package org.apache.deltaspike.security.impl.authorization;

import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.enterprise.context.Dependent;
import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
import javax.interceptor.InvocationContext;
import org.apache.deltaspike.core.api.exception.control.event.ExceptionToCatchEvent;
import org.apache.deltaspike.core.api.provider.BeanProvider;
import org.apache.deltaspike.security.api.authorization.AccessDecisionState;
import org.apache.deltaspike.security.api.authorization.AccessDecisionVoter;
import org.apache.deltaspike.security.api.authorization.AccessDecisionVoterContext;
import org.apache.deltaspike.security.api.authorization.AccessDeniedException;
import org.apache.deltaspike.security.api.authorization.Secured;
import org.apache.deltaspike.security.api.authorization.Secures;
import org.apache.deltaspike.security.api.authorization.SecurityViolation;
import org.apache.deltaspike.security.impl.util.SecurityUtils;
import org.apache.deltaspike.security.spi.authorization.EditableAccessDecisionVoterContext;

@Dependent
/* loaded from: input_file:org/apache/deltaspike/security/impl/authorization/SecuredAnnotationAuthorizer.class */
public class SecuredAnnotationAuthorizer {

    @Inject
    private AccessDecisionVoterContext voterContext;

    @Inject
    private BeanManager beanManager;

    @Secures
    @Secured({})
    public boolean doSecuredCheck(InvocationContext invocationContext) throws Exception {
        Secured secured = null;
        for (Annotation annotation : extractMetadata(invocationContext)) {
            if (Secured.class.isAssignableFrom(annotation.annotationType())) {
                secured = (Secured) annotation;
            } else if (this.voterContext instanceof EditableAccessDecisionVoterContext) {
                this.voterContext.addMetaData(annotation.annotationType().getName(), annotation);
            }
        }
        if (secured == null) {
            return true;
        }
        invokeVoters(invocationContext, Arrays.asList(secured.value()));
        return true;
    }

    private List<Annotation> extractMetadata(InvocationContext invocationContext) {
        ArrayList arrayList = new ArrayList();
        Method method = invocationContext.getMethod();
        arrayList.addAll(SecurityUtils.getAllAnnotations(method.getAnnotations()));
        arrayList.addAll(SecurityUtils.getAllAnnotations(method.getDeclaringClass().getAnnotations()));
        return arrayList;
    }

    private void invokeVoters(InvocationContext invocationContext, List<Class<? extends AccessDecisionVoter>> list) {
        if (list == null) {
            return;
        }
        AccessDecisionState accessDecisionState = AccessDecisionState.VOTE_IN_PROGRESS;
        try {
            if (this.voterContext instanceof EditableAccessDecisionVoterContext) {
                this.voterContext.setState(accessDecisionState);
                this.voterContext.setSource(invocationContext);
            }
            Iterator<Class<? extends AccessDecisionVoter>> it = list.iterator();
            while (it.hasNext()) {
                Set checkPermission = ((AccessDecisionVoter) BeanProvider.getContextualReference(it.next(), false, new Annotation[0])).checkPermission(this.voterContext);
                if (checkPermission != null && checkPermission.size() > 0) {
                    if (this.voterContext instanceof EditableAccessDecisionVoterContext) {
                        accessDecisionState = AccessDecisionState.VIOLATION_FOUND;
                        Iterator it2 = checkPermission.iterator();
                        while (it2.hasNext()) {
                            this.voterContext.addViolation((SecurityViolation) it2.next());
                        }
                    }
                    AccessDeniedException accessDeniedException = new AccessDeniedException(checkPermission);
                    try {
                        this.beanManager.fireEvent(new ExceptionToCatchEvent(accessDeniedException), new Annotation[0]);
                    } catch (AccessDeniedException e) {
                        throw new SkipInternalProcessingException(accessDeniedException);
                    }
                }
            }
        } finally {
            if (this.voterContext instanceof EditableAccessDecisionVoterContext) {
                if (AccessDecisionState.VOTE_IN_PROGRESS.equals(accessDecisionState)) {
                    accessDecisionState = AccessDecisionState.NO_VIOLATION_FOUND;
                }
                this.voterContext.setState(accessDecisionState);
            }
        }
    }
}
