package at.itsv.tools.controller;

import at.itsv.tools.callback.InterceptorCallback;
import at.itsv.tools.logging.SLF4J;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
import javax.faces.context.ExternalContext;
import javax.faces.context.FacesContext;
import javax.inject.Inject;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;
import org.slf4j.Logger;

@Controller
@Interceptor
/* loaded from: input_file:at/itsv/tools/controller/ControllerInterceptor.class */
public class ControllerInterceptor implements Serializable {
    private static final long serialVersionUID = 1134177513761192621L;

    @Inject
    @SLF4J
    private Logger log;

    @Inject
    private FacesContext facesContext;

    @Inject
    private MethodTypeDetector methodTypeDetector;
    private static final List<InterceptorCallback> STRING_CHECKERS = new ArrayList();

    @AroundInvoke
    public Object processRequest(InvocationContext invocationContext) throws Exception {
        this.log.debug("intercepting method call " + invocationContext.getMethod().getDeclaringClass().getName() + "." + invocationContext.getMethod().getName());
        switch (this.methodTypeDetector.getMethodType(invocationContext)) {
            case ACTION:
                checkPermissions(invocationContext);
                break;
            case STRING_SETTER:
                preStringSetter(invocationContext);
                break;
            case NOT_INTERCEPTED:
                break;
            default:
                throw new IllegalStateException("calling an unknown method type");
        }
        return invocationContext.proceed();
    }

    private boolean checkPermissions(InvocationContext invocationContext) {
        ExternalContext externalContext = this.facesContext.getExternalContext();
        String str = null;
        if (null != externalContext) {
            str = externalContext.getRemoteUser();
        }
        if (null == str || str.length() < 1) {
            this.log.error("not logged in");
            throw new SecurityException("not logged in - maybe missing configuration in web.xml");
        }
        String str2 = invocationContext.getMethod().getDeclaringClass().getName() + "." + invocationContext.getMethod().getName();
        this.log.debug("checking if user <" + str + "> is allowed to call action " + str2);
        ControllerAction controllerAction = (ControllerAction) invocationContext.getMethod().getAnnotation(ControllerAction.class);
        if (controllerAction == null) {
            this.log.error("illegal use of this method");
            throw new IllegalStateException("using this method is only allowed for methods annotated with " + ControllerAction.class.getName());
        }
        boolean z = false;
        if (!controllerAction.anyRoleAllowed()) {
            if (controllerAction.rolesAllowed() != null && controllerAction.rolesAllowed().length >= 1) {
                String[] rolesAllowed = controllerAction.rolesAllowed();
                int length = rolesAllowed.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    String str3 = rolesAllowed[i];
                    this.log.debug("checking if user has role " + str3);
                    if (externalContext.isUserInRole(str3)) {
                        this.log.debug("user has role " + str3 + " => granting access");
                        z = true;
                        break;
                    }
                    i++;
                }
            } else {
                this.log.error("missing configuration @ " + str2);
                throw new SecurityException("missing security configuration on method " + str2 + " - nobody is allowed to execute this method");
            }
        } else {
            z = true;
            this.log.debug("all roles allowed so skipping role check");
        }
        if (z) {
            this.log.debug("granting access to user " + str + " to method " + str2);
            return true;
        }
        this.log.warn("user " + str + " not allowed to call " + str2);
        throw new SecurityException("user " + str + " does not have permission to call " + invocationContext.getMethod().getDeclaringClass().getName() + "." + invocationContext.getMethod().getName());
    }

    private void preStringSetter(InvocationContext invocationContext) {
        this.log.debug("intercepting string setter " + invocationContext.getMethod().getName() + " with value <" + ((String) invocationContext.getParameters()[0]) + ">");
        for (InterceptorCallback interceptorCallback : STRING_CHECKERS) {
            if (null == interceptorCallback) {
                throw new IllegalStateException("a callback handler must not be null");
            }
            if (null == interceptorCallback.getName()) {
                throw new IllegalStateException("callback.getName must not return null");
            }
            this.log.debug("running callback " + interceptorCallback.getName());
            interceptorCallback.callback(invocationContext);
        }
    }

    public static void addStringChecker(InterceptorCallback interceptorCallback) {
        if (null == interceptorCallback) {
            throw new IllegalArgumentException("stringSetterCheck must not be null");
        }
        STRING_CHECKERS.add(interceptorCallback);
    }

    public static void clearStringChecker() {
        STRING_CHECKERS.clear();
    }
}
