package org.apache.tomee.microprofile.jwt.jaxrs;

import java.io.IOException;
import java.lang.reflect.Method;
import java.util.Iterator;
import java.util.Set;
import java.util.concurrent.ConcurrentMap;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;

/* loaded from: input_file:lib/mp-jwt-7.1.4.jar:org/apache/tomee/microprofile/jwt/jaxrs/MPJWTSecurityAnnotationsInterceptor.class */
public class MPJWTSecurityAnnotationsInterceptor implements ContainerRequestFilter {
    private final ResourceInfo resourceInfo;
    private final ConcurrentMap<Method, Set<String>> rolesAllowed;
    private final Set<Method> denyAll;
    private final Set<Method> permitAll;

    public MPJWTSecurityAnnotationsInterceptor(ResourceInfo resourceInfo, ConcurrentMap<Method, Set<String>> concurrentMap, Set<Method> set, Set<Method> set2) {
        this.resourceInfo = resourceInfo;
        this.rolesAllowed = concurrentMap;
        this.denyAll = set;
        this.permitAll = set2;
    }

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        if (this.permitAll.contains(this.resourceInfo.getResourceMethod())) {
            return;
        }
        if (this.denyAll.contains(this.resourceInfo.getResourceMethod())) {
            forbidden(containerRequestContext);
            return;
        }
        Set<String> set = this.rolesAllowed.get(this.resourceInfo.getResourceMethod());
        if (set == null || set.isEmpty()) {
            return;
        }
        SecurityContext securityContext = containerRequestContext.getSecurityContext();
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            if (!securityContext.isUserInRole(it.next())) {
                forbidden(containerRequestContext);
                return;
            }
        }
    }

    private void forbidden(ContainerRequestContext containerRequestContext) {
        containerRequestContext.abortWith(Response.status(403).build());
    }
}
