package io.apicurio.registry.auth;

import io.apicurio.registry.storage.NotFoundException;
import io.apicurio.registry.storage.RegistryStorage;
import io.apicurio.registry.types.Current;
import io.quarkus.security.identity.SecurityIdentity;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.interceptor.InvocationContext;

@Singleton
/* loaded from: input_file:io/apicurio/registry/auth/OwnerBasedAccessController.class */
public class OwnerBasedAccessController implements IAccessController {

    @Inject
    AuthConfig authConfig;

    @Inject
    SecurityIdentity securityIdentity;

    @Inject
    @Current
    RegistryStorage storage;

    @Override // io.apicurio.registry.auth.IAccessController
    public boolean isAuthorized(InvocationContext invocationContext) {
        Authorized authorized = (Authorized) invocationContext.getMethod().getAnnotation(Authorized.class);
        AuthorizedStyle style = authorized.style();
        if (authorized.level() != AuthorizedLevel.Write) {
            return true;
        }
        if (style == AuthorizedStyle.GroupAndArtifact) {
            return verifyArtifactCreatedBy(getStringParam(invocationContext, 0), getStringParam(invocationContext, 1));
        }
        if (style == AuthorizedStyle.GroupOnly && this.authConfig.ownerOnlyAuthorizationLimitGroupAccess.get().booleanValue()) {
            return verifyGroupCreatedBy(getStringParam(invocationContext, 0));
        }
        if (style == AuthorizedStyle.ArtifactOnly) {
            return verifyArtifactCreatedBy(null, getStringParam(invocationContext, 0));
        }
        if (style == AuthorizedStyle.GlobalId) {
            return verifyArtifactCreatedBy(getLongParam(invocationContext, 0).longValue());
        }
        return true;
    }

    private boolean verifyGroupCreatedBy(String str) {
        try {
            String createdBy = this.storage.getGroupMetaData(str).getCreatedBy();
            if (createdBy != null) {
                if (!createdBy.equals(this.securityIdentity.getPrincipal().getName())) {
                    return false;
                }
            }
            return true;
        } catch (NotFoundException e) {
            return true;
        }
    }

    private boolean verifyArtifactCreatedBy(String str, String str2) {
        try {
            String createdBy = this.storage.getArtifactMetaData(str, str2).getCreatedBy();
            if (createdBy != null) {
                if (!createdBy.equals(this.securityIdentity.getPrincipal().getName())) {
                    return false;
                }
            }
            return true;
        } catch (NotFoundException e) {
            return true;
        }
    }

    private boolean verifyArtifactCreatedBy(long j) {
        try {
            String createdBy = this.storage.getArtifactMetaData(j).getCreatedBy();
            if (createdBy != null) {
                if (!createdBy.equals(this.securityIdentity.getPrincipal().getName())) {
                    return false;
                }
            }
            return true;
        } catch (NotFoundException e) {
            return true;
        }
    }

    private static String getStringParam(InvocationContext invocationContext, int i) {
        return (String) invocationContext.getParameters()[i];
    }

    private static Long getLongParam(InvocationContext invocationContext, int i) {
        return (Long) invocationContext.getParameters()[i];
    }
}
