package com.predic8.membrane.core.interceptor.oauth2client;

import com.predic8.membrane.annot.MCAttribute;
import com.predic8.membrane.annot.MCChildElement;
import com.predic8.membrane.annot.MCElement;
import com.predic8.membrane.annot.Required;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.AbstractInterceptor;
import com.predic8.membrane.core.interceptor.Outcome;
import com.predic8.membrane.core.interceptor.oauth2.OAuth2AnswerParameters;
import java.util.List;
import java.util.function.Function;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.expression.EvaluationContext;
import org.springframework.expression.Expression;
import org.springframework.expression.spel.SpelCompilerMode;
import org.springframework.expression.spel.SpelParserConfiguration;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.expression.spel.support.StandardEvaluationContext;

@MCElement(name = "oauth2PermissionChecker")
/* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.5.6.jar:com/predic8/membrane/core/interceptor/oauth2client/OAuth2PermissionCheckerInterceptor.class */
public class OAuth2PermissionCheckerInterceptor extends AbstractInterceptor {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OAuth2PermissionCheckerInterceptor.class);
    private final SpelParserConfiguration spelConfig = new SpelParserConfiguration(SpelCompilerMode.IMMEDIATE, getClass().getClassLoader());
    String expression;
    ValueSource valueSource;
    Function<Object, Boolean> valueChecker;

    /* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.5.6.jar:com/predic8/membrane/core/interceptor/oauth2client/OAuth2PermissionCheckerInterceptor$ExpressionContext.class */
    public static class ExpressionContext {
        private final List list;

        public ExpressionContext(List list) {
            this.list = list;
        }

        public boolean contains(Object obj) {
            return this.list.contains(obj);
        }
    }

    @MCElement(topLevel = false, name = "userInfo")
    /* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.5.6.jar:com/predic8/membrane/core/interceptor/oauth2client/OAuth2PermissionCheckerInterceptor$UserInfoValueSource.class */
    public static class UserInfoValueSource extends ValueSource {
        String field;

        public String getField() {
            return this.field;
        }

        @MCAttribute
        @Required
        public void setField(String str) {
            this.field = str;
        }

        @Override // com.predic8.membrane.core.interceptor.oauth2client.OAuth2PermissionCheckerInterceptor.ValueSource
        public Object evaluate(Exchange exchange) {
            Object property = exchange.getProperty(Exchange.OAUTH2);
            if (property == null) {
                return null;
            }
            return ((OAuth2AnswerParameters) property).getUserinfo().get("groups");
        }
    }

    /* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.5.6.jar:com/predic8/membrane/core/interceptor/oauth2client/OAuth2PermissionCheckerInterceptor$ValueSource.class */
    public static abstract class ValueSource {
        public abstract Object evaluate(Exchange exchange);
    }

    public String getExpression() {
        return this.expression;
    }

    @MCAttribute
    public void setExpression(String str) {
        this.expression = str;
    }

    public ValueSource getValueSource() {
        return this.valueSource;
    }

    @MCChildElement(order = 50)
    public void setValueSource(ValueSource valueSource) {
        this.valueSource = valueSource;
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor
    public void init() throws Exception {
        this.valueChecker = createChecker(this.expression);
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public Outcome handleRequest(Exchange exchange) throws Exception {
        Object evaluate = this.valueSource.evaluate(exchange);
        if (this.valueChecker.apply(evaluate).booleanValue()) {
            return super.handleRequest(exchange);
        }
        log.warn("OAuth2 permission check " + this.expression + " failed on value " + evaluate);
        exchange.setResponse(Response.forbidden().build());
        return Outcome.RETURN;
    }

    private Function<Object, Boolean> createChecker(String str) {
        Expression parseExpression = new SpelExpressionParser(this.spelConfig).parseExpression(str);
        return obj -> {
            if (obj instanceof List) {
                return (Boolean) parseExpression.getValue((EvaluationContext) new StandardEvaluationContext(new ExpressionContext((List) obj)), Boolean.class);
            }
            return false;
        };
    }
}
