package org.endeavourhealth.common.security;

import java.io.IOException;
import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import javax.annotation.Priority;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.DynamicFeature;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.FeatureContext;
import javax.ws.rs.ext.Provider;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/security-1.0-20170818.142221-3.jar:org/endeavourhealth/common/security/CustomRolesAllowedFeature.class
 */
@Provider
/* loaded from: input_file:WEB-INF/lib/security-1.0-SNAPSHOT.jar:org/endeavourhealth/common/security/CustomRolesAllowedFeature.class */
public class CustomRolesAllowedFeature implements DynamicFeature {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) CustomRolesAllowedFeature.class);

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/security-1.0-20170818.142221-3.jar:org/endeavourhealth/common/security/CustomRolesAllowedFeature$RolesAllowedRequestFilter.class
     */
    @Priority(2000)
    /* loaded from: input_file:WEB-INF/lib/security-1.0-SNAPSHOT.jar:org/endeavourhealth/common/security/CustomRolesAllowedFeature$RolesAllowedRequestFilter.class */
    private static class RolesAllowedRequestFilter implements ContainerRequestFilter {
        private final boolean denyAll;
        private final String[] rolesAllowed;

        RolesAllowedRequestFilter() {
            this.denyAll = true;
            this.rolesAllowed = null;
        }

        RolesAllowedRequestFilter(String[] strArr) {
            this.denyAll = false;
            this.rolesAllowed = strArr != null ? strArr : new String[0];
        }

        @Override // javax.ws.rs.container.ContainerRequestFilter
        public void filter(ContainerRequestContext containerRequestContext) throws IOException {
            if (!this.denyAll) {
                if (this.rolesAllowed.length > 0 && !isAuthenticated(containerRequestContext)) {
                    throw new ForbiddenException("Not Authorized");
                }
                String currentUserOrganisationId = SecurityUtils.getCurrentUserOrganisationId(containerRequestContext);
                if (StringUtils.isBlank(currentUserOrganisationId)) {
                    currentUserOrganisationId = OrgRoles.ROOT_ORGANISATION_ID;
                }
                if (SecurityUtils.hasOrganisationRole(containerRequestContext.getSecurityContext(), currentUserOrganisationId, this.rolesAllowed)) {
                    return;
                }
            }
            throw new ForbiddenException("Not Authorized");
        }

        private static boolean isAuthenticated(ContainerRequestContext containerRequestContext) {
            return containerRequestContext.getSecurityContext().getUserPrincipal() != null;
        }
    }

    @Override // javax.ws.rs.container.DynamicFeature
    public void configure(ResourceInfo resourceInfo, FeatureContext featureContext) {
        RolesAllowed rolesAllowed;
        Method resourceMethod = resourceInfo.getResourceMethod();
        if (resourceMethod.isAnnotationPresent(DenyAll.class)) {
            featureContext.register2(new RolesAllowedRequestFilter());
            return;
        }
        RolesAllowed rolesAllowed2 = (RolesAllowed) resourceMethod.getAnnotation(RolesAllowed.class);
        if (rolesAllowed2 == null) {
            for (Annotation annotation : resourceMethod.getDeclaredAnnotations()) {
                if (annotation.getClass().getName().contains("org.endeavourhealth.core.security.annotations") || annotation.toString().contains("org.endeavourhealth.core.security.annotations")) {
                    rolesAllowed2 = (RolesAllowed) annotation.getClass().getAnnotation(RolesAllowed.class);
                    if (rolesAllowed2 == null) {
                        rolesAllowed2 = (RolesAllowed) annotation.annotationType().getAnnotation(RolesAllowed.class);
                    }
                }
            }
        }
        if (rolesAllowed2 != null) {
            featureContext.register2(new RolesAllowedRequestFilter(rolesAllowed2.value()));
        } else {
            if (resourceMethod.isAnnotationPresent(PermitAll.class) || (rolesAllowed = (RolesAllowed) resourceInfo.getResourceClass().getAnnotation(RolesAllowed.class)) == null) {
                return;
            }
            featureContext.register2(new RolesAllowedRequestFilter(rolesAllowed.value()));
        }
    }
}
