package io.quarkus.resteasy.reactive.jackson.runtime.security;

import com.fasterxml.jackson.databind.ser.PropertyWriter;
import com.fasterxml.jackson.databind.ser.impl.SimpleBeanPropertyFilter;
import io.quarkus.arc.Arc;
import io.quarkus.arc.ArcContainer;
import io.quarkus.arc.InstanceHandle;
import io.quarkus.resteasy.reactive.jackson.SecureField;
import io.quarkus.security.identity.SecurityIdentity;
import java.lang.annotation.Annotation;

/* loaded from: input_file:io/quarkus/resteasy/reactive/jackson/runtime/security/SecurityPropertyFilter.class */
public class SecurityPropertyFilter extends SimpleBeanPropertyFilter {
    static final String FILTER_ID = "securityFilter";
    private volatile InstanceHandle<RolesAllowedConfigExpStorage> rolesAllowedConfigExpStorage;

    private RolesAllowedConfigExpStorage getRolesAllowedConfigExpStorage(ArcContainer arcContainer) {
        if (this.rolesAllowedConfigExpStorage == null) {
            synchronized (this) {
                if (this.rolesAllowedConfigExpStorage == null) {
                    this.rolesAllowedConfigExpStorage = arcContainer.instance(RolesAllowedConfigExpStorage.class, new Annotation[0]);
                }
            }
        }
        if (this.rolesAllowedConfigExpStorage.isAvailable()) {
            return (RolesAllowedConfigExpStorage) this.rolesAllowedConfigExpStorage.get();
        }
        return null;
    }

    protected boolean include(PropertyWriter propertyWriter) {
        String[] roles;
        SecureField secureField = (SecureField) propertyWriter.getAnnotation(SecureField.class);
        if (secureField == null) {
            return super.include(propertyWriter);
        }
        ArcContainer container = Arc.container();
        if (container == null) {
            return false;
        }
        InstanceHandle instance = container.instance(SecurityIdentity.class, new Annotation[0]);
        if (!instance.isAvailable()) {
            return false;
        }
        SecurityIdentity securityIdentity = (SecurityIdentity) instance.get();
        RolesAllowedConfigExpStorage rolesAllowedConfigExpStorage = getRolesAllowedConfigExpStorage(container);
        for (String str : secureField.rolesAllowed()) {
            if (rolesAllowedConfigExpStorage == null || (roles = rolesAllowedConfigExpStorage.getRoles(str)) == null) {
                if (securityIdentity.hasRole(str)) {
                    return true;
                }
            } else {
                for (String str2 : roles) {
                    if (securityIdentity.hasRole(str2)) {
                        return true;
                    }
                }
            }
        }
        return false;
    }
}
