package org.gluu.oxtrust.service.filter;

import java.io.IOException;
import javax.annotation.Priority;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.gluu.oxtrust.auth.GluuRestService;
import org.gluu.oxtrust.auth.IProtectionService;
import org.gluu.oxtrust.auth.ProtectionServiceSelector;
import org.slf4j.Logger;

@ProtectedApi
@Provider
@Priority(1000)
@RequestScoped
/* loaded from: input_file:org/gluu/oxtrust/service/filter/AuthorizationProcessingFilter.class */
public class AuthorizationProcessingFilter implements ContainerRequestFilter {

    @Inject
    private Logger log;

    @Context
    private HttpHeaders httpHeaders;

    @Context
    private ResourceInfo resourceInfo;

    @Inject
    private ProtectionServiceSelector beanSelector;

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        Response response = null;
        String path = containerRequestContext.getUriInfo().getPath();
        this.log.debug("REST call to '{}' intercepted", path);
        GluuRestService select = this.beanSelector.select(path);
        if (select == null) {
            this.log.warn("No REST service bean associated to this path (resource will be accessed anonymously)");
        } else if (select.isEnabled()) {
            IProtectionService protectionService = select.getProtectionService();
            if (protectionService == null) {
                this.log.warn("No concrete protection mechanism associated to this API. Denying access");
                response = unprotectedApiResponse(select.getName());
            } else {
                this.log.debug("Path is protected, proceeding with authorization processing...");
                response = protectionService.processAuthorization(this.httpHeaders, this.resourceInfo);
                if (response == null) {
                    this.log.debug("Authorization passed");
                }
            }
        } else {
            this.log.warn("Please activate {} API", select.getName());
            response = disabledApiResponse(select.getName());
        }
        if (response != null) {
            containerRequestContext.abortWith(response);
        }
    }

    private Response unprotectedApiResponse(String str) {
        return Response.status(Response.Status.UNAUTHORIZED).entity(str + " API not protected").build();
    }

    private Response disabledApiResponse(String str) {
        return Response.status(Response.Status.SERVICE_UNAVAILABLE).entity(str + " API is disabled").build();
    }
}
