package io.corbel.iam.auth.rule;

import io.corbel.iam.auth.AuthorizationRequestContext;
import io.corbel.iam.auth.AuthorizationRule;
import io.corbel.iam.exception.UnauthorizedException;
import io.corbel.iam.model.Domain;
import io.corbel.iam.utils.Message;
import java.util.Objects;
import java.util.Optional;

/* loaded from: input_file:io/corbel/iam/auth/rule/RequestDomainAuthorizationRule.class */
public class RequestDomainAuthorizationRule implements AuthorizationRule {
    @Override // io.corbel.iam.auth.AuthorizationRule
    public void process(AuthorizationRequestContext authorizationRequestContext) throws UnauthorizedException {
        if (isCrossDomain(authorizationRequestContext) && !isAllowedClientCrossDomain(authorizationRequestContext) && !isAllowedChildCrossDomain(authorizationRequestContext)) {
            throw new UnauthorizedException(Message.REQUESTED_DOMAIN_NOT_ALLOWED.getMessage(new Object[0]));
        }
    }

    private boolean isCrossDomain(AuthorizationRequestContext authorizationRequestContext) {
        return !Objects.equals(authorizationRequestContext.getRequestedDomain().getId(), authorizationRequestContext.getIssuerClientDomain().getId());
    }

    private boolean isAllowedChildCrossDomain(AuthorizationRequestContext authorizationRequestContext) {
        return authorizationRequestContext.getRequestedDomain().getId().matches(getChildrenDomainRegex(authorizationRequestContext));
    }

    private boolean isAllowedClientCrossDomain(AuthorizationRequestContext authorizationRequestContext) {
        return ((Boolean) Optional.ofNullable(authorizationRequestContext.getIssuerClientDomain().getAllowedDomains()).map(str -> {
            return Boolean.valueOf(authorizationRequestContext.getRequestedDomain().getId().matches(str));
        }).orElse(false)).booleanValue();
    }

    private String getChildrenDomainRegex(AuthorizationRequestContext authorizationRequestContext) {
        return authorizationRequestContext.getIssuerClientDomain().getId() + "(" + Domain.ID_SEPARATOR + ".+)";
    }
}
