package com.manydesigns.portofino.pageactions.rest;

import ch.qos.logback.classic.ClassicConstants;
import com.manydesigns.elements.ElementsThreadLocals;
import com.manydesigns.elements.stripes.ElementsActionBeanContext;
import com.manydesigns.portofino.buttons.ButtonsLogic;
import com.manydesigns.portofino.dispatcher.Dispatch;
import com.manydesigns.portofino.dispatcher.PageAction;
import com.manydesigns.portofino.dispatcher.PageInstance;
import com.manydesigns.portofino.interceptors.AccessLoggerInterceptor;
import com.manydesigns.portofino.logic.SecurityLogic;
import com.manydesigns.portofino.shiro.ShiroUtils;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.ws.rs.ConstrainedTo;
import jakarta.ws.rs.RuntimeType;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerRequestFilter;
import jakarta.ws.rs.container.ContainerResponseContext;
import jakarta.ws.rs.container.ContainerResponseFilter;
import jakarta.ws.rs.container.ResourceInfo;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriInfo;
import jakarta.ws.rs.ext.Provider;
import java.io.Serializable;
import java.lang.reflect.Method;
import java.util.ArrayList;
import net.sourceforge.stripes.action.ActionBean;
import net.sourceforge.stripes.action.Resolution;
import net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor;
import net.sourceforge.stripes.controller.ExecutionContext;
import net.sourceforge.stripes.controller.LifecycleStage;
import net.sourceforge.stripes.controller.StripesConstants;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.aop.MethodInvocation;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.UnauthenticatedException;
import org.apache.shiro.authz.aop.AnnotationsAuthorizingMethodInterceptor;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;

@Provider
@ConstrainedTo(RuntimeType.SERVER)
/* loaded from: input_file:WEB-INF/lib/portofino-pageactions-4.2.13-SNAPSHOT.jar:com/manydesigns/portofino/pageactions/rest/PortofinoFilter.class */
public class PortofinoFilter implements ContainerRequestFilter, ContainerResponseFilter {
    public static final String copyright = "Copyright (C) 2005-2025 ManyDesigns srl";
    protected final BeforeAfterMethodInterceptor beforeAfterMethodInterceptor = new BeforeAfterMethodInterceptor();

    @Context
    protected ResourceInfo resourceInfo;

    @Context
    protected HttpServletRequest request;

    @Context
    protected HttpServletResponse response;
    public static final Logger logger = LoggerFactory.getLogger((Class<?>) PortofinoFilter.class);
    protected static final AuthChecker AUTH_CHECKER = new AuthChecker();

    /* loaded from: input_file:WEB-INF/lib/portofino-pageactions-4.2.13-SNAPSHOT.jar:com/manydesigns/portofino/pageactions/rest/PortofinoFilter$AuthChecker.class */
    public static final class AuthChecker extends AnnotationsAuthorizingMethodInterceptor {
        public void assertAuthorized(final Object obj, final Method method) throws AuthorizationException {
            super.assertAuthorized(new MethodInvocation() { // from class: com.manydesigns.portofino.pageactions.rest.PortofinoFilter.AuthChecker.1
                @Override // org.apache.shiro.aop.MethodInvocation
                public Object proceed() {
                    return null;
                }

                @Override // org.apache.shiro.aop.MethodInvocation
                public Method getMethod() {
                    return method;
                }

                @Override // org.apache.shiro.aop.MethodInvocation
                public Object[] getArguments() {
                    return new Object[0];
                }

                @Override // org.apache.shiro.aop.MethodInvocation
                public Object getThis() {
                    return obj;
                }
            });
        }
    }

    /* loaded from: input_file:WEB-INF/lib/portofino-pageactions-4.2.13-SNAPSHOT.jar:com/manydesigns/portofino/pageactions/rest/PortofinoFilter$BridgeExecutionContext.class */
    public static final class BridgeExecutionContext extends ExecutionContext {
        private final boolean before;
        private boolean proceedCalled;

        public BridgeExecutionContext(boolean z) {
            this.before = z;
        }

        @Override // net.sourceforge.stripes.controller.ExecutionContext
        public Resolution proceed() throws Exception {
            this.proceedCalled = true;
            return null;
        }

        @Override // net.sourceforge.stripes.controller.ExecutionContext
        public ActionBean getActionBean() {
            if ((!this.before || this.proceedCalled) && (this.before || !this.proceedCalled)) {
                return null;
            }
            return super.getActionBean();
        }
    }

    @Override // jakarta.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) {
        UriInfo uriInfo = containerRequestContext.getUriInfo();
        if (uriInfo.getMatchedResources().isEmpty()) {
            return;
        }
        Object obj = uriInfo.getMatchedResources().get(0);
        if (this.resourceInfo == null || this.resourceInfo.getResourceClass() == null) {
            return;
        }
        if (obj.getClass() != this.resourceInfo.getResourceClass()) {
            throw new RuntimeException("Inconsistency: matched resource is not of the right type, " + this.resourceInfo.getResourceClass());
        }
        fillMDC();
        if (checkAuthorizations(containerRequestContext, obj)) {
            preparePage(containerRequestContext, obj);
            runStripesInterceptors(containerRequestContext, obj, true);
        }
    }

    @Override // jakarta.ws.rs.container.ContainerResponseFilter
    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) {
        UriInfo uriInfo = containerRequestContext.getUriInfo();
        if (uriInfo.getMatchedResources().isEmpty()) {
            return;
        }
        Object obj = uriInfo.getMatchedResources().get(0);
        try {
            if (this.resourceInfo != null) {
                if (this.resourceInfo.getResourceClass() == null) {
                    return;
                }
                if (obj.getClass() != this.resourceInfo.getResourceClass()) {
                    throw new RuntimeException("Inconsistency: matched resource is not of the right type, " + this.resourceInfo.getResourceClass());
                }
                runStripesInterceptors(containerRequestContext, obj, false);
            }
        } catch (Exception e) {
            logger.debug("Could not get resourceInfo (can happen under RestEasy)", (Throwable) e);
        }
    }

    protected void runStripesInterceptors(ContainerRequestContext containerRequestContext, Object obj, boolean z) {
        if (obj instanceof ActionBean) {
            BridgeExecutionContext bridgeExecutionContext = new BridgeExecutionContext(z);
            ActionBean actionBean = (ActionBean) obj;
            bridgeExecutionContext.setActionBean(actionBean);
            bridgeExecutionContext.setActionBeanContext(actionBean.getContext());
            bridgeExecutionContext.setHandler(this.resourceInfo.getResourceMethod());
            bridgeExecutionContext.setLifecycleStage(LifecycleStage.EventHandling);
            if (!z) {
                try {
                    if (AccessLoggerInterceptor.isToBeLogged(obj, this.resourceInfo.getResourceMethod())) {
                        AccessLoggerInterceptor.logger.info(containerRequestContext.getMethod() + " REST resource, method " + this.resourceInfo.getResourceMethod().getName() + ", query string " + this.request.getQueryString());
                    }
                } catch (Exception e) {
                    logger.error("Exception applying before/after method interceptor", (Throwable) e);
                    containerRequestContext.abortWith(Response.serverError().entity(e).build());
                    return;
                }
            }
            Resolution intercept = this.beforeAfterMethodInterceptor.intercept(bridgeExecutionContext);
            if (intercept != null) {
                containerRequestContext.abortWith(Response.ok(intercept).build());
            }
        }
    }

    protected void preparePage(ContainerRequestContext containerRequestContext, Object obj) {
        if (obj instanceof PageAction) {
            PageAction pageAction = (PageAction) obj;
            HttpServletRequest httpServletRequest = ElementsThreadLocals.getHttpServletRequest();
            httpServletRequest.setAttribute(StripesConstants.REQ_ATTR_ACTION_BEAN, pageAction);
            if (!pageAction.getPageInstance().isPrepared()) {
                ElementsActionBeanContext elementsActionBeanContext = new ElementsActionBeanContext();
                elementsActionBeanContext.setRequest(httpServletRequest);
                elementsActionBeanContext.setResponse(this.response);
                elementsActionBeanContext.setServletContext(httpServletRequest.getServletContext());
                elementsActionBeanContext.setEventName("");
                String path = containerRequestContext.getUriInfo().getPath();
                if (!path.startsWith("/")) {
                    path = "/" + path;
                }
                elementsActionBeanContext.setActionPath(path);
                pageAction.setContext(elementsActionBeanContext);
                Resolution preparePage = pageAction.preparePage();
                if (preparePage != null) {
                    containerRequestContext.abortWith(Response.serverError().entity(preparePage).build());
                }
            }
            if (ButtonsLogic.doGuardsPass(pageAction, this.resourceInfo.getResourceMethod())) {
                return;
            }
            containerRequestContext.abortWith(Response.status(Response.Status.CONFLICT).entity("The action couldn't be invoked, a guard did not pass").build());
        }
    }

    protected boolean checkAuthorizations(ContainerRequestContext containerRequestContext, Object obj) {
        try {
            AUTH_CHECKER.assertAuthorized(obj, this.resourceInfo.getResourceMethod());
            logger.debug("Standard Shiro security check passed.");
            if (obj instanceof PageAction) {
                return checkActionBeanInvocation(containerRequestContext, (PageAction) obj);
            }
            return true;
        } catch (UnauthenticatedException e) {
            logger.debug("Method required authentication", (Throwable) e);
            containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
            return false;
        } catch (AuthorizationException e2) {
            logger.warn("Method invocation not authorized", (Throwable) e2);
            containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
            return false;
        }
    }

    protected void fillMDC() {
        logger.debug("Retrieving user");
        Serializable serializable = null;
        Subject subject = SecurityUtils.getSubject();
        if (subject.getPrincipal() == null) {
            logger.debug("No user found");
        } else {
            serializable = ShiroUtils.getUserId(subject);
            logger.debug("Retrieved userId={}", serializable);
        }
        logger.debug("Setting up logging MDC");
        MDC.clear();
        if (serializable != null) {
            MDC.put("userId", serializable.toString());
        }
        HttpServletRequest httpServletRequest = ElementsThreadLocals.getHttpServletRequest();
        if (httpServletRequest != null) {
            MDC.put(ClassicConstants.REQUEST_REQUEST_URI, httpServletRequest.getRequestURI());
        }
    }

    protected boolean checkActionBeanInvocation(ContainerRequestContext containerRequestContext, PageAction pageAction) {
        Method resourceMethod = this.resourceInfo.getResourceMethod();
        ArrayList arrayList = new ArrayList();
        PageInstance pageInstance = pageAction.getPageInstance();
        while (true) {
            PageInstance pageInstance2 = pageInstance;
            if (pageInstance2 == null) {
                break;
            }
            arrayList.add(0, pageInstance2);
            pageInstance = pageInstance2.getParent();
        }
        if (SecurityLogic.isAllowed(ElementsThreadLocals.getHttpServletRequest(), new Dispatch((PageInstance[]) arrayList.toArray(new PageInstance[0])), pageAction, resourceMethod)) {
            logger.debug("Portofino-specific security check passed");
            return true;
        }
        containerRequestContext.abortWith(Response.status(SecurityUtils.getSubject().isAuthenticated() ? Response.Status.FORBIDDEN : Response.Status.UNAUTHORIZED).build());
        return false;
    }
}
