package com.coreoz.plume.jersey.security.permission;

import java.io.IOException;
import java.lang.annotation.Annotation;
import java.lang.reflect.AnnotatedElement;
import java.util.Collection;
import java.util.function.Function;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.DynamicFeature;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.FeatureContext;
import org.glassfish.jersey.server.internal.LocalizationMessages;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/coreoz/plume/jersey/security/permission/PermissionFeature.class */
public class PermissionFeature<A extends Annotation> implements DynamicFeature {
    private static final Logger logger = LoggerFactory.getLogger(PermissionFeature.class);
    private final PermissionRequestProvider requestPermissionProvider;
    private final Class<A> permissionAnnotationType;
    private final Function<A, String> permissionAnnotationExtractor;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/coreoz/plume/jersey/security/permission/PermissionFeature$PermissionRequestFilter.class */
    public static class PermissionRequestFilter implements ContainerRequestFilter {
        private final String resourcePermission;
        private final PermissionRequestProvider requestPermissionProvider;

        public PermissionRequestFilter(String str, PermissionRequestProvider permissionRequestProvider) {
            this.resourcePermission = str;
            this.requestPermissionProvider = permissionRequestProvider;
        }

        public void filter(ContainerRequestContext containerRequestContext) throws IOException {
            if (!authorize(containerRequestContext, this.resourcePermission)) {
                throw new ForbiddenException(LocalizationMessages.USER_NOT_AUTHORIZED());
            }
        }

        private boolean authorize(ContainerRequestContext containerRequestContext, String str) {
            Collection<String> correspondingPermissions = this.requestPermissionProvider.correspondingPermissions(containerRequestContext);
            boolean contains = correspondingPermissions.contains(str);
            if (!contains) {
                PermissionFeature.logger.warn("Unauthorized access to {} by {}, required permission '{}' not found among {}", new Object[]{containerRequestContext.getUriInfo().getAbsolutePath(), this.requestPermissionProvider.userInformation(containerRequestContext), str, correspondingPermissions});
            }
            return contains;
        }
    }

    public PermissionFeature(PermissionRequestProvider permissionRequestProvider, Class<A> cls, Function<A, String> function) {
        this.requestPermissionProvider = permissionRequestProvider;
        this.permissionAnnotationType = cls;
        this.permissionAnnotationExtractor = function;
    }

    public static PermissionFeature<RestrictTo> restrictTo(PermissionRequestProvider permissionRequestProvider) {
        return new PermissionFeature<>(permissionRequestProvider, RestrictTo.class, (v0) -> {
            return v0.value();
        });
    }

    public void configure(ResourceInfo resourceInfo, FeatureContext featureContext) {
        if (addPermissionFilter(resourceInfo.getResourceMethod(), featureContext)) {
            return;
        }
        addPermissionFilter(resourceInfo.getResourceClass(), featureContext);
    }

    private boolean addPermissionFilter(AnnotatedElement annotatedElement, FeatureContext featureContext) {
        Annotation annotation = annotatedElement.getAnnotation(this.permissionAnnotationType);
        if (annotation == null) {
            return false;
        }
        featureContext.register(new PermissionRequestFilter((String) this.permissionAnnotationExtractor.apply(annotation), this.requestPermissionProvider));
        return true;
    }
}
