package org.jboss.errai.security.client.local.interceptors;

import java.lang.annotation.Annotation;
import java.util.Set;
import javax.enterprise.context.Dependent;
import javax.inject.Inject;
import org.jboss.errai.common.client.api.ErrorCallback;
import org.jboss.errai.common.client.api.RemoteCallback;
import org.jboss.errai.common.client.api.interceptor.FeatureInterceptor;
import org.jboss.errai.common.client.api.interceptor.RemoteCallContext;
import org.jboss.errai.common.client.api.interceptor.RemoteCallInterceptor;
import org.jboss.errai.security.client.local.api.SecurityContext;
import org.jboss.errai.security.shared.api.Role;
import org.jboss.errai.security.shared.api.annotation.RestrictedAccess;
import org.jboss.errai.security.shared.exception.UnauthenticatedException;
import org.jboss.errai.security.shared.exception.UnauthorizedException;
import org.jboss.errai.security.shared.spi.RequiredRolesExtractor;
import org.jboss.errai.security.shared.util.AnnotationUtils;

@FeatureInterceptor({RestrictedAccess.class})
@Dependent
/* loaded from: input_file:WEB-INF/lib/errai-security-client-4.0.1.Beta2.jar:org/jboss/errai/security/client/local/interceptors/ClientSecurityRoleInterceptor.class */
public class ClientSecurityRoleInterceptor implements RemoteCallInterceptor<RemoteCallContext> {
    private final SecurityContext securityContext;
    private final RequiredRolesExtractor roleExtractor;

    public ClientSecurityRoleInterceptor() {
        this.securityContext = null;
        this.roleExtractor = null;
    }

    @Inject
    public ClientSecurityRoleInterceptor(SecurityContext securityContext, RequiredRolesExtractor requiredRolesExtractor) {
        this.securityContext = securityContext;
        this.roleExtractor = requiredRolesExtractor;
    }

    @Override // org.jboss.errai.common.client.api.interceptor.RemoteCallInterceptor
    public void aroundInvoke(RemoteCallContext remoteCallContext) {
        securityCheck(AnnotationUtils.mergeRoles(this.roleExtractor, getRestrictedAccessAnnotation(remoteCallContext.getTypeAnnotations()), getRestrictedAccessAnnotation(remoteCallContext.getAnnotations())), remoteCallContext);
    }

    private void securityCheck(Set<Role> set, final RemoteCallContext remoteCallContext) {
        if (!this.securityContext.isUserCacheValid()) {
            remoteCallContext.proceed();
        } else {
            if (!this.securityContext.hasCachedUser()) {
                throw new UnauthenticatedException();
            }
            if (!this.securityContext.getCachedUser().getRoles().containsAll(set)) {
                throw new UnauthorizedException();
            }
            remoteCallContext.proceed(new RemoteCallback<Object>() { // from class: org.jboss.errai.security.client.local.interceptors.ClientSecurityRoleInterceptor.1
                @Override // org.jboss.errai.common.client.api.RemoteCallback
                public void callback(Object obj) {
                    remoteCallContext.setResult(obj);
                }
            }, new ErrorCallback<Object>() { // from class: org.jboss.errai.security.client.local.interceptors.ClientSecurityRoleInterceptor.2
                @Override // org.jboss.errai.common.client.api.ErrorCallback
                public boolean error(Object obj, Throwable th) {
                    if (!(th instanceof UnauthenticatedException)) {
                        return true;
                    }
                    ClientSecurityRoleInterceptor.this.securityContext.invalidateCache();
                    return true;
                }
            });
        }
    }

    private RestrictedAccess getRestrictedAccessAnnotation(Annotation[] annotationArr) {
        for (Annotation annotation : annotationArr) {
            if (annotation instanceof RestrictedAccess) {
                return (RestrictedAccess) annotation;
            }
        }
        return null;
    }
}
