package adapter.modulo;

import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import org.jboss.logging.Logger;
import org.jboss.resteasy.core.Headers;
import org.jboss.resteasy.core.ResourceMethod;
import org.jboss.resteasy.core.ServerResponse;
import org.jboss.resteasy.spi.Failure;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.interception.PreProcessInterceptor;

/* loaded from: input_file:utils-2.1.184.jar:adapter/modulo/AdapterSecurityInterceptor.class */
public abstract class AdapterSecurityInterceptor implements PreProcessInterceptor {
    public static final String ROLES_PROPERTY = "Roles";
    public static final String USER_ID_PROPERTY = "Usuario";
    public static final String ID_PERFIL_USER_PROPERTY = "PerfilUsuario";

    @Context
    HttpServletRequest contextRequest;

    @EJB
    GatewayService gwService;
    protected static final Logger LOGGER = Logger.getLogger((Class<?>) AdapterSecurityInterceptor.class);
    protected static final ServerResponse ACCESS_DENIED = new ServerResponse("{\"error\":\"Access denied for this resource\"}", 401, new Headers());
    protected static final ServerResponse ACCESS_FORBIDDEN = new ServerResponse("{\"error\":\"Nobody can access this resource\"}", 403, new Headers());

    protected String getGatewayIp() {
        return this.gwService.getGatewayIp();
    }

    @Override // org.jboss.resteasy.spi.interception.PreProcessInterceptor
    public ServerResponse preProcess(HttpRequest httpRequest, ResourceMethod resourceMethod) throws Failure, WebApplicationException {
        String remoteAddr = this.contextRequest.getRemoteAddr();
        Method method = resourceMethod.getMethod();
        if (method.isAnnotationPresent(PermitAll.class)) {
            return null;
        }
        if (method.isAnnotationPresent(DenyAll.class)) {
            LOGGER.debug("Tentativa de acesso do IP " + remoteAddr + " foi rejeitada porque o recurso nao esta disponivel");
            return ACCESS_FORBIDDEN;
        }
        if (!method.isAnnotationPresent(RolesAllowed.class) || haveAccess(httpRequest, method)) {
            return null;
        }
        LOGGER.debug("Tentativa de acesso do IP " + remoteAddr + " foi rejeitada porque o usuario nao tem permissao");
        return ACCESS_DENIED;
    }

    protected boolean haveAccess(HttpRequest httpRequest, Method method) {
        List<String> requestHeader = httpRequest.getHttpHeaders().getRequestHeader(ROLES_PROPERTY);
        List<String> asList = (requestHeader == null || requestHeader.isEmpty()) ? requestHeader : Arrays.asList(requestHeader.get(0).split(";"));
        if (asList == null || asList.isEmpty()) {
            return false;
        }
        return compareRoles(asList, extractRoles(method));
    }

    protected Set<String> extractRoles(Method method) {
        return new HashSet(Arrays.asList(((RolesAllowed) method.getAnnotation(RolesAllowed.class)).value()));
    }

    protected boolean compareRoles(List<String> list, Set<String> set) {
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            if (list.contains(it.next())) {
                return true;
            }
        }
        return false;
    }
}
