package org.xlcloud.iam;

import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import javax.inject.Inject;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.xlcloud.rest.AuthorizationTokenResolver;
import org.xlcloud.rest.RequestAwareResource;
import org.xlcloud.rest.ResourceInterceptorBinding;
import org.xlcloud.rest.exception.ForbiddenException;

@ResourceInterceptorBinding
@Interceptor
/* loaded from: input_file:org/xlcloud/iam/EntitlementInterceptor.class */
public class EntitlementInterceptor implements Serializable {
    private static final long serialVersionUID = 6278017503199479842L;
    private static Logger LOG = Logger.getLogger(EntitlementInterceptor.class);

    @Inject
    protected EntitlementContext entitlementCtx;

    @Inject
    protected EntitlementValidator entitlementValidator;

    @Inject
    private AuthorizationTokenResolver authTokenResolver;
    private Map<String, String> predefinedPaths = new HashMap();

    public EntitlementInterceptor() {
        this.predefinedPaths.put("stacks", "stacks");
        this.predefinedPaths.put("accounts", "accounts");
        this.predefinedPaths.put("users", "users");
        this.predefinedPaths.put("projects", "projects");
    }

    @AroundInvoke
    public Object setupEntitlement(InvocationContext invocationContext) throws Exception {
        if (invocationContext.getTarget() instanceof RequestAwareResource) {
            authorizeRequest(invocationContext);
        }
        return invocationContext.proceed();
    }

    private void authorizeRequest(InvocationContext invocationContext) {
        LOG.debug("Intercepted request on resource - request will be authorized.");
        RequestAwareResource requestAwareResource = (RequestAwareResource) invocationContext.getTarget();
        this.entitlementCtx.setAccessToken(this.authTokenResolver.get(requestAwareResource));
        String relativeRequestPath = requestAwareResource.getRelativeRequestPath();
        if (relativeRequestPath.endsWith("/")) {
            relativeRequestPath = relativeRequestPath.substring(0, relativeRequestPath.length() - 1);
        }
        this.entitlementCtx.setAction(requestAwareResource.getHttpMethod());
        String str = this.predefinedPaths.get(relativeRequestPath);
        if (StringUtils.isNotBlank(str)) {
            this.entitlementCtx.setResource(str);
        } else {
            this.entitlementCtx.setResource(requestAwareResource.normalizePath());
        }
        try {
            this.entitlementValidator.validate();
        } catch (ForbiddenException e) {
            throw e;
        }
    }
}
