package com.oneandone.iocunit.resteasy.auth;

import com.oneandone.iocunit.InterceptorBase;
import com.oneandone.iocunit.resteasy.IocUnitSecurityContext;
import com.oneandone.iocunit.util.Annotations;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Stack;
import javax.annotation.Priority;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.annotation.security.RunAs;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;
import javax.ws.rs.NotAuthorizedException;

@Priority(100)
@Interceptor
@RestEasyAuthorized
/* loaded from: input_file:com/oneandone/iocunit/resteasy/auth/AuthInterceptor.class */
public class AuthInterceptor extends InterceptorBase {

    @Inject
    Instance<IocUnitSecurityContext> securityContext;
    ThreadLocal<Stack<List<String>>> runAsStack = new ThreadLocal<>();

    @AroundInvoke
    public Object manageSecurity(InvocationContext invocationContext) throws Exception {
        boolean z = false;
        try {
            Class<?> declaringClass = invocationContext.getMethod().getDeclaringClass();
            if (Annotations.getMethodAnnotation(declaringClass, invocationContext.getMethod(), PermitAll.class) != null || this.securityContext == null || this.securityContext.isUnsatisfied() || this.securityContext.isAmbiguous()) {
                Object proceed = invocationContext.proceed();
                if (0 != 0) {
                    ((IocUnitSecurityContext) this.securityContext.get()).setRoles(this.runAsStack.get().pop());
                }
                return proceed;
            }
            if (Annotations.getMethodAnnotation(declaringClass, invocationContext.getMethod(), DenyAll.class) != null) {
                throw new NotAuthorizedException("DenyAll on " + invocationContext.getMethod().getName(), new Object[0]);
            }
            List findAnnotations = Annotations.findAnnotations(declaringClass, RunAs.class);
            if (!findAnnotations.isEmpty()) {
                if (findAnnotations.size() != 1) {
                    throw new RuntimeException("Invalid multiple RunAs in " + declaringClass.getName());
                }
                String value = ((RunAs) findAnnotations.get(0)).value();
                if (!((IocUnitSecurityContext) this.securityContext.get()).isUserInRole(value)) {
                    throw new NotAuthorizedException("RunAs and user not in role " + value, new Object[0]);
                }
                this.runAsStack.get().push(((IocUnitSecurityContext) this.securityContext.get()).getRoles());
                z = true;
                ArrayList arrayList = new ArrayList();
                arrayList.add(value);
                ((IocUnitSecurityContext) this.securityContext.get()).setRoles(arrayList);
            }
            RolesAllowed methodAnnotation = Annotations.getMethodAnnotation(declaringClass, invocationContext.getMethod(), RolesAllowed.class);
            if (methodAnnotation != null) {
                for (String str : methodAnnotation.value()) {
                    if (((IocUnitSecurityContext) this.securityContext.get()).isUserInRole(str)) {
                        Object proceed2 = invocationContext.proceed();
                        if (z) {
                            ((IocUnitSecurityContext) this.securityContext.get()).setRoles(this.runAsStack.get().pop());
                        }
                        return proceed2;
                    }
                }
                throw new NotAuthorizedException("User not in roles " + methodAnnotation, new Object[0]);
            }
            Class targetClass = getTargetClass(invocationContext);
            if (!Annotations.findAnnotations(targetClass, PermitAll.class).isEmpty()) {
                Object proceed3 = invocationContext.proceed();
                if (z) {
                    ((IocUnitSecurityContext) this.securityContext.get()).setRoles(this.runAsStack.get().pop());
                }
                return proceed3;
            }
            if (!Annotations.findAnnotations(targetClass, DenyAll.class).isEmpty()) {
                throw new NotAuthorizedException("DenyAll on " + targetClass.getName(), new Object[0]);
            }
            List findAnnotations2 = Annotations.findAnnotations(targetClass, RolesAllowed.class);
            if (findAnnotations2.isEmpty()) {
                Object proceed4 = invocationContext.proceed();
                if (z) {
                    ((IocUnitSecurityContext) this.securityContext.get()).setRoles(this.runAsStack.get().pop());
                }
                return proceed4;
            }
            Iterator it = findAnnotations2.iterator();
            while (it.hasNext()) {
                for (String str2 : ((RolesAllowed) it.next()).value()) {
                    if (((IocUnitSecurityContext) this.securityContext.get()).isUserInRole(str2)) {
                        Object proceed5 = invocationContext.proceed();
                        if (z) {
                            ((IocUnitSecurityContext) this.securityContext.get()).setRoles(this.runAsStack.get().pop());
                        }
                        return proceed5;
                    }
                }
            }
            throw new NotAuthorizedException("User not in roles " + findAnnotations2, new Object[0]);
        } catch (Throwable th) {
            if (0 != 0) {
                ((IocUnitSecurityContext) this.securityContext.get()).setRoles(this.runAsStack.get().pop());
            }
            throw th;
        }
    }
}
