package org.gcube.smartgears.handlers.application.request;

import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlRootElement;
import org.gcube.common.authorization.library.provider.SecurityTokenProvider;
import org.gcube.common.scope.api.ScopeProvider;
import org.gcube.common.scope.impl.ScopeBean;
import org.gcube.smartgears.Constants;
import org.gcube.smartgears.configuration.container.ContainerConfiguration;
import org.gcube.smartgears.context.application.ApplicationContext;
import org.gcube.smartgears.handlers.application.RequestEvent;
import org.gcube.smartgears.handlers.application.RequestHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@XmlRootElement(name = Constants.request_validation)
/* loaded from: input_file:org/gcube/smartgears/handlers/application/request/RequestValidator.class */
public class RequestValidator extends RequestHandler {

    @XmlAttribute(required = false, name = "oauth")
    @Deprecated
    boolean oauthCompatibility = false;
    private static Logger log = LoggerFactory.getLogger(RequestValidator.class);
    private ApplicationContext context;

    @Override // org.gcube.smartgears.handlers.application.RequestHandler
    public String getName() {
        return Constants.request_validation;
    }

    @Override // org.gcube.smartgears.handlers.application.RequestHandler
    public void handleRequest(RequestEvent requestEvent) {
        log.trace("executing request validator ON REQUEST");
        this.context = requestEvent.context();
        validateAgainstLifecycle(requestEvent);
        rejectUnauthorizedCalls(requestEvent);
        validateScopeCall();
    }

    private void validateAgainstLifecycle(RequestEvent requestEvent) {
        switch (this.context.lifecycle().state()) {
            case stopped:
                RequestError.application_unavailable_error.fire();
                return;
            case failed:
                RequestError.application_failed_error.fire();
                return;
            default:
                return;
        }
    }

    private void validateScopeCall() {
        String str = ScopeProvider.instance.get();
        if (str == null) {
            log.warn("rejecting unscoped call to {}", this.context.name());
            RequestError.invalid_request_error.fire("call is unscoped");
        }
        ScopeBean scopeBean = new ScopeBean(str);
        ContainerConfiguration configuration = this.context.container().configuration();
        if (configuration.allowedContexts().contains(str)) {
            return;
        }
        if (configuration.authorizeChildrenContext() && scopeBean.is(ScopeBean.Type.VRE) && configuration.allowedContexts().contains(scopeBean.enclosingScope().toString())) {
            return;
        }
        log.warn("rejecting call to {} in invalid context {}, allowed context are {}", new Object[]{this.context.name(), str, this.context.container().configuration().allowedContexts()});
        RequestError.invalid_request_error.fire(this.context.name() + " cannot be called in scope " + str);
    }

    private void rejectUnauthorizedCalls(RequestEvent requestEvent) {
        String str = SecurityTokenProvider.instance.get();
        String str2 = ScopeProvider.instance.get();
        if (str == null && str2 == null) {
            log.warn("rejecting call to {}, authorization required", this.context.name(), str);
            RequestError.request_not_authorized_error.fire(this.context.name() + ": authorization required");
        }
    }

    @Override // org.gcube.smartgears.handlers.AbstractHandler
    public String toString() {
        return getName();
    }
}
