package alpine.filters;

import alpine.auth.PermissionRequired;
import alpine.logging.Logger;
import alpine.model.ApiKey;
import alpine.model.LdapUser;
import alpine.model.ManagedUser;
import alpine.persistence.AlpineQueryManager;
import java.security.Principal;
import javax.annotation.Priority;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.glassfish.jersey.server.ContainerRequest;
import org.owasp.security.logging.SecurityMarkers;

@Priority(2000)
/* loaded from: input_file:alpine/filters/AuthorizationFilter.class */
public class AuthorizationFilter implements ContainerRequestFilter {
    private static final Logger LOGGER = Logger.getLogger(AuthorizationFilter.class);

    @Context
    private ResourceInfo resourceInfo;

    public void filter(ContainerRequestContext containerRequestContext) {
        if (containerRequestContext instanceof ContainerRequest) {
            Principal principal = (Principal) containerRequestContext.getProperty("Principal");
            if (principal == null) {
                LOGGER.info(SecurityMarkers.SECURITY_FAILURE, "A request was made without the assertion of a valid user principal");
                containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
                return;
            }
            String[] value = ((PermissionRequired) this.resourceInfo.getResourceMethod().getDeclaredAnnotation(PermissionRequired.class)).value();
            AlpineQueryManager alpineQueryManager = new AlpineQueryManager();
            Throwable th = null;
            try {
                if (principal instanceof ApiKey) {
                    ApiKey apiKey = (ApiKey) principal;
                    for (String str : value) {
                        if (alpineQueryManager.hasPermission(apiKey, str)) {
                            if (alpineQueryManager != null) {
                                if (0 == 0) {
                                    alpineQueryManager.close();
                                    return;
                                }
                                try {
                                    alpineQueryManager.close();
                                    return;
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                    return;
                                }
                            }
                            return;
                        }
                    }
                    LOGGER.info(SecurityMarkers.SECURITY_FAILURE, "Unauthorized access attempt made by API Key " + apiKey.getKey() + " to " + ((ContainerRequest) containerRequestContext).getRequestUri().toString());
                } else {
                    ManagedUser managedUser = null;
                    if (principal instanceof ManagedUser) {
                        managedUser = alpineQueryManager.getManagedUser(((ManagedUser) principal).getUsername());
                    } else if (principal instanceof LdapUser) {
                        managedUser = alpineQueryManager.getLdapUser(((LdapUser) principal).getUsername());
                    }
                    if (managedUser == null) {
                        LOGGER.info(SecurityMarkers.SECURITY_FAILURE, "A request was made but the system in unable to find the user principal");
                        containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
                        if (alpineQueryManager != null) {
                            if (0 == 0) {
                                alpineQueryManager.close();
                                return;
                            }
                            try {
                                alpineQueryManager.close();
                                return;
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                                return;
                            }
                        }
                        return;
                    }
                    for (String str2 : value) {
                        if (alpineQueryManager.hasPermission(managedUser, str2, true)) {
                            if (alpineQueryManager != null) {
                                if (0 == 0) {
                                    alpineQueryManager.close();
                                    return;
                                }
                                try {
                                    alpineQueryManager.close();
                                    return;
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                    return;
                                }
                            }
                            return;
                        }
                    }
                    LOGGER.info(SecurityMarkers.SECURITY_FAILURE, "Unauthorized access attempt made by " + managedUser.getUsername() + " to " + ((ContainerRequest) containerRequestContext).getRequestUri().toString());
                }
                containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
            } finally {
                if (alpineQueryManager != null) {
                    if (0 != 0) {
                        try {
                            alpineQueryManager.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    } else {
                        alpineQueryManager.close();
                    }
                }
            }
        }
    }
}
