package uk.co.solong.restsec.core.annotations;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.naming.NoPermissionException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.collections4.CollectionUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import uk.co.solong.restsec.core.exceptions.CannotVerifyAuthenticationException;
import uk.co.solong.restsec.core.exceptions.NotAuthenticatedException;
import uk.co.solong.restsec.core.roles.Role;
import uk.co.solong.restsec.core.sessions.SessionManager;

@Aspect
@Component
/* loaded from: input_file:uk/co/solong/restsec/core/annotations/EntitlementAspect.class */
public class EntitlementAspect {
    private static final Logger logger = LoggerFactory.getLogger(EntitlementAspect.class);
    private final SessionManager sessionManager;
    private final Map<String, List<String>> entitlementDirectory = new HashMap();

    @Around("execution(* *(..)) && @annotation(uk.co.solong.hatf2.web.annotations.Entitlement)")
    public Object around(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        for (Object obj : proceedingJoinPoint.getArgs()) {
            if (obj instanceof HttpServletRequest) {
                HttpServletRequest httpServletRequest = (HttpServletRequest) obj;
                if (!this.sessionManager.isLoggedIn(httpServletRequest)) {
                    throw new NotAuthenticatedException();
                }
                String userId = this.sessionManager.getUserId(httpServletRequest);
                if (userId == null) {
                    throw new NotAuthenticatedException();
                }
                List<String> list = this.entitlementDirectory.get(userId);
                List<String> extractRoles = extractRoles(proceedingJoinPoint);
                if ((list == null || CollectionUtils.intersection(list, extractRoles).size() <= 0) && extractRoles.size() != 0) {
                    logger.debug("Not Authorised");
                    throw new NoPermissionException();
                }
                logger.info("Authorised");
                return proceedingJoinPoint.proceed();
            }
        }
        throw new CannotVerifyAuthenticationException();
    }

    private List<String> extractRoles(ProceedingJoinPoint proceedingJoinPoint) {
        Entitlement entitlement = (Entitlement) proceedingJoinPoint.getSignature().getMethod().getAnnotation(Entitlement.class);
        ArrayList arrayList = new ArrayList();
        for (Role role : entitlement.mustbe()) {
            arrayList.add(role.name());
        }
        return arrayList;
    }

    public EntitlementAspect(SessionManager sessionManager) {
        this.sessionManager = sessionManager;
        ArrayList arrayList = new ArrayList();
        arrayList.add(Role.ADMIN.name());
        arrayList.add(Role.USER.name());
        this.entitlementDirectory.put("4003348", arrayList);
    }
}
