package org.conventionsframework.security;

import java.io.Serializable;
import java.lang.reflect.Method;
import javax.faces.application.FacesMessage;
import javax.inject.Inject;
import javax.interceptor.AroundInvoke;
import javax.interceptor.InvocationContext;
import org.conventionsframework.exception.BusinessException;
import org.conventionsframework.qualifier.SecurityMethod;
import org.conventionsframework.util.ResourceBundle;

/* loaded from: input_file:org/conventionsframework/security/BaseSecurityInterceptor.class */
public abstract class BaseSecurityInterceptor implements Serializable {

    @Inject
    private ResourceBundle resourceBundle;

    @AroundInvoke
    public Object checkPermission(InvocationContext invocationContext) throws Exception {
        String[] extractMethodRoles = extractMethodRoles(invocationContext.getMethod());
        if (extractMethodRoles == null || extractMethodRoles.length <= 0 || checkUserPermissions(extractMethodRoles)) {
            return invocationContext.proceed();
        }
        String fatalMessage = getFatalMessage(((SecurityMethod) invocationContext.getMethod().getAnnotation(SecurityMethod.class)).message());
        BusinessException businessException = new BusinessException(fatalMessage);
        businessException.setSeverity(FacesMessage.SEVERITY_FATAL);
        businessException.setSummary(fatalMessage);
        throw businessException;
    }

    public abstract boolean checkUserPermissions(String[] strArr);

    private String[] extractMethodRoles(Method method) {
        if (method.isAnnotationPresent(SecurityMethod.class)) {
            return ((SecurityMethod) method.getAnnotation(SecurityMethod.class)).rolesAllowed();
        }
        return null;
    }

    private String getFatalMessage(String str) {
        if (this.resourceBundle == null) {
            return str;
        }
        String string = this.resourceBundle.getString(str);
        return (string == null || string.startsWith("??")) ? str : string;
    }
}
