package org.picketlink.extensions.core.rest.interceptors;

import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.HttpHeaders;
import org.jboss.logging.Logger;
import org.jboss.resteasy.annotations.interception.ServerInterceptor;
import org.jboss.resteasy.core.ResourceMethod;
import org.jboss.resteasy.core.ServerResponse;
import org.jboss.resteasy.spi.Failure;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.interception.PreProcessInterceptor;
import org.picketbox.jaxrs.model.AuthenticationResponse;
import org.picketlink.authentication.AuthenticationException;
import org.picketlink.extensions.core.pbox.PicketBoxIdentity;
import org.picketlink.extensions.core.rest.AccountRegistrationEndpoint;
import org.picketlink.extensions.core.rest.CheckUserNameEndpoint;
import org.picketlink.extensions.core.rest.LogoutEndpoint;
import org.picketlink.extensions.core.rest.SignInEndpoint;
import org.picketlink.extensions.core.rest.UserInfoEndpoint;

@ApplicationScoped
@ServerInterceptor
/* loaded from: input_file:org/picketlink/extensions/core/rest/interceptors/SecurityInterceptor.class */
public class SecurityInterceptor implements PreProcessInterceptor {
    private Logger log = Logger.getLogger(SecurityInterceptor.class);
    private static final String AUTH_TOKEN_HEADER_NAME = "Auth-Token";

    @Inject
    private PicketBoxIdentity identity;

    public ServerResponse preProcess(HttpRequest httpRequest, ResourceMethod resourceMethod) throws Failure, WebApplicationException {
        ServerResponse serverResponse = null;
        if (requiresAuthentication(resourceMethod) && !this.identity.isLoggedIn()) {
            boolean z = false;
            String token = getToken(httpRequest);
            if (token != null) {
                try {
                    z = this.identity.restoreSession(token);
                } catch (AuthenticationException e) {
                    this.log.error("Authentiation Failed:", e);
                }
            }
            if (!z) {
                AuthenticationResponse authenticationResponse = new AuthenticationResponse();
                authenticationResponse.setLoggedIn(false);
                serverResponse = new ServerResponse();
                serverResponse.setEntity(authenticationResponse);
                serverResponse.setStatus(403);
            }
        }
        return serverResponse;
    }

    private String getToken(HttpRequest httpRequest) {
        Map cookies;
        HttpHeaders httpHeaders = httpRequest.getHttpHeaders();
        List requestHeader = httpHeaders.getRequestHeader(AUTH_TOKEN_HEADER_NAME);
        String str = null;
        if (requestHeader != null && !requestHeader.isEmpty()) {
            str = (String) requestHeader.get(0);
        }
        if (str == null && (cookies = httpHeaders.getCookies()) != null) {
            str = ((Cookie) cookies.get(AUTH_TOKEN_HEADER_NAME)).getValue();
        }
        return str;
    }

    private boolean requiresAuthentication(ResourceMethod resourceMethod) {
        return !Arrays.asList(SignInEndpoint.class, LogoutEndpoint.class, AccountRegistrationEndpoint.class, CheckUserNameEndpoint.class, UserInfoEndpoint.class).contains(resourceMethod.getMethod().getDeclaringClass());
    }
}
