import org.cloudfoundry.multiapps.controller.web.Messages;
import org.cloudfoundry.multiapps.controller.web.util.SecurityContextUtil;
import org.cloudfoundry.multiapps.controller.web.util.ServletUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.server.ResponseStatusException;

/* loaded from: input_file:org/cloudfoundry/multiapps/controller/web/security/SpaceGuidBasedAuthorizationFilter.class */
public abstract class SpaceGuidBasedAuthorizationFilter extends AbstractUriAuthorizationFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(SpaceGuidBasedAuthorizationFilter.class);
    private final AuthorizationChecker authorizationChecker;
    private final LoginAttemptAuditLog loginAttemptAuditLog;

    /* JADX INFO: Access modifiers changed from: protected */
    public SpaceGuidBasedAuthorizationFilter(AuthorizationChecker authorizationChecker, LoginAttemptAuditLog loginAttemptAuditLog) {
        this.authorizationChecker = authorizationChecker;
        this.loginAttemptAuditLog = loginAttemptAuditLog;
    }

    @Override // org.cloudfoundry.multiapps.controller.web.security.UriAuthorizationFilter
    public final boolean ensureUserIsAuthorized(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String extractAndLogSpaceGuid = extractAndLogSpaceGuid(httpServletRequest);
        this.loginAttemptAuditLog.logLoginAttempt(SecurityContextUtil.getUsername(), extractAndLogSpaceGuid, Messages.USER_TRYING_TO_LOGIN_AUDIT_LOG_MESSAGE, Messages.LOGIN_ATTEMPT_AUDIT_LOG_CONFIG);
        try {
            this.authorizationChecker.ensureUserIsAuthorized(httpServletRequest, SecurityContextUtil.getUserInfo(), extractAndLogSpaceGuid, (String) null);
            this.loginAttemptAuditLog.logLoginAttempt(SecurityContextUtil.getUsername(), extractAndLogSpaceGuid, Messages.USER_SUCCESSFULLY_LOGGED_IN_AUDIT_LOG_MESSAGE, Messages.LOGIN_ATTEMPT_AUDIT_LOG_CONFIG);
            return true;
        } catch (ResponseStatusException e) {
            this.loginAttemptAuditLog.logLoginAttempt(SecurityContextUtil.getUsername(), extractAndLogSpaceGuid, Messages.USER_FAILED_TO_LOG_IN_AUDIT_LOG_MESSAGE, Messages.LOGIN_ATTEMPT_AUDIT_LOG_CONFIG);
            logUnauthorizedRequest(httpServletRequest, e);
            httpServletResponse.sendError(e.getStatus().value(), MessageFormat.format(Messages.NOT_AUTHORIZED_TO_OPERATE_IN_SPACE_WITH_GUID_0, extractAndLogSpaceGuid));
            return false;
        }
    }

    private String extractAndLogSpaceGuid(HttpServletRequest httpServletRequest) {
        String extractSpaceGuid = extractSpaceGuid(httpServletRequest);
        LOGGER.trace("Extracted space GUID \"{}\" from request to \"{}\".", extractSpaceGuid, ServletUtil.decodeUri(httpServletRequest));
        return extractSpaceGuid;
    }

    private void logUnauthorizedRequest(HttpServletRequest httpServletRequest, ResponseStatusException responseStatusException) {
        LOGGER.error(String.format("User with GUID \"%s\" is not authorized for request to \"%s\".", extractUserGuid(), ServletUtil.decodeUri(httpServletRequest)), responseStatusException);
    }

    protected abstract String extractSpaceGuid(HttpServletRequest httpServletRequest);
}
