package org.demoiselle.jee.security.interceptor;

import java.io.Serializable;
import javax.annotation.Priority;
import javax.inject.Inject;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;
import javax.ws.rs.core.Response;
import org.demoiselle.jee.core.api.security.SecurityContext;
import org.demoiselle.jee.security.annotation.Authenticated;
import org.demoiselle.jee.security.annotation.RequiredPermission;
import org.demoiselle.jee.security.exception.DemoiselleSecurityException;
import org.demoiselle.jee.security.message.DemoiselleSecurityMessages;

@Priority(2000)
@RequiredPermission
@Interceptor
/* loaded from: input_file:org/demoiselle/jee/security/interceptor/RequiredPermissionInterceptor.class */
public class RequiredPermissionInterceptor implements Serializable {
    private static final long serialVersionUID = 1;

    @Inject
    private SecurityContext securityContext;

    @Inject
    private DemoiselleSecurityMessages bundle;

    @AroundInvoke
    public Object manage(InvocationContext invocationContext) throws Exception {
        Authenticated authenticated = (Authenticated) invocationContext.getMethod().getAnnotation(Authenticated.class);
        String resource = getResource(invocationContext);
        String operation = getOperation(invocationContext);
        if (authenticated != null && !authenticated.enable()) {
            return invocationContext.proceed();
        }
        if (!this.securityContext.isLoggedIn()) {
            throw new DemoiselleSecurityException(this.bundle.doesNotHavePermission(operation, resource), Response.Status.FORBIDDEN.getStatusCode());
        }
        if (this.securityContext.hasPermission(resource, operation)) {
            return invocationContext.proceed();
        }
        throw new DemoiselleSecurityException(this.bundle.doesNotHavePermission(operation, resource), Response.Status.FORBIDDEN.getStatusCode());
    }

    private String getResource(InvocationContext invocationContext) {
        RequiredPermission requiredPermission = (RequiredPermission) invocationContext.getMethod().getAnnotation(RequiredPermission.class);
        if (requiredPermission == null) {
            requiredPermission = (RequiredPermission) invocationContext.getTarget().getClass().getAnnotation(RequiredPermission.class);
        }
        return (requiredPermission.resource() == null || requiredPermission.resource().trim().isEmpty()) ? invocationContext.getTarget().getClass().getSimpleName() : requiredPermission.resource();
    }

    private String getOperation(InvocationContext invocationContext) {
        RequiredPermission requiredPermission = (RequiredPermission) invocationContext.getMethod().getAnnotation(RequiredPermission.class);
        if (requiredPermission == null) {
            requiredPermission = (RequiredPermission) invocationContext.getTarget().getClass().getAnnotation(RequiredPermission.class);
        }
        return (requiredPermission.operation() == null || requiredPermission.operation().trim().isEmpty()) ? invocationContext.getMethod().getName() : requiredPermission.operation();
    }
}
