package org.mule.runtime.module.spring.security;

import java.text.MessageFormat;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import org.mule.runtime.api.lifecycle.InitialisationException;
import org.mule.runtime.core.api.Event;
import org.mule.runtime.core.api.security.Authentication;
import org.mule.runtime.core.api.security.CryptoFailureException;
import org.mule.runtime.core.api.security.EncryptionStrategyNotFoundException;
import org.mule.runtime.core.api.security.NotPermittedException;
import org.mule.runtime.core.api.security.SecurityException;
import org.mule.runtime.core.api.security.SecurityProviderNotFoundException;
import org.mule.runtime.core.api.security.UnauthorisedException;
import org.mule.runtime.core.api.security.UnknownAuthenticationTypeException;
import org.mule.runtime.core.config.i18n.CoreMessages;
import org.mule.runtime.core.security.AbstractSecurityFilter;
import org.mule.runtime.module.spring.security.i18n.SpringSecurityMessages;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:org/mule/runtime/module/spring/security/AuthorizationFilter.class */
public class AuthorizationFilter extends AbstractSecurityFilter {
    protected final Logger logger = LoggerFactory.getLogger(getClass());
    private Collection<String> requiredAuthorities = new HashSet();

    public Event doFilter(Event event) throws SecurityException, UnknownAuthenticationTypeException, CryptoFailureException, SecurityProviderNotFoundException, EncryptionStrategyNotFoundException, InitialisationException {
        Authentication authentication = event.getSession().getSecurityContext().getAuthentication();
        if (authentication == null) {
            throw new UnauthorisedException(CoreMessages.authNoCredentials());
        }
        if (!(authentication instanceof SpringAuthenticationAdapter)) {
            throw new UnauthorisedException(SpringSecurityMessages.springAuthenticationRequired());
        }
        SpringAuthenticationAdapter springAuthenticationAdapter = (SpringAuthenticationAdapter) authentication;
        String name = springAuthenticationAdapter.getName();
        GrantedAuthority[] authorities = springAuthenticationAdapter.getAuthorities();
        boolean z = false;
        if (authorities != null) {
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Found authorities '" + Arrays.toString(authorities) + "' for principal '" + name + "'.");
            }
            for (GrantedAuthority grantedAuthority : authorities) {
                if (this.requiredAuthorities.contains(grantedAuthority.getAuthority())) {
                    z = true;
                }
            }
        }
        if (z) {
            return event;
        }
        this.logger.info(MessageFormat.format("Could not find required authorities for {0}. Required authorities: {1}. Authorities found: {2}.", name, Arrays.toString(this.requiredAuthorities.toArray()), Arrays.toString(authorities)));
        throw new NotPermittedException(SpringSecurityMessages.noGrantedAuthority(name));
    }

    public Collection<String> getRequiredAuthorities() {
        return this.requiredAuthorities;
    }

    public void setRequiredAuthorities(Collection<String> collection) {
        this.requiredAuthorities = collection;
    }
}
