package org.picketbox.cdi.authorization;

import javax.enterprise.context.ApplicationScoped;
import javax.interceptor.InvocationContext;
import org.apache.deltaspike.security.api.authorization.annotation.Secures;
import org.picketbox.cdi.PicketBoxIdentity;
import org.picketbox.cdi.util.AnnotationUtil;
import org.picketlink.Identity;

@ApplicationScoped
/* loaded from: input_file:org/picketbox/cdi/authorization/AuthorizationManager.class */
public class AuthorizationManager {
    @Secures
    @RolesAllowed
    public boolean restrictRoles(InvocationContext invocationContext, PicketBoxIdentity picketBoxIdentity) {
        if (!picketBoxIdentity.isLoggedIn()) {
            return false;
        }
        for (String str : getRestrictedRoles(invocationContext)) {
            if (picketBoxIdentity.hasRole(str)) {
                return true;
            }
        }
        return false;
    }

    @Secures
    @UserLoggedIn
    public boolean isUserLoggedIn(InvocationContext invocationContext, Identity identity) {
        return identity.isLoggedIn();
    }

    private String[] getRestrictedRoles(InvocationContext invocationContext) {
        RolesAllowed rolesAllowed = (RolesAllowed) AnnotationUtil.getDeclaredAnnotation(RolesAllowed.class, invocationContext);
        return rolesAllowed != null ? rolesAllowed.value() : new String[0];
    }
}
