package org.picketlink.authorization;

import java.lang.annotation.Annotation;
import java.lang.reflect.Method;
import javax.enterprise.inject.Any;
import javax.enterprise.inject.spi.BeanManager;
import javax.inject.Inject;
import javax.interceptor.InvocationContext;
import org.apache.deltaspike.core.util.ProxyUtils;
import org.apache.deltaspike.security.api.authorization.Secures;
import org.picketlink.Identity;
import org.picketlink.authentication.levels.InsufficientSecurityLevelException;
import org.picketlink.authentication.levels.Level;
import org.picketlink.authorization.annotations.GroupsAllowed;
import org.picketlink.authorization.annotations.LoggedIn;
import org.picketlink.authorization.annotations.PartitionsAllowed;
import org.picketlink.authorization.annotations.RequiresLevel;
import org.picketlink.authorization.annotations.RequiresPermission;
import org.picketlink.authorization.annotations.Restrict;
import org.picketlink.authorization.annotations.RolesAllowed;
import org.picketlink.authorization.util.AuthorizationUtil;
import org.picketlink.idm.IdentityManager;
import org.picketlink.idm.PartitionManager;
import org.picketlink.idm.RelationshipManager;
import org.picketlink.idm.model.Account;
import org.picketlink.internal.el.ELProcessor;
import org.picketlink.producer.LevelFactoryResolver;

/* loaded from: input_file:WEB-INF/lib/picketlink-2.7.1.Final.jar:org/picketlink/authorization/DefaultAuthorizationManager.class */
public class DefaultAuthorizationManager {

    @Inject
    private BeanManager beanManager;

    @Inject
    @Any
    private Identity identity;

    @Inject
    private ELProcessor elProcessor;

    @Inject
    private PartitionManager partitionManager;

    @Inject
    private IdentityManager identityManager;

    @Inject
    private RelationshipManager relationshipManager;

    @Inject
    private LevelFactoryResolver abstractFactory;

    @Secures
    @LoggedIn
    public boolean isLoggedIn(InvocationContext invocationContext) {
        LoggedIn loggedIn = (LoggedIn) getAnnotation(invocationContext, LoggedIn.class);
        Class<? extends Account> requiresAccount = loggedIn != null ? loggedIn.requiresAccount() : Account.class;
        Account account = getIdentity().getAccount();
        return account != null && requiresAccount.isInstance(account);
    }

    @Secures
    @Restrict
    public boolean checkExpression(InvocationContext invocationContext) {
        Object eval = this.elProcessor.eval(((Restrict) getAnnotation(invocationContext, Restrict.class)).value());
        if (Boolean.class.isInstance(eval)) {
            return Boolean.valueOf(eval.toString()).booleanValue();
        }
        return false;
    }

    @Secures
    @RequiresPermission
    public boolean hasPermission(InvocationContext invocationContext) {
        RequiresPermission requiresPermission = (RequiresPermission) getAnnotation(invocationContext, RequiresPermission.class);
        return AuthorizationUtil.hasPermission(getIdentity(), requiresPermission.resource(), requiresPermission.resourceClass(), requiresPermission.resourceIdentifier(), requiresPermission.operation());
    }

    @Secures
    @RolesAllowed
    public boolean hasRole(InvocationContext invocationContext) {
        for (String str : ((RolesAllowed) getAnnotation(invocationContext, RolesAllowed.class)).value()) {
            if (AuthorizationUtil.hasRole(getIdentity(), this.partitionManager, str)) {
                return true;
            }
        }
        return false;
    }

    @Secures
    @GroupsAllowed
    public boolean isMember(InvocationContext invocationContext) {
        for (String str : ((GroupsAllowed) getAnnotation(invocationContext, GroupsAllowed.class)).value()) {
            if (AuthorizationUtil.isMember(getIdentity(), this.partitionManager, str)) {
                return true;
            }
        }
        return false;
    }

    @Secures
    @PartitionsAllowed
    public boolean hasPartition(InvocationContext invocationContext) {
        PartitionsAllowed partitionsAllowed = (PartitionsAllowed) getAnnotation(invocationContext, PartitionsAllowed.class);
        String[] name = partitionsAllowed.name();
        return AuthorizationUtil.hasPartition(getIdentity(), partitionsAllowed.type(), name);
    }

    @Secures
    @RequiresLevel
    public boolean hasLevel(InvocationContext invocationContext) {
        Level createLevel = this.abstractFactory.resolve().createLevel(((RequiresLevel) getAnnotation(invocationContext, RequiresLevel.class)).value());
        if (AuthorizationUtil.hasLevel(this.identity, createLevel)) {
            return true;
        }
        throw new InsufficientSecurityLevelException(createLevel, "Expected security level is: " + createLevel + " but the current level is: " + this.identity.getLevel());
    }

    private <T extends Annotation> T getAnnotation(InvocationContext invocationContext, Class<T> cls) {
        Class unproxiedClass = ProxyUtils.getUnproxiedClass(invocationContext.getTarget().getClass());
        Annotation annotation = unproxiedClass.getAnnotation(cls);
        Method method = invocationContext.getMethod();
        if (annotation == null) {
            annotation = method.getAnnotation(cls);
        }
        if (annotation == null) {
            throw new IllegalArgumentException("No annotation [" + cls + "] found in type [" + unproxiedClass + "] or method [" + method + ".");
        }
        return (T) annotation;
    }

    private Identity getIdentity() {
        return this.identity;
    }
}
