package org.spf4j.jaxrs.server.security.providers;

import java.lang.reflect.Method;
import java.util.function.Consumer;
import javax.annotation.Priority;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.ext.Provider;

@Provider
@Priority(2000)
/* loaded from: input_file:org/spf4j/jaxrs/server/security/providers/AnnotationAuthorizationFilter.class */
public final class AnnotationAuthorizationFilter implements ContainerRequestFilter {
    private static final Response ACCESS_UNAUTHENTICATED = Response.status(Response.Status.UNAUTHORIZED).build();
    private static final Response ACCESS_FORBIDDEN = Response.status(Response.Status.FORBIDDEN).build();
    private final Consumer<ContainerRequestContext> validator;

    public AnnotationAuthorizationFilter(@Context ResourceInfo resourceInfo) {
        Method resourceMethod = resourceInfo.getResourceMethod();
        if (resourceMethod.isAnnotationPresent(DenyAll.class)) {
            this.validator = containerRequestContext -> {
                containerRequestContext.abortWith(ACCESS_FORBIDDEN);
            };
            return;
        }
        if (resourceMethod.isAnnotationPresent(PermitAll.class)) {
            this.validator = containerRequestContext2 -> {
            };
            return;
        }
        RolesAllowed annotation = resourceMethod.getAnnotation(RolesAllowed.class);
        if (annotation != null) {
            String[] value = annotation.value();
            this.validator = containerRequestContext3 -> {
                SecurityContext securityContext = containerRequestContext3.getSecurityContext();
                if (securityContext == null) {
                    containerRequestContext3.abortWith(ACCESS_UNAUTHENTICATED);
                }
                boolean z = false;
                int length = value.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    if (!securityContext.isUserInRole(value[i])) {
                        z = true;
                        break;
                    }
                    i++;
                }
                if (z) {
                    return;
                }
                containerRequestContext3.abortWith(ACCESS_FORBIDDEN);
            };
        } else if (resourceInfo.getResourceClass().isAnnotationPresent(PermitAll.class)) {
            this.validator = containerRequestContext4 -> {
            };
        } else {
            this.validator = containerRequestContext5 -> {
                containerRequestContext5.abortWith(ACCESS_FORBIDDEN);
            };
        }
    }

    public void filter(ContainerRequestContext containerRequestContext) {
        this.validator.accept(containerRequestContext);
    }

    public String toString() {
        return "AnnotationAuthorizationFilter{validator=" + this.validator + '}';
    }
}
