package org.restheart.security.services;

import com.google.gson.JsonArray;
import com.google.gson.JsonObject;
import com.google.gson.JsonPrimitive;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.HttpString;
import java.util.Map;
import java.util.Set;
import org.restheart.ConfigurationException;
import org.restheart.exchange.JsonRequest;
import org.restheart.exchange.JsonResponse;
import org.restheart.plugins.ConfigurablePlugin;
import org.restheart.plugins.InjectConfiguration;
import org.restheart.plugins.JsonService;
import org.restheart.plugins.RegisterPlugin;
import org.restheart.plugins.security.TokenManager;
import org.restheart.utils.URLUtils;

@RegisterPlugin(name = "roles", description = "returns the roles of the authenticated client", secure = false, enabledByDefault = true, defaultURI = "/roles")
/* loaded from: input_file:org/restheart/security/services/GetRoleService.class */
public class GetRoleService implements JsonService {
    Map<String, Object> confArgs = null;

    @InjectConfiguration
    public void init(Map<String, Object> map) {
        this.confArgs = map;
    }

    public void handle(JsonRequest jsonRequest, JsonResponse jsonResponse) throws Exception {
        HttpServerExchange exchange = jsonRequest.getExchange();
        if (jsonRequest.isOptions()) {
            jsonResponse.getHeaders().put(HttpString.tryFromString("Access-Control-Allow-Methods"), "GET");
            jsonResponse.getHeaders().put(HttpString.tryFromString("Access-Control-Allow-Headers"), "Accept, Accept-Encoding, Authorization, Content-Length, Content-Type, Host, Origin, X-Requested-With, User-Agent, No-Auth-Challenge, " + TokenManager.AUTH_TOKEN_HEADER + ", " + TokenManager.AUTH_TOKEN_VALID_HEADER + ", " + TokenManager.AUTH_TOKEN_LOCATION_HEADER);
            exchange.setStatusCode(200);
            exchange.endExchange();
            return;
        }
        if (!jsonRequest.isGet()) {
            exchange.setStatusCode(405);
            exchange.endExchange();
            return;
        }
        if (exchange.getSecurityContext() == null || exchange.getSecurityContext().getAuthenticatedAccount() == null || exchange.getSecurityContext().getAuthenticatedAccount().getPrincipal() == null || !exchange.getRequestURI().equals(URLUtils.removeTrailingSlashes(getUri()) + "/" + exchange.getSecurityContext().getAuthenticatedAccount().getPrincipal().getName())) {
            exchange.setStatusCode(403);
            jsonResponse.getHeaders().remove(TokenManager.AUTH_TOKEN_HEADER);
            jsonResponse.getHeaders().remove(TokenManager.AUTH_TOKEN_VALID_HEADER);
            jsonResponse.getHeaders().remove(TokenManager.AUTH_TOKEN_LOCATION_HEADER);
            exchange.endExchange();
            return;
        }
        JsonObject jsonObject = new JsonObject();
        Set roles = exchange.getSecurityContext().getAuthenticatedAccount().getRoles();
        JsonArray jsonArray = new JsonArray();
        roles.forEach(str -> {
            jsonArray.add(new JsonPrimitive(str));
        });
        jsonObject.add("authenticated", new JsonPrimitive(true));
        jsonObject.add("roles", jsonArray);
        exchange.getResponseSender().send(jsonObject.toString());
        exchange.endExchange();
    }

    private String getUri() {
        if (this.confArgs == null) {
            return "/roles";
        }
        try {
            return (String) ConfigurablePlugin.argValue(this.confArgs, "uri");
        } catch (ConfigurationException e) {
            return "/roles";
        }
    }
}
