package fi.vm.sade.generic.service.authz.aspect;

import fi.vm.sade.generic.common.auth.Role;
import fi.vm.sade.generic.common.auth.annotation.RequiresRole;
import fi.vm.sade.generic.service.authz.aspect.AuthzData;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Map;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.aspectj.lang.reflect.MethodSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Aspect
/* loaded from: input_file:WEB-INF/lib/generic-service-1.0-20120906.090238-80.jar:fi/vm/sade/generic/service/authz/aspect/AuthorizingAspect.class */
public class AuthorizingAspect {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthorizingAspect.class);

    @Pointcut("within(fi.vm.sade.*.service.impl.*)")
    public void serviceMethod() {
    }

    @Around("serviceMethod()")
    public Object authorize(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        try {
            LOGGER.info("Intercepting serviceMethod() call to " + proceedingJoinPoint.getSignature().getName());
            MethodSignature methodSignature = (MethodSignature) proceedingJoinPoint.getSignature();
            AuthzData authzData = AuthzDataThreadLocal.get();
            LOGGER.info("Authzdata: " + authzData.getDataMap());
            RequiresRole requiresRole = (RequiresRole) proceedingJoinPoint.getTarget().getClass().getMethod(methodSignature.getName(), methodSignature.getParameterTypes()).getAnnotation(RequiresRole.class);
            if (requiresRole == null) {
                throw new RuntimeException(methodSignature.getMethod().getName() + " - RequiresRole missing.");
            }
            Role[] roles = requiresRole.roles();
            boolean z = Arrays.asList(roles).contains(Role.NOT_REQUIRED);
            if (!z) {
                LOGGER.info("Method requires one of roles: " + Arrays.toString(roles));
                for (Role role : roles) {
                    Iterator<Map.Entry<String, AuthzData.Organisation>> it = authzData.getDataMap().entrySet().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        if (it.next().getValue().roles.contains(role.name())) {
                            z = true;
                            break;
                        }
                    }
                    if (z) {
                        break;
                    }
                }
            }
            if (!z) {
                throw new RuntimeException("Not authorized.");
            }
            LOGGER.info(" -- Authorized! -- ");
            Object proceed = proceedingJoinPoint.proceed();
            AuthzDataThreadLocal.remove();
            return proceed;
        } catch (Throwable th) {
            AuthzDataThreadLocal.remove();
            throw th;
        }
    }
}
