package com.github.jcrochavera.jwt.authz.boundary;

import com.github.jcrochavera.jwt.authz.annotations.Operation;
import com.github.jcrochavera.jwt.authz.annotations.RequiresPermission;
import com.github.jcrochavera.jwt.authz.annotations.RequiresPermissions;
import com.github.jcrochavera.jwt.authz.control.UserSession;
import com.github.jcrochavera.jwt.authz.utils.AnnotationUtils;
import java.io.IOException;
import java.util.Objects;
import javax.annotation.Priority;
import javax.inject.Inject;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.ext.Provider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Provider
@Priority(2000)
/* loaded from: input_file:com/github/jcrochavera/jwt/authz/boundary/AuthorizationFilter.class */
public class AuthorizationFilter implements ContainerRequestFilter {
    static Logger LOG = LoggerFactory.getLogger(AuthorizationFilter.class);

    @Context
    ResourceInfo resourceInfo;

    @Inject
    ClientAuthz clientAuth;

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        AnnotationUtils annotationUtils = new AnnotationUtils(this.resourceInfo.getResourceMethod().getAnnotations());
        if (!annotationUtils.isAnnotationPresent(RequiresPermissions.class)) {
            LOG.debug("'{}' Just requires role evaluation", this.resourceInfo.getResourceClass());
            return;
        }
        LOG.debug("'{}' requires permission evaluation", this.resourceInfo.getResourceClass());
        for (RequiresPermission requiresPermission : ((RequiresPermissions) annotationUtils.getAnnotation(RequiresPermissions.class)).permissions()) {
            evaluateOne(containerRequestContext, requiresPermission.resource(), requiresPermission.value(), requiresPermission.operation(), requiresPermission.instance());
        }
    }

    private void evaluateOne(ContainerRequestContext containerRequestContext, String str, String[] strArr, Operation operation, String str2) {
        UserSession session = this.clientAuth.getSession();
        if (Objects.isNull(session)) {
            throw new NotAuthorizedException("", new Object[0]);
        }
        if (str2.isEmpty()) {
            if (!session.hasPermissions(str, operation, strArr)) {
                throw new ForbiddenException();
            }
        } else if (!session.hasInstancePermissions(str, getInstanceFromParameter(containerRequestContext, str2), operation, strArr)) {
            throw new ForbiddenException();
        }
    }

    private String getInstanceFromParameter(ContainerRequestContext containerRequestContext, String str) {
        String str2 = (String) containerRequestContext.getUriInfo().getPathParameters().getFirst(str);
        if (!Objects.isNull(str2)) {
            return str2;
        }
        LOG.warn("Value for parameter '{}' was not provided", str);
        throw new ForbiddenException();
    }
}
