package be.atbash.runtime.security.jwt.jaxrs;

import be.atbash.runtime.core.data.util.SystemPropertyUtil;
import jakarta.annotation.security.DenyAll;
import jakarta.annotation.security.PermitAll;
import jakarta.annotation.security.RolesAllowed;
import jakarta.ws.rs.HttpMethod;
import jakarta.ws.rs.container.DynamicFeature;
import jakarta.ws.rs.container.ResourceInfo;
import jakarta.ws.rs.core.FeatureContext;
import jakarta.ws.rs.ext.Provider;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Provider
/* loaded from: input_file:be/atbash/runtime/security/jwt/jaxrs/JWTAuthorizationFilterRegistrar.class */
public class JWTAuthorizationFilterRegistrar implements DynamicFeature {
    private static final Logger LOGGER = LoggerFactory.getLogger(JWTAuthorizationFilterRegistrar.class);
    private static final DenyAllFilter denyAllFilter = new DenyAllFilter();
    private final Set<Class<? extends Annotation>> permissionAnnotations = new HashSet(Arrays.asList(DenyAll.class, PermitAll.class, RolesAllowed.class));
    private final Set<String> missingPermissionAnnotationWarning = new HashSet();

    public void configure(ResourceInfo resourceInfo, FeatureContext featureContext) {
        Annotation permissionAnnotation = getPermissionAnnotation(resourceInfo);
        if (permissionAnnotation != null) {
            if (permissionAnnotation instanceof DenyAll) {
                configureDenyAll(featureContext);
                return;
            } else {
                if (permissionAnnotation instanceof RolesAllowed) {
                    configureRolesAllowed((RolesAllowed) permissionAnnotation, featureContext);
                    return;
                }
                return;
            }
        }
        if (SystemPropertyUtil.getInstance().isTck("jwt")) {
            if (hasSecurityAnnotations(resourceInfo)) {
                configureDenyAll(featureContext);
            }
        } else {
            configureDenyAll(featureContext);
            String method = resourceInfo.getResourceMethod().toString();
            if (this.missingPermissionAnnotationWarning.contains(method)) {
                return;
            }
            this.missingPermissionAnnotationWarning.add(method);
            LOGGER.atWarn().log("Missing Permission annotation (@RolesAllowed or @PermitAll) on " + method);
        }
    }

    private void configureRolesAllowed(RolesAllowed rolesAllowed, FeatureContext featureContext) {
        featureContext.register(new RolesAllowedFilter(rolesAllowed.value()));
    }

    private void configureDenyAll(FeatureContext featureContext) {
        featureContext.register(denyAllFilter);
    }

    private Annotation getPermissionAnnotation(ResourceInfo resourceInfo) {
        Annotation annotation = getAnnotation(resourceInfo.getResourceMethod().getDeclaredAnnotations(), () -> {
            return resourceInfo.getResourceMethod().toString();
        });
        if (annotation == null) {
            annotation = getAnnotation(resourceInfo.getResourceClass().getDeclaredAnnotations(), () -> {
                return resourceInfo.getResourceClass().getCanonicalName();
            });
        }
        return annotation;
    }

    private Annotation getAnnotation(Annotation[] annotationArr, Supplier<String> supplier) {
        List list = (List) Stream.of((Object[]) annotationArr).filter(annotation -> {
            return this.permissionAnnotations.contains(annotation.annotationType());
        }).collect(Collectors.toList());
        switch (list.size()) {
            case 0:
                return null;
            case 1:
                return (Annotation) list.iterator().next();
            default:
                throw new RuntimeException("Multiple Permission annotations found at " + supplier.get());
        }
    }

    private boolean hasSecurityAnnotations(ResourceInfo resourceInfo) {
        return Stream.of((Object[]) resourceInfo.getResourceClass().getMethods()).filter(this::isResourceMethod).anyMatch(this::hasSecurityAnnotations);
    }

    private boolean hasSecurityAnnotations(Method method) {
        return Stream.of((Object[]) method.getAnnotations()).anyMatch(annotation -> {
            return this.permissionAnnotations.contains(annotation.annotationType());
        });
    }

    private boolean isResourceMethod(Method method) {
        return Stream.of((Object[]) method.getAnnotations()).anyMatch(annotation -> {
            return annotation.annotationType().getAnnotation(HttpMethod.class) != null;
        });
    }
}
