package org.ff4j.web.api.security;

import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.ff4j.web.ApiConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ff4j/web/api/security/FF4jAuthorizationFilter.class */
public class FF4jAuthorizationFilter implements ContainerRequestFilter {
    private final Logger log = LoggerFactory.getLogger(getClass());
    private static ApiConfig apiConfig = null;

    @Context
    public ResourceInfo info;

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        this.log.debug("Entering authorization filter for <" + containerRequestContext.getUriInfo().getPath() + ">");
        if (isDenyAll()) {
            forbidden();
        }
        if (!isPermitAll() && isRolesAllowed()) {
            FF4jSecurityContext securityContext = containerRequestContext.getSecurityContext();
            if (securityContext instanceof FF4jSecurityContext) {
                Set<String> roles = getRoles();
                Set userRoles = securityContext.getUserRoles();
                if (userRoles != null) {
                    Iterator it = userRoles.iterator();
                    while (it.hasNext()) {
                        if (roles.contains((String) it.next())) {
                            return;
                        }
                    }
                }
                this.log.warn("Request Forbidden : user role are " + userRoles + " but target expected=" + roles);
                forbidden();
            }
        }
    }

    private boolean isPermitAll() {
        return this.info.getResourceMethod().getAnnotation(PermitAll.class) != null;
    }

    private boolean isDenyAll() {
        return this.info.getResourceMethod().getAnnotation(DenyAll.class) != null;
    }

    private boolean isRolesAllowed() {
        return this.info.getResourceMethod().getAnnotation(RolesAllowed.class) != null;
    }

    private Set<String> getRoles() {
        HashSet hashSet = new HashSet();
        RolesAllowed annotation = this.info.getResourceClass().getAnnotation(RolesAllowed.class);
        if (annotation != null) {
            hashSet.addAll(Arrays.asList(annotation.value()));
        }
        RolesAllowed annotation2 = this.info.getResourceMethod().getAnnotation(RolesAllowed.class);
        if (annotation2 != null) {
            hashSet.addAll(Arrays.asList(annotation2.value()));
        }
        return hashSet;
    }

    private static void forbidden() {
        throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity("Cannot reach ressource, forbidden check @RoleAllowed, @DenyAll").type(MediaType.TEXT_HTML_TYPE).build());
    }

    public static ApiConfig getApiConfig() {
        return apiConfig;
    }

    public static void setApiConfig(ApiConfig apiConfig2) {
        apiConfig = apiConfig2;
    }

    public ResourceInfo getInfo() {
        return this.info;
    }

    public void setInfo(ResourceInfo resourceInfo) {
        this.info = resourceInfo;
    }
}
