package org.gcube.common.authorization.library;

import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.List;
import org.gcube.common.authorization.library.annotations.IsAllowedFor;
import org.gcube.common.authorization.library.annotations.SubjectToQuota;
import org.gcube.common.authorization.library.provider.AuthorizationProvider;
import org.gcube.common.authorization.library.provider.UserInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/common-authorization-1.0.0-SNAPSHOT.jar:org/gcube/common/authorization/library/AuthorizationInvocationHandler.class */
public class AuthorizationInvocationHandler<T, I extends T> implements InvocationHandler {
    public static Logger log = LoggerFactory.getLogger(AuthorizationInvocationHandler.class);
    private String handledClass;
    private Object obj;
    ResourceAuthorizationProxy<T, I> resourceAuthorizationProxy;

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthorizationInvocationHandler(I i, String str, ResourceAuthorizationProxy<T, I> resourceAuthorizationProxy) {
        this.handledClass = str;
        this.obj = i;
        this.resourceAuthorizationProxy = resourceAuthorizationProxy;
    }

    @Override // java.lang.reflect.InvocationHandler
    public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
        log.trace("calling proxed method " + method.getName() + " on " + this.handledClass);
        UserInfo userInfo = AuthorizationProvider.instance.get();
        checkSubjectToQuota(userInfo, method);
        checkIsAllowedFor(userInfo, method);
        return method.invoke(this.obj, objArr);
    }

    private static boolean isOneElementContainedinRoles(List<String> list, String[] strArr) {
        for (String str : strArr) {
            if (list.contains(str)) {
                return true;
            }
        }
        return false;
    }

    private void checkSubjectToQuota(UserInfo userInfo, Method method) {
        if (!method.isAnnotationPresent(SubjectToQuota.class)) {
            log.debug("is subjectToQuota not present in " + method.getName());
            return;
        }
        BannedService bannedService = new BannedService(this.resourceAuthorizationProxy.getServiceClass(), this.resourceAuthorizationProxy.getServiceName());
        log.debug("subjectToQuota annotation present, checking for service {} in bannedServices {}", bannedService, userInfo.getBannedServices());
        if (userInfo.getBannedServices().contains(bannedService)) {
            String str = "blocking method " + method.getName() + " for user " + userInfo.getUserName() + ": overquota reached";
            log.warn(str);
            throw new SecurityException(str);
        }
    }

    private void checkIsAllowedFor(UserInfo userInfo, Method method) {
        if (!method.isAnnotationPresent(IsAllowedFor.class)) {
            log.debug("is allowedFor not present in " + method.getName());
            return;
        }
        IsAllowedFor isAllowedFor = (IsAllowedFor) method.getAnnotation(IsAllowedFor.class);
        if (isAllowedFor.roles().length <= 0 || isOneElementContainedinRoles(userInfo.getRoles(), isAllowedFor.roles())) {
            return;
        }
        String str = "blocking method " + method.getName() + " for user " + userInfo.getUserName() + ": only roles " + Arrays.toString(isAllowedFor.roles()) + " can access";
        log.warn(str);
        throw new SecurityException(str);
    }
}
