package org.ocelotds.security;

import java.io.Serializable;
import java.lang.reflect.Method;
import java.security.Principal;
import javax.inject.Inject;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;
import javax.websocket.server.HandshakeRequest;
import org.ocelotds.annotations.OcelotLogger;
import org.ocelotds.annotations.RolesAllowed;
import org.ocelotds.context.ThreadLocalContextHolder;
import org.slf4j.Logger;

@RolesAllowed
@Interceptor
/* loaded from: input_file:org/ocelotds/security/RolesAllowedInterceptor.class */
public class RolesAllowedInterceptor implements Serializable {
    private static final long serialVersionUID = -849762977471230875L;

    @Inject
    @OcelotLogger
    private transient Logger logger;

    @Inject
    private Principal principal;

    @AroundInvoke
    public Object checkRolesAllowed(InvocationContext invocationContext) throws Exception {
        Method method = invocationContext.getMethod();
        String[] value = method.getAnnotation(RolesAllowed.class).value();
        HandshakeRequest handshakeRequest = getHandshakeRequest();
        for (String str : value) {
            if (handshakeRequest.isUserInRole(str)) {
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug("Check method {}.{} : role {} is allowed", new Object[]{method.getDeclaringClass().getSimpleName(), method.getName(), str});
                }
                return invocationContext.proceed();
            }
        }
        throw new IllegalAccessException("'" + this.principal + "' is not allowed to execute " + method.getDeclaringClass().getSimpleName() + "." + method.getName());
    }

    HandshakeRequest getHandshakeRequest() {
        return (HandshakeRequest) ThreadLocalContextHolder.get("HANDSHAKEREQUEST");
    }
}
