package org.picketbox.deltaspike.authorization;

import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import javax.enterprise.context.ApplicationScoped;
import javax.interceptor.InvocationContext;
import org.apache.deltaspike.security.api.Identity;
import org.apache.deltaspike.security.api.authorization.annotation.Secures;
import org.picketbox.core.PicketBoxSubject;
import org.picketbox.deltaspike.PicketBoxUser;

@ApplicationScoped
/* loaded from: input_file:org/picketbox/deltaspike/authorization/AuthorizationManager.class */
public class AuthorizationManager {
    @Secures
    @RestrictedRoles
    public boolean restrictRoles(InvocationContext invocationContext, Identity identity) {
        if (!identity.isLoggedIn()) {
            return false;
        }
        PicketBoxSubject subject = ((PicketBoxUser) identity.getUser()).getSubject();
        for (String str : getRestrictedRoles(invocationContext)) {
            if (subject.hasRole(str)) {
                return true;
            }
        }
        return false;
    }

    @Secures
    @UserLoggedIn
    public boolean isUserLoggedIn(InvocationContext invocationContext, Identity identity) {
        return identity.isLoggedIn();
    }

    private String[] getRestrictedRoles(InvocationContext invocationContext) {
        RestrictedRoles restrictedRoles = (RestrictedRoles) getDeclaredAnnotation(RestrictedRoles.class, invocationContext);
        return restrictedRoles != null ? restrictedRoles.value() : new String[0];
    }

    private Annotation getDeclaredAnnotation(Class<? extends Annotation> cls, InvocationContext invocationContext) {
        Method method = invocationContext.getMethod();
        Class<?> declaringClass = method.getDeclaringClass();
        if (method.isAnnotationPresent(RestrictedRoles.class)) {
            return method.getAnnotation(RestrictedRoles.class);
        }
        if (declaringClass.isAnnotationPresent(RestrictedRoles.class)) {
            return declaringClass.getAnnotation(RestrictedRoles.class);
        }
        return null;
    }
}
