package org.axonframework.spring.authorization;

import jakarta.annotation.Nonnull;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.axonframework.common.annotation.AnnotationUtils;
import org.axonframework.messaging.InterceptorChain;
import org.axonframework.messaging.Message;
import org.axonframework.messaging.MessageHandlerInterceptor;
import org.axonframework.messaging.unitofwork.LegacyUnitOfWork;
import org.axonframework.messaging.unitofwork.ProcessingContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:org/axonframework/spring/authorization/MessageAuthorizationHandlerInterceptor.class */
public class MessageAuthorizationHandlerInterceptor<T extends Message<?>> implements MessageHandlerInterceptor<T> {
    private static final Logger logger = LoggerFactory.getLogger(MessageAuthorizationHandlerInterceptor.class);

    public Object handle(@Nonnull LegacyUnitOfWork<? extends T> legacyUnitOfWork, @Nonnull ProcessingContext processingContext, @Nonnull InterceptorChain interceptorChain) throws Exception {
        Message message = legacyUnitOfWork.getMessage();
        if (!AnnotationUtils.isAnnotationPresent(message.getPayloadType(), Secured.class)) {
            return interceptorChain.proceedSync(processingContext);
        }
        Secured annotation = message.getPayloadType().getAnnotation(Secured.class);
        Set set = (Set) Optional.ofNullable(message.getMetaData().get("authorities")).map(obj -> {
            if (logger.isDebugEnabled()) {
                logger.debug("Found authorities [{}]", obj);
            }
            return new HashSet((List) obj);
        }).orElseThrow(() -> {
            return new UnauthorizedMessageException("No authorities found for message with identifier [" + message.getIdentifier() + "]");
        });
        if (logger.isDebugEnabled()) {
            logger.debug("Authorizing for [{}] and [{}]", message.getPayloadType().getName(), annotation.value());
        }
        set.retainAll((Collection) Arrays.stream(annotation.value()).map(SimpleGrantedAuthority::new).collect(Collectors.toSet()));
        if (set.isEmpty()) {
            throw new UnauthorizedMessageException("Unauthorized message with identifier [" + message.getIdentifier() + "]");
        }
        return interceptorChain.proceedSync(processingContext);
    }
}
