package radar.spring.auth.common;

import jakarta.servlet.http.HttpServletRequest;
import java.util.Set;
import kotlin.Metadata;
import kotlin.collections.SetsKt;
import kotlin.jvm.JvmOverloads;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.reflect.CodeSignature;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import radar.spring.auth.exception.AuthorizationFailedException;
import radar.spring.auth.exception.ResourceForbiddenException;

/* compiled from: AuthAspect.kt */
@Aspect
@Metadata(mv = {1, 8, 0}, k = 1, xi = 48, d1 = {"��@\n\u0002\u0018\u0002\n��\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\"\n\u0002\u0010\u000e\n\u0002\b\b\n\u0002\u0010\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0017\u0018�� \u001f*\u0004\b��\u0010\u00012\u00020\u0002:\u0001\u001fBS\b\u0007\u0012\f\u0010\u0003\u001a\b\u0012\u0004\u0012\u00028��0\u0004\u0012\f\u0010\u0005\u001a\b\u0012\u0004\u0012\u00028��0\u0006\u0012\u000e\b\u0002\u0010\u0007\u001a\b\u0012\u0004\u0012\u00020\t0\b\u0012\u000e\b\u0002\u0010\n\u001a\b\u0012\u0004\u0012\u00020\t0\b\u0012\u000e\b\u0002\u0010\u000b\u001a\b\u0012\u0004\u0012\u00020\t0\b¢\u0006\u0002\u0010\fJ4\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\u00142\u0006\u0010\u0015\u001a\u00020\u00162\b\u0010\u0017\u001a\u0004\u0018\u00010\t2\b\u0010\u0018\u001a\u0004\u0018\u00010\t2\b\u0010\u0019\u001a\u0004\u0018\u00010\tJ\u0018\u0010\u001a\u001a\u00020\u00122\u0006\u0010\u001b\u001a\u00020\u001c2\u0006\u0010\u0013\u001a\u00020\u0014H\u0007J\u0015\u0010\u001d\u001a\u00028��2\u0006\u0010\u0015\u001a\u00020\u0016H\u0002¢\u0006\u0002\u0010\u001eR\u0014\u0010\u0003\u001a\b\u0012\u0004\u0012\u00028��0\u0004X\u0082\u0004¢\u0006\u0002\n��R\u0014\u0010\u0005\u001a\b\u0012\u0004\u0012\u00028��0\u0006X\u0082\u0004¢\u0006\u0002\n��R\u0017\u0010\u0007\u001a\b\u0012\u0004\u0012\u00020\t0\b¢\u0006\b\n��\u001a\u0004\b\r\u0010\u000eR\u0017\u0010\u000b\u001a\b\u0012\u0004\u0012\u00020\t0\b¢\u0006\b\n��\u001a\u0004\b\u000f\u0010\u000eR\u0017\u0010\n\u001a\b\u0012\u0004\u0012\u00020\t0\b¢\u0006\b\n��\u001a\u0004\b\u0010\u0010\u000e¨\u0006 "}, d2 = {"Lradar/spring/auth/common/AuthAspect;", "T", "", "authValidator", "Lradar/spring/auth/common/AuthValidator;", "authorization", "Lradar/spring/auth/common/Authorization;", "projectIdParamNames", "", "", "subjectIdParamNames", "sourceIdParamNames", "(Lradar/spring/auth/common/AuthValidator;Lradar/spring/auth/common/Authorization;Ljava/util/Set;Ljava/util/Set;Ljava/util/Set;)V", "getProjectIdParamNames", "()Ljava/util/Set;", "getSourceIdParamNames", "getSubjectIdParamNames", "authorize", "", "authorized", "Lradar/spring/auth/common/Authorized;", "request", "Ljakarta/servlet/http/HttpServletRequest;", AuthAspect.PROJECT_ID_PARAMETER_NAME, AuthAspect.SUBJECT_ID_PARAMETER_NAME, AuthAspect.SOURCE_ID_PARAMETER_NAME, "before", "joinPoint", "Lorg/aspectj/lang/JoinPoint;", "ensureToken", "(Ljakarta/servlet/http/HttpServletRequest;)Ljava/lang/Object;", "Companion", "radar-spring-auth"})
/* loaded from: input_file:radar/spring/auth/common/AuthAspect.class */
public class AuthAspect<T> {

    @NotNull
    private final AuthValidator<T> authValidator;

    @NotNull
    private final Authorization<T> authorization;

    @NotNull
    private final Set<String> projectIdParamNames;

    @NotNull
    private final Set<String> subjectIdParamNames;

    @NotNull
    private final Set<String> sourceIdParamNames;

    @NotNull
    public static final String TOKEN_KEY = "radar_token";

    @NotNull
    public static final String PROJECT_ID_PARAMETER_NAME = "projectId";

    @NotNull
    public static final String SUBJECT_ID_PARAMETER_NAME = "subjectId";

    @NotNull
    public static final String SOURCE_ID_PARAMETER_NAME = "sourceId";

    @NotNull
    public static final Companion Companion = new Companion(null);
    private static final Logger logger = LoggerFactory.getLogger(AuthAspect.class);

    /* compiled from: AuthAspect.kt */
    @Metadata(mv = {1, 8, 0}, k = 1, xi = 48, d1 = {"��\u001c\n\u0002\u0018\u0002\n\u0002\u0010��\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0086\u0003\u0018��2\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0005\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0006\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u000e\u0010\u0007\u001a\u00020\u0004X\u0086T¢\u0006\u0002\n��R\u0016\u0010\b\u001a\n \n*\u0004\u0018\u00010\t0\tX\u0082\u0004¢\u0006\u0002\n��¨\u0006\u000b"}, d2 = {"Lradar/spring/auth/common/AuthAspect$Companion;", "", "()V", "PROJECT_ID_PARAMETER_NAME", "", "SOURCE_ID_PARAMETER_NAME", "SUBJECT_ID_PARAMETER_NAME", "TOKEN_KEY", "logger", "Lorg/slf4j/Logger;", "kotlin.jvm.PlatformType", "radar-spring-auth"})
    /* loaded from: input_file:radar/spring/auth/common/AuthAspect$Companion.class */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    @JvmOverloads
    public AuthAspect(@NotNull AuthValidator<T> authValidator, @NotNull Authorization<T> authorization, @NotNull Set<String> set, @NotNull Set<String> set2, @NotNull Set<String> set3) {
        Intrinsics.checkNotNullParameter(authValidator, "authValidator");
        Intrinsics.checkNotNullParameter(authorization, "authorization");
        Intrinsics.checkNotNullParameter(set, "projectIdParamNames");
        Intrinsics.checkNotNullParameter(set2, "subjectIdParamNames");
        Intrinsics.checkNotNullParameter(set3, "sourceIdParamNames");
        this.authValidator = authValidator;
        this.authorization = authorization;
        this.projectIdParamNames = set;
        this.subjectIdParamNames = set2;
        this.sourceIdParamNames = set3;
    }

    public /* synthetic */ AuthAspect(AuthValidator authValidator, Authorization authorization, Set set, Set set2, Set set3, int i, DefaultConstructorMarker defaultConstructorMarker) {
        this(authValidator, authorization, (i & 4) != 0 ? SetsKt.setOf(PROJECT_ID_PARAMETER_NAME) : set, (i & 8) != 0 ? SetsKt.setOf(SUBJECT_ID_PARAMETER_NAME) : set2, (i & 16) != 0 ? SetsKt.setOf(SOURCE_ID_PARAMETER_NAME) : set3);
    }

    @NotNull
    public final Set<String> getProjectIdParamNames() {
        return this.projectIdParamNames;
    }

    @NotNull
    public final Set<String> getSubjectIdParamNames() {
        return this.subjectIdParamNames;
    }

    @NotNull
    public final Set<String> getSourceIdParamNames() {
        return this.sourceIdParamNames;
    }

    @Before("@annotation(authorized) && execution(* *(..))")
    public final void before(@NotNull JoinPoint joinPoint, @NotNull Authorized authorized) {
        Intrinsics.checkNotNullParameter(joinPoint, "joinPoint");
        Intrinsics.checkNotNullParameter(authorized, "authorized");
        ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        Intrinsics.checkNotNull(requestAttributes, "null cannot be cast to non-null type org.springframework.web.context.request.ServletRequestAttributes");
        HttpServletRequest request = requestAttributes.getRequest();
        Object[] args = joinPoint.getArgs();
        CodeSignature signature = joinPoint.getSignature();
        Intrinsics.checkNotNull(signature, "null cannot be cast to non-null type org.aspectj.lang.reflect.CodeSignature");
        CodeSignature codeSignature = signature;
        String str = null;
        String str2 = null;
        String str3 = null;
        Intrinsics.checkNotNullExpressionValue(args, "args");
        int length = args.length;
        for (int i = 0; i < length; i++) {
            int i2 = i;
            Object obj = args[i];
            if (Intrinsics.areEqual(codeSignature.getParameterTypes()[i2], String.class)) {
                String str4 = codeSignature.getParameterNames()[i2];
                if (this.projectIdParamNames.contains(str4)) {
                    Intrinsics.checkNotNull(obj, "null cannot be cast to non-null type kotlin.String");
                    str = (String) obj;
                } else if (this.subjectIdParamNames.contains(str4)) {
                    Intrinsics.checkNotNull(obj, "null cannot be cast to non-null type kotlin.String");
                    str2 = (String) obj;
                } else if (this.sourceIdParamNames.contains(str4)) {
                    Intrinsics.checkNotNull(obj, "null cannot be cast to non-null type kotlin.String");
                    str3 = (String) obj;
                }
            }
        }
        Intrinsics.checkNotNullExpressionValue(request, "req");
        authorize(authorized, request, str, str2, str3);
    }

    public final void authorize(@NotNull Authorized authorized, @NotNull HttpServletRequest httpServletRequest, @Nullable String str, @Nullable String str2, @Nullable String str3) {
        Intrinsics.checkNotNullParameter(authorized, "authorized");
        Intrinsics.checkNotNullParameter(httpServletRequest, "request");
        logger.debug("Authorizing request...");
        T ensureToken = ensureToken(httpServletRequest);
        if (!this.authorization.authorize(ensureToken, authorized.permission(), authorized.entity(), authorized.permissionOn(), authorized.role(), authorized.scopes(), authorized.authorities(), authorized.audiences(), authorized.grantTypes(), str, str2, str3)) {
            throw new ResourceForbiddenException("The requested resource is forbidden.", null, 2, null);
        }
        logger.debug("Setting the token in the request: {}", ensureToken);
        httpServletRequest.setAttribute(TOKEN_KEY, ensureToken);
    }

    private final T ensureToken(HttpServletRequest httpServletRequest) {
        String token = this.authValidator.getToken(httpServletRequest);
        if (token == null) {
            logger.warn("[401] {}: No token bearer header provided in the request", httpServletRequest.getRequestURI());
            throw new AuthorizationFailedException("The token is missing from the request. No bearer token provided in the request", null, 2, null);
        }
        try {
            T verify = this.authValidator.verify(token, httpServletRequest);
            if (verify != null) {
                return verify;
            }
            logger.warn("[401] {}: Bearer token invalid", httpServletRequest.getRequestURI());
            throw new AuthorizationFailedException("Bearer token is not a valid JWT.", null, 2, null);
        } catch (Exception e) {
            logger.warn("[401] {}: {}", httpServletRequest.getRequestURI(), e.toString());
            throw new AuthorizationFailedException("Cannot verify token. It may have been rendered invalid.", e);
        }
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    @JvmOverloads
    public AuthAspect(@NotNull AuthValidator<T> authValidator, @NotNull Authorization<T> authorization, @NotNull Set<String> set, @NotNull Set<String> set2) {
        this(authValidator, authorization, set, set2, null, 16, null);
        Intrinsics.checkNotNullParameter(authValidator, "authValidator");
        Intrinsics.checkNotNullParameter(authorization, "authorization");
        Intrinsics.checkNotNullParameter(set, "projectIdParamNames");
        Intrinsics.checkNotNullParameter(set2, "subjectIdParamNames");
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    @JvmOverloads
    public AuthAspect(@NotNull AuthValidator<T> authValidator, @NotNull Authorization<T> authorization, @NotNull Set<String> set) {
        this(authValidator, authorization, set, null, null, 24, null);
        Intrinsics.checkNotNullParameter(authValidator, "authValidator");
        Intrinsics.checkNotNullParameter(authorization, "authorization");
        Intrinsics.checkNotNullParameter(set, "projectIdParamNames");
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    @JvmOverloads
    public AuthAspect(@NotNull AuthValidator<T> authValidator, @NotNull Authorization<T> authorization) {
        this(authValidator, authorization, null, null, null, 28, null);
        Intrinsics.checkNotNullParameter(authValidator, "authValidator");
        Intrinsics.checkNotNullParameter(authorization, "authorization");
    }
}
