package org.lwapp.security.interceptor;

import javax.inject.Inject;
import javax.interceptor.AroundInvoke;
import javax.interceptor.Interceptor;
import javax.interceptor.InvocationContext;
import javax.ws.rs.core.HttpHeaders;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.Validate;
import org.lwapp.commons.exception.UnauthorizedException;
import org.lwapp.security.service.AuthorizationService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Interceptor
/* loaded from: input_file:org/lwapp/security/interceptor/ClientAuthorizationInterceptor.class */
public class ClientAuthorizationInterceptor {
    private static final Logger LOG = LoggerFactory.getLogger(ClientAuthorizationInterceptor.class);
    public static final String AUTHORIZATION_HEADER = "Authorization";
    public static final String APPLICATION_OWNER_ID = "ApplicationOwnerId";
    public static final String APPLICATION_NAME = "ApplicationName";

    @Inject
    private AuthorizationService authenticationService;

    @AroundInvoke
    public Object aroundInvoke(InvocationContext invocationContext) throws Exception {
        LOG.info("Executing operation {}.", invocationContext.getMethod().toGenericString());
        AuthorizeClient authorizeClient = (AuthorizeClient) invocationContext.getMethod().getAnnotation(AuthorizeClient.class);
        if (authorizeClient != null) {
            HttpHeaders httpHeaders = (HttpHeaders) invocationContext.getParameters()[authorizeClient.httpHeaderPosition()];
            Validate.notNull(httpHeaders, "HttpHeaders is missing.", new Object[0]);
            String headerString = httpHeaders.getHeaderString(APPLICATION_OWNER_ID);
            Validate.notBlank(headerString, "Please provide 'ApplicationOwnerId' in header.", new Object[0]);
            String headerString2 = httpHeaders.getHeaderString(AUTHORIZATION_HEADER);
            Validate.notBlank(headerString2, "Please provide 'Basic-Authentication' in header.", new Object[0]);
            String headerString3 = httpHeaders.getHeaderString(APPLICATION_NAME);
            Validate.notBlank(headerString3, "Please provide 'ApplicationName' in header.", new Object[0]);
            boolean authenticate = this.authenticationService.authenticate(headerString2, headerString, headerString3);
            LOG.info("Method:{}, applicationOwnerId:{}, applicationName:{}", new Object[]{invocationContext.getMethod().toGenericString(), headerString, headerString3});
            if (BooleanUtils.isFalse(Boolean.valueOf(authenticate))) {
                throw new UnauthorizedException("Un-authorized application client. Make sure you have used correctly 'apiKey' and 'apiSecret' shall be part of BasicAuthentication. Please check headers for 'applicationName' and 'applicationOwnerId' entries aswell.");
            }
        }
        return invocationContext.proceed();
    }
}
