package org.jboss.errai.bus.server.security.auth.rules;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.jboss.errai.bus.client.api.ErrorCallback;
import org.jboss.errai.bus.client.api.Message;
import org.jboss.errai.bus.client.api.base.MessageBuilder;
import org.jboss.errai.bus.client.framework.BooleanRoutingRule;
import org.jboss.errai.bus.client.protocols.MessageParts;
import org.jboss.errai.bus.client.protocols.SecurityCommands;
import org.jboss.errai.bus.client.protocols.SecurityParts;
import org.jboss.errai.bus.server.QueueSession;
import org.jboss.errai.bus.server.ServerMessageBus;
import org.jboss.errai.bus.server.security.auth.AuthSubject;
import org.jboss.errai.bus.server.service.ErraiService;
import org.jboss.errai.bus.server.util.ErrorHelper;
import org.jboss.errai.bus.server.util.ServerBusUtils;

/* loaded from: input_file:WEB-INF/lib/errai-bus-1.0-SNAPSHOT.jar:org/jboss/errai/bus/server/security/auth/rules/RolesRequiredRule.class */
public class RolesRequiredRule implements BooleanRoutingRule {
    private Set<Object> requiredRoles;
    private ServerMessageBus bus;

    public RolesRequiredRule(String[] strArr, ServerMessageBus serverMessageBus) {
        this.requiredRoles = new HashSet();
        for (String str : strArr) {
            this.requiredRoles.add(str.trim());
        }
        this.bus = serverMessageBus;
    }

    public RolesRequiredRule(Set<Object> set, ServerMessageBus serverMessageBus) {
        this.requiredRoles = set;
        this.bus = serverMessageBus;
    }

    @Override // org.jboss.errai.bus.client.framework.BooleanRoutingRule
    public boolean decision(Message message) {
        if (!message.hasResource("Session")) {
            return false;
        }
        AuthSubject authSubject = (AuthSubject) getSession(message).getAttribute(AuthSubject.class, ErraiService.SESSION_AUTH_DATA);
        if (authSubject == null) {
            MessageBuilder.createMessage().toSubject("LoginClient").command(SecurityCommands.SecurityChallenge).with(SecurityParts.CredentialsRequired, "Name,Password").with(MessageParts.ReplyTo, ErraiService.AUTHORIZATION_SVC_SUBJECT).with(SecurityParts.RejectedMessage, ServerBusUtils.encodeJSON(message.getParts())).copyResource("Session", message).errorsHandledBy(new ErrorCallback() { // from class: org.jboss.errai.bus.server.security.auth.rules.RolesRequiredRule.1
                @Override // org.jboss.errai.bus.client.api.ErrorCallback
                public boolean error(Message message2, Throwable th) {
                    ErrorHelper.sendClientError(RolesRequiredRule.this.bus, message2, "Could not contact LoginClient to handle access denial, due to insufficient privileges for: " + message2.getSubject(), th);
                    return false;
                }
            }).sendNowWith(this.bus, false);
            return false;
        }
        if (authSubject.getRoles().containsAll(this.requiredRoles)) {
            return true;
        }
        MessageBuilder.createConversation(message).toSubject("ClientErrorService").signalling().with(MessageParts.ErrorMessage, "Access denied to service: " + ((String) message.get(String.class, MessageParts.ToSubject)) + " (Required Roles: [" + getRequiredRolesString() + "])").noErrorHandling().sendNowWith(this.bus);
        return false;
    }

    private String getRequiredRolesString() {
        StringBuilder sb = new StringBuilder();
        Iterator<Object> it = this.requiredRoles.iterator();
        while (it.hasNext()) {
            sb.append(String.valueOf(it.next()));
            if (it.hasNext()) {
                sb.append(", ");
            }
        }
        return sb.toString();
    }

    private static QueueSession getSession(Message message) {
        return (QueueSession) message.getResource(QueueSession.class, "Session");
    }
}
