package org.jboss.errai.security.server;

import java.lang.reflect.Method;
import java.util.Arrays;
import javax.inject.Inject;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;
import org.jboss.errai.security.shared.api.annotation.RestrictedAccess;
import org.jboss.errai.security.shared.api.identity.User;
import org.jboss.errai.security.shared.exception.UnauthenticatedException;
import org.jboss.errai.security.shared.exception.UnauthorizedException;
import org.jboss.errai.security.shared.service.AuthenticationService;

@RestrictedAccess
@Interceptor
/* loaded from: input_file:WEB-INF/lib/errai-security-server-3.0-SNAPSHOT.jar:org/jboss/errai/security/server/ServerSecurityRoleInterceptor.class */
public class ServerSecurityRoleInterceptor {
    private final AuthenticationService authenticationService;

    @Inject
    public ServerSecurityRoleInterceptor(AuthenticationService authenticationService) {
        this.authenticationService = authenticationService;
    }

    @AroundInvoke
    public Object aroundInvoke(InvocationContext invocationContext) throws Exception {
        User user = this.authenticationService.getUser();
        RestrictedAccess restrictedAccessAnnotation = getRestrictedAccessAnnotation(invocationContext.getTarget().getClass(), invocationContext.getMethod());
        if (User.ANONYMOUS.equals(user)) {
            throw new UnauthenticatedException();
        }
        if (user.hasAllRoles(restrictedAccessAnnotation.roles())) {
            return invocationContext.proceed();
        }
        throw new UnauthorizedException();
    }

    private RestrictedAccess getRestrictedAccessAnnotation(Class<?> cls, Method method) {
        RestrictedAccess restrictedAccess = (RestrictedAccess) method.getAnnotation(RestrictedAccess.class);
        if (restrictedAccess != null) {
            return restrictedAccess;
        }
        RestrictedAccess restrictedAccess2 = (RestrictedAccess) method.getDeclaringClass().getAnnotation(RestrictedAccess.class);
        if (restrictedAccess2 != null) {
            return restrictedAccess2;
        }
        Class<?>[] interfaces = cls.getInterfaces();
        int length = interfaces.length;
        for (int i = 0; i < length && restrictedAccess2 == null; i++) {
            restrictedAccess2 = getRestrictedAccess(interfaces[i], method);
        }
        if (restrictedAccess2 == null) {
            throw new IllegalArgumentException(String.format("Could not @RestrictedAccess annotation on method (%s), class (%s), or interfaces.", method.getName(), method.getDeclaringClass().getCanonicalName()));
        }
        return restrictedAccess2;
    }

    private RestrictedAccess getRestrictedAccess(Class<?> cls, Method method) {
        for (Method method2 : cls.getMethods()) {
            RestrictedAccess restrictAccess = getRestrictAccess(method, method2);
            if (restrictAccess != null) {
                return restrictAccess;
            }
        }
        return null;
    }

    private RestrictedAccess getRestrictAccess(Method method, Method method2) {
        RestrictedAccess restrictedAccess = null;
        if (method.getName().equals(method2.getName()) && Arrays.equals(method.getParameterTypes(), method2.getParameterTypes())) {
            restrictedAccess = (RestrictedAccess) method2.getAnnotation(RestrictedAccess.class);
        }
        return restrictedAccess;
    }
}
