package org.apache.geronimo.microprofile.metrics.common.jaxrs;

import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;
import org.apache.openejb.config.QuickServerXmlParser;

/* loaded from: input_file:lib/geronimo-metrics-common-1.0.2.jar:org/apache/geronimo/microprofile/metrics/common/jaxrs/SecurityValidator.class */
public class SecurityValidator {
    private static final Predicate<String> LOCAL_MATCHER = str -> {
        return str.startsWith("127.") || str.startsWith("1::") || QuickServerXmlParser.DEFAULT_HOST.equals(str);
    };
    private List<Predicate<String>> acceptedHosts;
    private List<String> acceptedRoles;

    public void init() {
        this.acceptedHosts = (List) config("geronimo.metrics.jaxrs.acceptedHosts", str -> {
            if ("<local>".equals(str)) {
                return LOCAL_MATCHER;
            }
            str.getClass();
            return (v1) -> {
                return r0.equals(v1);
            };
        }).orElse(Collections.singletonList(LOCAL_MATCHER));
        this.acceptedRoles = (List) config("geronimo.metrics.jaxrs.acceptedRoles", Function.identity()).orElse(null);
    }

    public void checkSecurity(SecurityContext securityContext, UriInfo uriInfo) {
        String host;
        if (this.acceptedHosts != null && uriInfo != null && ((host = uriInfo.getRequestUri().getHost()) == null || this.acceptedHosts.stream().noneMatch(predicate -> {
            return predicate.test(host);
        }))) {
            throw new WebApplicationException(Response.Status.NOT_FOUND);
        }
        if (hasValidRole(securityContext)) {
            return;
        }
        if (securityContext != null && securityContext.getUserPrincipal() != null) {
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        }
        throw new WebApplicationException(Response.Status.UNAUTHORIZED);
    }

    private boolean hasValidRole(SecurityContext securityContext) {
        if (this.acceptedRoles != null) {
            if (securityContext != null && securityContext.getUserPrincipal() != null) {
                Stream<String> stream = this.acceptedRoles.stream();
                securityContext.getClass();
                if (stream.anyMatch(securityContext::isUserInRole)) {
                }
            }
            return false;
        }
        return true;
    }

    private <T> Optional<List<T>> config(String str, Function<String, T> function) {
        return Optional.ofNullable(config(str)).map(str2 -> {
            return (List) Stream.of((Object[]) str2.split(",")).map((v0) -> {
                return v0.trim();
            }).filter(str2 -> {
                return !str2.isEmpty();
            }).map(function).collect(Collectors.toList());
        });
    }

    protected String config(String str) {
        return System.getProperty(str);
    }
}
