package com.mobi.web.security.jaxrs.provider.impl;

import com.mobi.web.security.jaxrs.provider.AuthenticationHandler;
import com.mobi.web.security.jaxrs.provider.AuthorizationHandler;
import com.mobi.web.security.util.api.SecurityHelper;
import java.lang.reflect.Method;
import java.security.Principal;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.annotation.Priority;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ServiceScope;

@Provider
@Priority(999)
@Component(scope = ServiceScope.PROTOTYPE, property = {"osgi.jaxrs.extension=true"})
/* loaded from: input_file:com/mobi/web/security/jaxrs/provider/impl/AuthFilter.class */
public class AuthFilter implements ContainerRequestFilter {

    @Context
    protected ResourceInfo resourceInfo;

    @Reference
    protected AuthenticationHandler authenticationHandler;

    @Reference
    protected AuthorizationHandler authorizationHandler;
    private final Map<String, SecurityHelper> helpers = new HashMap();

    @Reference(cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC)
    void addSecurityHelper(SecurityHelper securityHelper) {
        this.helpers.put(securityHelper.getClass().getSimpleName(), securityHelper);
    }

    void removeSecurityHelper(SecurityHelper securityHelper) {
        this.helpers.remove(securityHelper.getClass().getSimpleName());
    }

    public void filter(ContainerRequestContext containerRequestContext) {
        Method resourceMethod = this.resourceInfo.getResourceMethod();
        Principal authenticate = this.authenticationHandler.authenticate(containerRequestContext);
        if (!resourceMethod.isAnnotationPresent(RolesAllowed.class)) {
            if (authenticate != null) {
                setSecurityContext(authenticate, containerRequestContext);
            }
        } else {
            if (authenticate == null) {
                containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
                return;
            }
            setSecurityContext(authenticate, containerRequestContext);
            if (isUserAllowed(new HashSet(Arrays.asList(resourceMethod.getAnnotation(RolesAllowed.class).value())), authenticate)) {
                return;
            }
            containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
        }
    }

    private void setSecurityContext(Principal principal, ContainerRequestContext containerRequestContext) {
        containerRequestContext.setSecurityContext(new SecurityContextImpl(this.authenticationHandler.getAuthenticationScheme(), principal, containerRequestContext.getUriInfo().getRequestUri().getScheme().equals("https"), this.authorizationHandler));
    }

    private boolean isUserAllowed(Set<String> set, Principal principal) {
        for (SecurityHelper securityHelper : this.helpers.values()) {
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                if (securityHelper.isUserInRole(principal, it.next())) {
                    return true;
                }
            }
        }
        return false;
    }
}
