package com.github.phillipkruger.microprofileextentions.jwt;

import java.io.Serializable;
import java.lang.reflect.InvocationTargetException;
import java.security.Principal;
import java.util.Arrays;
import java.util.Iterator;
import java.util.logging.Logger;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.SecurityContext;
import org.apache.commons.beanutils.PropertyUtils;

@UserAccess
@Interceptor
/* loaded from: input_file:com/github/phillipkruger/microprofileextentions/jwt/UserAccessInterceptor.class */
public class UserAccessInterceptor implements Serializable {
    private static final Logger log = Logger.getLogger(UserAccessInterceptor.class.getName());

    @Context
    private SecurityContext securityContext;

    @AroundInvoke
    public Object intercept(InvocationContext invocationContext) throws Exception {
        Object proceed = invocationContext.proceed();
        if (proceed == null) {
            return proceed;
        }
        UserAccess userAccess = (UserAccess) invocationContext.getMethod().getAnnotation(UserAccess.class);
        if (shouldIgnore(userAccess.ignoreGroups())) {
            return proceed;
        }
        Principal userPrincipal = this.securityContext.getUserPrincipal();
        if (userPrincipal == null || userPrincipal.getName() == null || userPrincipal.getName().isEmpty()) {
            throw new NotAuthorizedException("No user logged in. Not authorized to request " + invocationContext.getMethod().getName(), new Object[0]);
        }
        String str = proceed;
        String pathToUserName = userAccess.pathToUserName();
        if (pathToUserName != null && !pathToUserName.isEmpty()) {
            str = getPropertyValue(proceed, pathToUserName).toString();
        }
        if (str.equals(userPrincipal.getName())) {
            return proceed;
        }
        throw new NotAuthorizedException("User [" + userPrincipal.getName() + "] not authorized to request " + invocationContext.getMethod().getName(), new Object[0]);
    }

    private boolean shouldIgnore(String[] strArr) {
        if (strArr == null || strArr.length <= 0) {
            return false;
        }
        Iterator it = Arrays.asList(strArr).iterator();
        while (it.hasNext()) {
            if (this.securityContext.isUserInRole((String) it.next())) {
                return true;
            }
        }
        return false;
    }

    private Object getPropertyValue(Object obj, String str) {
        try {
            return PropertyUtils.getProperty(obj, str);
        } catch (IllegalAccessException | IllegalArgumentException | NoSuchMethodException | InvocationTargetException e) {
            throw new RuntimeException(e);
        }
    }
}
