package restx.security;

import com.google.common.base.Function;
import com.google.common.base.Optional;
import com.google.common.collect.Iterables;
import com.google.common.collect.Maps;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import restx.RestxRequest;
import restx.RestxRequestMatch;
import restx.WebException;
import restx.factory.Component;
import restx.http.HttpStatus;

@Component
/* loaded from: input_file:WEB-INF/lib/restx-core-0.35-rc5.jar:restx/security/StdRestxSecurityManager.class */
public class StdRestxSecurityManager implements RestxSecurityManager {
    private static final Logger logger = LoggerFactory.getLogger(StdRestxSecurityManager.class);
    protected final PermissionFactory permissionFactory;

    public StdRestxSecurityManager(PermissionFactory permissionFactory) {
        this.permissionFactory = permissionFactory;
    }

    @Override // restx.security.RestxSecurityManager
    public void check(RestxRequest restxRequest, RestxRequestMatch restxRequestMatch, Permission permission) {
        if (this.permissionFactory.isOpen(permission)) {
            return;
        }
        Optional<? extends RestxPrincipal> principal = RestxSession.current().getPrincipal();
        if (!principal.isPresent()) {
            logger.debug("no principal found: request={}", restxRequest);
            throw new WebException(HttpStatus.UNAUTHORIZED);
        }
        Optional<? extends Permission> has = permission.has(principal.get(), createRoleInterpolationMapFrom(restxRequest, restxRequestMatch));
        if (has.isPresent()) {
            logger.debug("permission matched: request={} principal={} perm={}", restxRequest, principal.get(), has.get());
        } else {
            logger.debug("permission not matched: request={} principal={} permission={}", restxRequest, principal.get(), permission);
            throw new WebException(HttpStatus.FORBIDDEN);
        }
    }

    protected Map<String, String> createRoleInterpolationMapFrom(RestxRequest restxRequest, RestxRequestMatch restxRequestMatch) {
        HashMap hashMap = new HashMap();
        if (restxRequest != null) {
            hashMap.putAll(Maps.transformValues(restxRequest.getQueryParams(), new Function<List<String>, String>() { // from class: restx.security.StdRestxSecurityManager.1
                @Override // com.google.common.base.Function
                public String apply(List<String> list) {
                    return (String) Iterables.getFirst(list, null);
                }
            }));
        }
        if (restxRequestMatch != null) {
            hashMap.putAll(restxRequestMatch.getPathParams());
        }
        return hashMap;
    }
}
