package io.smallrye.jwt.auth.jaxrs;

import java.util.Arrays;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Stream;
import javax.annotation.Priority;
import javax.ws.rs.ForbiddenException;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.SecurityContext;

@Priority(2000)
/* loaded from: input_file:io/smallrye/jwt/auth/jaxrs/RolesAllowedFilter.class */
public class RolesAllowedFilter implements ContainerRequestFilter {
    private final Set<String> allowedRoles;
    private final boolean allRolesAllowed;

    public RolesAllowedFilter(String[] strArr) {
        this.allowedRoles = new HashSet(Arrays.asList(strArr));
        String str = "*";
        this.allRolesAllowed = this.allowedRoles.stream().anyMatch((v1) -> {
            return r2.equals(v1);
        });
    }

    public void filter(ContainerRequestContext containerRequestContext) {
        boolean noneMatch;
        SecurityContext securityContext = containerRequestContext.getSecurityContext();
        if (this.allRolesAllowed) {
            noneMatch = securityContext.getUserPrincipal() == null;
        } else {
            Stream<String> stream = this.allowedRoles.stream();
            Objects.requireNonNull(securityContext);
            noneMatch = stream.noneMatch(securityContext::isUserInRole);
        }
        if (noneMatch) {
            if (containerRequestContext.getSecurityContext().getUserPrincipal() != null) {
                throw new ForbiddenException();
            }
            throw new NotAuthorizedException("Bearer", new Object[0]);
        }
    }
}
