package org.jboss.errai.bus.server.security.auth.rules;

import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.http.HttpSession;
import org.jboss.errai.bus.client.BooleanRoutingRule;
import org.jboss.errai.bus.client.CommandMessage;
import org.jboss.errai.bus.client.ConversationMessage;
import org.jboss.errai.bus.client.MessageBus;
import org.jboss.errai.bus.client.protocols.MessageParts;
import org.jboss.errai.bus.client.protocols.SecurityCommands;
import org.jboss.errai.bus.client.protocols.SecurityParts;
import org.jboss.errai.bus.server.security.auth.AuthSubject;
import org.jboss.errai.bus.server.service.ErraiService;
import org.jboss.errai.bus.server.util.ServerBusUtils;

/* loaded from: input_file:org/jboss/errai/bus/server/security/auth/rules/RolesRequiredRule.class */
public class RolesRequiredRule implements BooleanRoutingRule {
    private Set<Object> requiredRoles;
    private MessageBus bus;

    public RolesRequiredRule(String[] strArr, MessageBus messageBus) {
        this.requiredRoles = new HashSet();
        for (String str : strArr) {
            this.requiredRoles.add(str.trim());
        }
        this.bus = messageBus;
    }

    public RolesRequiredRule(Set<Object> set, MessageBus messageBus) {
        this.requiredRoles = set;
        this.bus = messageBus;
    }

    @Override // org.jboss.errai.bus.client.BooleanRoutingRule
    public boolean decision(CommandMessage commandMessage) {
        if (!commandMessage.hasResource("Session")) {
            return false;
        }
        AuthSubject authSubject = (AuthSubject) getSession(commandMessage).getAttribute(ErraiService.SESSION_AUTH_DATA);
        if (authSubject == null) {
            this.bus.send(CommandMessage.create(SecurityCommands.SecurityChallenge).toSubject("LoginClient").set(SecurityParts.CredentialsRequired, "Name,Password").set(SecurityParts.ReplyTo, ErraiService.AUTHORIZATION_SVC_SUBJECT).copyResource("Session", commandMessage).set(SecurityParts.RejectedMessage, ServerBusUtils.encodeJSON(commandMessage.getParts())), false);
            return false;
        }
        if (authSubject.getRoles().containsAll(this.requiredRoles)) {
            return true;
        }
        ConversationMessage.create().toSubject("ClientErrorService").set(MessageParts.ErrorMessage, "Access denied to service: " + ((String) commandMessage.get(String.class, MessageParts.ToSubject)) + " (Required Roles: [" + getRequiredRolesString() + "])").sendNowWith(this.bus);
        return false;
    }

    private String getRequiredRolesString() {
        StringBuilder sb = new StringBuilder();
        Iterator<Object> it = this.requiredRoles.iterator();
        while (it.hasNext()) {
            sb.append(String.valueOf(it.next()));
            if (it.hasNext()) {
                sb.append(", ");
            }
        }
        return sb.toString();
    }

    private static HttpSession getSession(CommandMessage commandMessage) {
        return (HttpSession) commandMessage.getResource("Session");
    }
}
