package org.bitrepository.protocol.security;

import java.util.Iterator;
import org.bitrepository.settings.collectionsettings.Operation;
import org.bouncycastle.cms.SignerId;

/* loaded from: input_file:org/bitrepository/protocol/security/BasicOperationAuthorizor.class */
public class BasicOperationAuthorizor implements OperationAuthorizor {
    private RequestToOperationPermissionMapper requestToPermissionMapper = new RequestToOperationPermissionMapper();
    private final PermissionStore permissionStore;

    public BasicOperationAuthorizor(PermissionStore permissionStore) {
        this.permissionStore = permissionStore;
    }

    @Override // org.bitrepository.protocol.security.OperationAuthorizor
    public void authorizeCertificateUse(String str, SignerId signerId) throws CertificateUseException {
        try {
            if (!this.permissionStore.checkCertificateUser(signerId, str)) {
                throw new CertificateUseException("The user '" + str + "' does not have registered the needed rights for being the signer: " + signerId.toString());
            }
        } catch (PermissionStoreException e) {
            throw new CertificateUseException(e.getMessage(), e);
        }
    }

    @Override // org.bitrepository.protocol.security.OperationAuthorizor
    public void authorizeOperation(String str, SignerId signerId) throws OperationAuthorizationException, UnregisteredPermissionException {
        Iterator<Operation> it = this.requestToPermissionMapper.getRequiredPermissions(str).iterator();
        while (it.hasNext()) {
            try {
                if (this.permissionStore.checkPermission(signerId, it.next())) {
                    return;
                }
            } catch (PermissionStoreException e) {
                throw new OperationAuthorizationException(e.getMessage(), e);
            }
        }
        throw new OperationAuthorizationException("The required permission has not been registered for the signer: " + signerId.toString());
    }
}
