package step.framework.server.security;

import jakarta.annotation.PostConstruct;
import jakarta.annotation.Priority;
import jakarta.inject.Inject;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerRequestFilter;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.ext.Provider;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.util.Arrays;
import java.util.regex.Pattern;
import org.glassfish.jersey.server.ExtendedUriInfo;
import org.glassfish.jersey.server.model.Invocable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import step.core.accessors.AbstractUser;
import step.framework.server.AbstractServices;
import step.framework.server.Session;
import step.framework.server.access.AccessManager;

@Provider
@Priority(1000)
/* loaded from: input_file:step/framework/server/security/SecurityFilter.class */
public class SecurityFilter<U extends AbstractUser> extends AbstractServices<U> implements ContainerRequestFilter {

    @Inject
    private ExtendedUriInfo extendendUriInfo;
    private AccessManager accessManager;
    private static final Logger logger = LoggerFactory.getLogger(SecurityFilter.class);

    @PostConstruct
    public void init() throws Exception {
        this.accessManager = (AccessManager) getAbstractContext().require(AccessManager.class);
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        Session<U> retrieveOrInitializeSession = retrieveOrInitializeSession();
        Invocable invocable = this.extendendUriInfo.getMatchedResourceMethod().getInvocable();
        Class handlerClass = invocable.getHandler().getHandlerClass();
        Secured[] securedArr = (Secured[]) invocable.getHandlingMethod().getAnnotationsByType(Secured.class);
        if (securedArr != null) {
            Arrays.stream(securedArr).forEach(secured -> {
                checkRightsForAnnotation(containerRequestContext, retrieveOrInitializeSession, handlerClass, secured);
            });
        }
    }

    private void checkRightsForAnnotation(ContainerRequestContext containerRequestContext, Session<?> session, Class<?> cls, Secured secured) {
        if (!session.isAuthenticated()) {
            if (logger.isDebugEnabled()) {
                logger.debug("User '" + username(session) + "' not authenticated. Returning " + Response.Status.UNAUTHORIZED);
            }
            containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
            return;
        }
        String right = secured.right();
        if (right.length() > 0) {
            for (Annotation annotation : cls.getAnnotations()) {
                if (annotation instanceof SecuredContext) {
                    SecuredContext securedContext = (SecuredContext) annotation;
                    right = right.replaceAll(Pattern.quote("{" + securedContext.key() + "}"), securedContext.value());
                }
            }
            boolean checkRightInContext = this.accessManager.checkRightInContext(session, right);
            if (logger.isDebugEnabled()) {
                logger.debug("Checked right '" + right + "' for user '" + username(session) + "'. Result: " + checkRightInContext);
            }
            if (checkRightInContext) {
                return;
            }
            containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
            logger.warn("User " + username(session) + " missing right " + right);
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [step.core.accessors.AbstractUser] */
    private String username(Session<?> session) {
        ?? user = session.getUser();
        if (user != 0) {
            return user.getSessionUsername();
        }
        return null;
    }

    protected Session<U> retrieveOrInitializeSession() {
        Session<U> session = getSession();
        if (session == null) {
            session = new Session<>();
            setSession(session);
        }
        return session;
    }
}
