package org.geoserver.wps.security;

import java.util.logging.Logger;
import org.geoserver.ows.Dispatcher;
import org.geoserver.ows.Request;
import org.geoserver.security.AccessLimits;
import org.geoserver.security.CatalogMode;
import org.geotools.util.logging.Logging;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:org/geoserver/wps/security/ProcessAccessLimits.class */
public class ProcessAccessLimits extends AccessLimits {
    private static final Logger LOGGER = Logging.getLogger(ProcessAccessLimits.class);
    private static final long serialVersionUID = -3253977289877833644L;
    private boolean allowed;
    private String resource;

    public ProcessAccessLimits(CatalogMode catalogMode, boolean z, String str) {
        super(catalogMode);
        this.resource = str;
        this.allowed = z;
    }

    public boolean isAllowed() {
        checkCatalogMode();
        return this.allowed;
    }

    private void checkCatalogMode() {
        if (this.allowed) {
            return;
        }
        Request request = (Request) Dispatcher.REQUEST.get();
        CatalogMode mode = getMode();
        if (mode == CatalogMode.MIXED) {
            if (request == null || !"GetCapabilities".equalsIgnoreCase(request.getRequest())) {
                throw unauthorizedAccess(this.resource);
            }
        } else if (mode == CatalogMode.CHALLENGE) {
            this.allowed = true;
            if (request == null || "GetCapabilities".equalsIgnoreCase(request.getRequest())) {
                return;
            }
            if ("Execute".equalsIgnoreCase(request.getRequest()) || "DescribeProcess".equalsIgnoreCase(request.getRequest())) {
                throw unauthorizedAccess(this.resource);
            }
        }
    }

    private static RuntimeException unauthorizedAccess(String str) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return (authentication == null || authentication.getAuthorities().size() == 0) ? new InsufficientAuthenticationException("Cannot access " + str + " as anonymous") : new AccessDeniedException("Cannot access " + str + " with the current privileges");
    }
}
