package com.contrastsecurity.agent.plugins.observe.spring;

import com.contrastsecurity.agent.DontObfuscate;
import com.contrastsecurity.agent.apps.Application;
import com.contrastsecurity.agent.apps.ApplicationManager;
import com.contrastsecurity.agent.config.ConfigProperty;
import com.contrastsecurity.agent.context.f;
import com.contrastsecurity.agent.http.HttpManager;
import com.contrastsecurity.agent.plugins.observe.ObserveRootSpanManager;
import com.contrastsecurity.agent.plugins.observe.RootSpan;
import com.contrastsecurity.agent.plugins.observe.a.a;
import com.contrastsecurity.agent.plugins.observe.h;
import com.contrastsecurity.agent.scope.ScopeAggregator;
import com.contrastsecurity.agent.scope.ScopeProvider;
import com.contrastsecurity.thirdparty.com.contrastsecurity.secobs.semconv.ContrastSemanticAttributes;
import com.contrastsecurity.thirdparty.io.opentelemetry.api.common.AttributeKey;
import com.contrastsecurity.thirdparty.io.opentelemetry.api.common.Attributes;
import com.contrastsecurity.thirdparty.io.opentelemetry.api.trace.Span;
import com.contrastsecurity.thirdparty.io.opentelemetry.context.Context;
import com.contrastsecurity.thirdparty.javax.inject.Inject;
import com.contrastsecurity.thirdparty.javax.inject.Singleton;
import java.util.Collection;

@Singleton
@DontObfuscate
/* loaded from: input_file:com/contrastsecurity/agent/plugins/observe/spring/ContrastObserveSpringAuthzDispatcherImpl.class */
public class ContrastObserveSpringAuthzDispatcherImpl implements ContrastObserveSpringAuthzDispatcher {
    final com.contrastsecurity.agent.config.e config;
    final HttpManager httpManager;
    final ApplicationManager applicationManager;
    final ScopeProvider scopeProvider;
    final ObserveRootSpanManager rootSpanManager;
    private String ROLE_PREFIX = "ROLE_";

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public ContrastObserveSpringAuthzDispatcherImpl(com.contrastsecurity.agent.config.e eVar, HttpManager httpManager, ApplicationManager applicationManager, ScopeProvider scopeProvider, ObserveRootSpanManager observeRootSpanManager) {
        this.config = eVar;
        this.httpManager = httpManager;
        this.applicationManager = applicationManager;
        this.scopeProvider = scopeProvider;
        this.rootSpanManager = observeRootSpanManager;
    }

    @Override // java.lang.ContrastObserveSpringAuthzDispatcher
    public void onAuthorizationCheck(String str) {
        ScopeAggregator a;
        if (this.config.c(ConfigProperty.OBSERVE_ENABLE) && (a = h.a(this.scopeProvider)) != null) {
            try {
                if (this.httpManager.getCurrentRequest() == null || this.applicationManager.current() == null) {
                    return;
                }
                f context = this.httpManager.getCurrentRequest().context();
                if (context.get(RootSpan.AUTHZ_CONTEXT_KEY) != null) {
                    a.leaveScope();
                } else {
                    context.put(RootSpan.AUTHZ_CONTEXT_KEY, com.contrastsecurity.agent.plugins.observe.a.a.a().a(str).b(ContrastSemanticAttributes.ActionValues.AUTHZ_REQUEST).a(this.applicationManager.current()).a());
                    a.leaveScope();
                }
            } finally {
                a.leaveScope();
            }
        }
    }

    @Override // java.lang.ContrastObserveSpringAuthzDispatcher
    public void onRouteAuthorization(Collection<String> collection, String str) {
        ScopeAggregator a;
        if (this.config.c(ConfigProperty.OBSERVE_ENABLE) && (a = h.a(this.scopeProvider)) != null) {
            try {
                if (this.httpManager.getCurrentRequest() == null || this.applicationManager.current() == null) {
                    return;
                }
                a.AbstractC0029a a2 = com.contrastsecurity.agent.plugins.observe.a.a.a().a(str).b(ContrastSemanticAttributes.ActionValues.AUTHZ_REQUEST).a(this.applicationManager.current());
                if (collection != null && !collection.isEmpty()) {
                    a2.a(collection);
                }
                this.httpManager.getCurrentRequest().context().put(RootSpan.AUTHZ_CONTEXT_KEY, a2.a());
                a.leaveScope();
            } finally {
                a.leaveScope();
            }
        }
    }

    @Override // java.lang.ContrastObserveSpringAuthzDispatcher
    public void onHasAnyAuthorityName(String str, String[] strArr, String str2) {
        ScopeAggregator a;
        if (this.config.c(ConfigProperty.OBSERVE_ENABLE) && (a = h.a(this.scopeProvider)) != null) {
            try {
                Application current = this.applicationManager.current();
                if (current == null) {
                    return;
                }
                RootSpan currentRootSpan = this.rootSpanManager.currentRootSpan();
                if (currentRootSpan != null && currentRootSpan.isRecording()) {
                    Span startChildSpan = currentRootSpan.startChildSpan(ContrastSemanticAttributes.ActionValues.AUTHZ_REQUEST, str2);
                    if (startChildSpan == null) {
                        a.leaveScope();
                        return;
                    }
                    if (str.equals(this.ROLE_PREFIX) && strArr != null && strArr.length > 0) {
                        startChildSpan.setAttribute((AttributeKey<AttributeKey<String>>) ContrastSemanticAttributes.CONTRAST_AUTHORIZATION_MECHANISM, (AttributeKey<String>) ContrastSemanticAttributes.ContrastAuthorizationMechanismValues.RBAC);
                        startChildSpan.setAttribute((AttributeKey<AttributeKey<String>>) ContrastSemanticAttributes.CONTRAST_AUTHORIZATION_RBAC_ROLE, (AttributeKey<String>) String.join(", ", strArr));
                    }
                    startChildSpan.end();
                    current.otel().b().add(1L, Attributes.of(ContrastSemanticAttributes.ACTION, ContrastSemanticAttributes.ActionValues.AUTHZ_REQUEST, ContrastSemanticAttributes.HTTP_METHOD, currentRootSpan.getHttpMethod(), ContrastSemanticAttributes.HTTP_ROUTE, currentRootSpan.getHttpRoute()), startChildSpan.storeInContext(Context.root()));
                }
                a.leaveScope();
            } finally {
                a.leaveScope();
            }
        }
    }

    @Override // java.lang.ContrastObserveSpringAuthzDispatcher
    public void onPermissionsCheck(Object obj, String str) {
        ScopeAggregator a;
        if (this.config.c(ConfigProperty.OBSERVE_ENABLE) && (a = h.a(this.scopeProvider)) != null) {
            try {
                Application current = this.applicationManager.current();
                if (current == null) {
                    return;
                }
                RootSpan currentRootSpan = this.rootSpanManager.currentRootSpan();
                if (currentRootSpan != null && currentRootSpan.isRecording()) {
                    Span startChildSpan = currentRootSpan.startChildSpan(ContrastSemanticAttributes.ActionValues.AUTHZ_REQUEST, str);
                    if (startChildSpan == null) {
                        a.leaveScope();
                        return;
                    }
                    if (obj instanceof String) {
                        startChildSpan.setAttribute((AttributeKey<AttributeKey<String>>) ContrastSemanticAttributes.CONTRAST_AUTHORIZATION_MECHANISM, (AttributeKey<String>) ContrastSemanticAttributes.ContrastAuthorizationMechanismValues.DAC);
                        startChildSpan.setAttribute((AttributeKey<AttributeKey<String>>) ContrastSemanticAttributes.CONTRAST_AUTHORIZATION_DAC_PERMISSION, (AttributeKey<String>) obj);
                    }
                    startChildSpan.end();
                    current.otel().b().add(1L, Attributes.of(ContrastSemanticAttributes.ACTION, ContrastSemanticAttributes.ActionValues.AUTHZ_REQUEST, ContrastSemanticAttributes.HTTP_METHOD, currentRootSpan.getHttpMethod(), ContrastSemanticAttributes.HTTP_ROUTE, currentRootSpan.getHttpRoute()), startChildSpan.storeInContext(Context.root()));
                }
                a.leaveScope();
            } finally {
                a.leaveScope();
            }
        }
    }
}
