package net.krotscheck.kangaroo.authz.admin.v1.auth.filter;

import java.io.IOException;
import java.util.Arrays;
import java.util.stream.Stream;
import javax.annotation.Priority;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.SecurityContext;
import net.krotscheck.kangaroo.authz.admin.v1.auth.exception.OAuth2ForbiddenException;

@Priority(2000)
/* loaded from: input_file:net/krotscheck/kangaroo/authz/admin/v1/auth/filter/OAuth2AuthorizationFilter.class */
public final class OAuth2AuthorizationFilter implements ContainerRequestFilter {
    private final String[] scopesAllowed;

    public OAuth2AuthorizationFilter() {
        this(new String[0]);
    }

    public OAuth2AuthorizationFilter(String[] strArr) {
        this.scopesAllowed = strArr;
    }

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        SecurityContext securityContext = containerRequestContext.getSecurityContext();
        if (securityContext == null) {
            throw new OAuth2ForbiddenException(containerRequestContext.getUriInfo(), this.scopesAllowed);
        }
        Stream stream = Arrays.stream(this.scopesAllowed);
        securityContext.getClass();
        if (stream.filter(securityContext::isUserInRole).count() == 0) {
            throw new OAuth2ForbiddenException(containerRequestContext.getUriInfo(), this.scopesAllowed);
        }
    }
}
