package com.bazaarvoice.emodb.auth.jersey;

import com.bazaarvoice.emodb.auth.permissions.MatchingPermission;
import com.google.common.base.Function;
import com.sun.jersey.api.core.HttpRequestContext;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import com.sun.jersey.spi.container.ContainerResponseFilter;
import com.sun.jersey.spi.container.ResourceFilter;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.util.ThreadContext;

/* loaded from: input_file:com/bazaarvoice/emodb/auth/jersey/AuthorizationResourceFilter.class */
public class AuthorizationResourceFilter implements ResourceFilter, ContainerRequestFilter {
    private final String[] _permissions;
    private final Logical _logical;
    private final Map<String, Function<HttpRequestContext, String>> _substitutions;

    public AuthorizationResourceFilter(List<String> list, Logical logical, Map<String, Function<HttpRequestContext, String>> map) {
        this._permissions = (String[]) list.toArray(new String[list.size()]);
        this._logical = logical;
        this._substitutions = map;
    }

    @Override // com.sun.jersey.spi.container.ResourceFilter
    public ContainerRequestFilter getRequestFilter() {
        return this;
    }

    @Override // com.sun.jersey.spi.container.ResourceFilter
    public ContainerResponseFilter getResponseFilter() {
        return null;
    }

    @Override // com.sun.jersey.spi.container.ContainerRequestFilter
    public ContainerRequest filter(ContainerRequest containerRequest) {
        org.apache.shiro.subject.Subject subject = ThreadContext.getSubject();
        String[] resolvePermissions = resolvePermissions(containerRequest);
        if (resolvePermissions.length == 1 || this._logical == Logical.AND) {
            subject.checkPermissions(resolvePermissions);
        } else {
            boolean z = false;
            int i = 0;
            while (!z) {
                try {
                    subject.checkPermission(resolvePermissions[i]);
                    z = true;
                } catch (AuthorizationException e) {
                    i++;
                    if (i == resolvePermissions.length) {
                        throw e;
                    }
                }
            }
        }
        return containerRequest;
    }

    private String[] resolvePermissions(ContainerRequest containerRequest) {
        String[] strArr = this._permissions;
        if (this._substitutions.isEmpty()) {
            return strArr;
        }
        String[] strArr2 = new String[strArr.length];
        System.arraycopy(strArr, 0, strArr2, 0, strArr.length);
        for (Map.Entry<String, Function<HttpRequestContext, String>> entry : this._substitutions.entrySet()) {
            String quote = Pattern.quote(entry.getKey());
            String quoteReplacement = Matcher.quoteReplacement(MatchingPermission.escape(entry.getValue().apply(containerRequest)));
            for (int i = 0; i < strArr.length; i++) {
                strArr2[i] = strArr2[i].replaceAll(quote, quoteReplacement);
            }
        }
        return strArr2;
    }
}
