package org.jboss.errai.security.server;

import java.lang.reflect.AnnotatedElement;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Set;
import javax.inject.Inject;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;
import org.jboss.errai.security.shared.api.Role;
import org.jboss.errai.security.shared.api.annotation.RestrictedAccess;
import org.jboss.errai.security.shared.api.identity.User;
import org.jboss.errai.security.shared.exception.UnauthenticatedException;
import org.jboss.errai.security.shared.exception.UnauthorizedException;
import org.jboss.errai.security.shared.service.AuthenticationService;
import org.jboss.errai.security.shared.spi.RequiredRolesExtractor;
import org.jboss.errai.security.shared.util.AnnotationUtils;

@RestrictedAccess
@Interceptor
/* loaded from: input_file:WEB-INF/lib/errai-security-server-4.6.0.Final-redhat-00004.jar:org/jboss/errai/security/server/ServerSecurityRoleInterceptor.class */
public class ServerSecurityRoleInterceptor {
    private final AuthenticationService authenticationService;
    private final RequiredRolesExtractor roleExtractor;

    public ServerSecurityRoleInterceptor() {
        this.authenticationService = null;
        this.roleExtractor = null;
        throw new IllegalStateException("This default no-arg constructor exists to ensure Java EE 6+ compliance and should never be called!");
    }

    @Inject
    public ServerSecurityRoleInterceptor(AuthenticationService authenticationService, RequiredRolesExtractor requiredRolesExtractor) {
        this.authenticationService = authenticationService;
        this.roleExtractor = requiredRolesExtractor;
    }

    @AroundInvoke
    public Object aroundInvoke(InvocationContext invocationContext) throws Exception {
        User user = this.authenticationService.getUser();
        Set<Role> mergeRoles = AnnotationUtils.mergeRoles(this.roleExtractor, getRestrictedAccessAnnotations(invocationContext.getTarget().getClass(), invocationContext.getMethod()));
        if (User.ANONYMOUS.equals(user)) {
            throw new UnauthenticatedException();
        }
        if (user.getRoles().containsAll(mergeRoles)) {
            return invocationContext.proceed();
        }
        throw new UnauthorizedException();
    }

    private Collection<RestrictedAccess> getRestrictedAccessAnnotations(Class<?> cls, Method method) {
        ArrayList arrayList = new ArrayList();
        addRestrictedAccessIfPresent(method, arrayList);
        addRestrictedAccessIfPresent(method.getDeclaringClass(), arrayList);
        for (Class<?> cls2 : cls.getInterfaces()) {
            arrayList.addAll(getRestrictedAccessFromRelevantInterface(cls2, method));
        }
        if (arrayList.isEmpty()) {
            throw new IllegalArgumentException(String.format("Could not find any @RestrictedAccess annotations on method (%s), class (%s), or interfaces.", method.getName(), method.getDeclaringClass().getCanonicalName()));
        }
        return arrayList;
    }

    private Collection<RestrictedAccess> getRestrictedAccessFromRelevantInterface(Class<?> cls, Method method) {
        ArrayList arrayList = new ArrayList();
        Method[] methods = cls.getMethods();
        int length = methods.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            Method method2 = methods[i];
            if (isMatchingMethod(method, method2)) {
                addRestrictedAccessIfPresent(method2, arrayList);
                addRestrictedAccessIfPresent(cls, arrayList);
                break;
            }
            i++;
        }
        return arrayList;
    }

    private boolean isMatchingMethod(Method method, Method method2) {
        return method.getName().equals(method2.getName()) && Arrays.equals(method.getParameterTypes(), method2.getParameterTypes());
    }

    private void addRestrictedAccessIfPresent(AnnotatedElement annotatedElement, Collection<RestrictedAccess> collection) {
        RestrictedAccess restrictedAccess = (RestrictedAccess) annotatedElement.getAnnotation(RestrictedAccess.class);
        if (restrictedAccess != null) {
            collection.add(restrictedAccess);
        }
    }
}
