package org.forgerock.openam.rest;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.forgerock.http.protocol.Status;
import org.forgerock.json.resource.ActionRequest;
import org.forgerock.json.resource.ActionResponse;
import org.forgerock.json.resource.CreateRequest;
import org.forgerock.json.resource.DeleteRequest;
import org.forgerock.json.resource.Filter;
import org.forgerock.json.resource.PatchRequest;
import org.forgerock.json.resource.QueryRequest;
import org.forgerock.json.resource.QueryResourceHandler;
import org.forgerock.json.resource.QueryResponse;
import org.forgerock.json.resource.ReadRequest;
import org.forgerock.json.resource.RequestHandler;
import org.forgerock.json.resource.ResourceException;
import org.forgerock.json.resource.ResourceResponse;
import org.forgerock.json.resource.Response;
import org.forgerock.json.resource.UpdateRequest;
import org.forgerock.services.context.Context;
import org.forgerock.services.context.SecurityContext;
import org.forgerock.util.promise.Promise;

/* loaded from: input_file:org/forgerock/openam/rest/AuthenticationEnforcer.class */
public class AuthenticationEnforcer implements Filter {
    private boolean exceptCreate = false;
    private boolean exceptRead = false;
    private boolean exceptUpdate = false;
    private boolean exceptDelete = false;
    private boolean exceptPatch = false;
    private List<String> exceptActions = new ArrayList();
    private boolean exceptQuery = false;

    public AuthenticationEnforcer exceptCreate() {
        this.exceptCreate = true;
        return this;
    }

    public AuthenticationEnforcer exceptRead() {
        this.exceptRead = true;
        return this;
    }

    public AuthenticationEnforcer exceptUpdate() {
        this.exceptUpdate = true;
        return this;
    }

    public AuthenticationEnforcer exceptDelete() {
        this.exceptDelete = true;
        return this;
    }

    public AuthenticationEnforcer exceptPatch() {
        this.exceptPatch = true;
        return this;
    }

    public AuthenticationEnforcer exceptActions(String... strArr) {
        this.exceptActions.addAll(Arrays.asList(strArr));
        return this;
    }

    public AuthenticationEnforcer exceptQuery() {
        this.exceptQuery = true;
        return this;
    }

    public Promise<ActionResponse, ResourceException> filterAction(Context context, ActionRequest actionRequest, RequestHandler requestHandler) {
        return (this.exceptActions.contains(actionRequest.getAction()) || isAuthenticated(context)) ? requestHandler.handleAction(context, actionRequest) : unauthorizedResponse();
    }

    public Promise<ResourceResponse, ResourceException> filterCreate(Context context, CreateRequest createRequest, RequestHandler requestHandler) {
        return (this.exceptCreate || isAuthenticated(context)) ? requestHandler.handleCreate(context, createRequest) : unauthorizedResponse();
    }

    public Promise<ResourceResponse, ResourceException> filterDelete(Context context, DeleteRequest deleteRequest, RequestHandler requestHandler) {
        return (this.exceptDelete || isAuthenticated(context)) ? requestHandler.handleDelete(context, deleteRequest) : unauthorizedResponse();
    }

    public Promise<ResourceResponse, ResourceException> filterPatch(Context context, PatchRequest patchRequest, RequestHandler requestHandler) {
        return (this.exceptPatch || isAuthenticated(context)) ? requestHandler.handlePatch(context, patchRequest) : unauthorizedResponse();
    }

    public Promise<QueryResponse, ResourceException> filterQuery(Context context, QueryRequest queryRequest, QueryResourceHandler queryResourceHandler, RequestHandler requestHandler) {
        return (this.exceptQuery || isAuthenticated(context)) ? requestHandler.handleQuery(context, queryRequest, queryResourceHandler) : unauthorizedResponse();
    }

    public Promise<ResourceResponse, ResourceException> filterRead(Context context, ReadRequest readRequest, RequestHandler requestHandler) {
        return (this.exceptRead || isAuthenticated(context)) ? requestHandler.handleRead(context, readRequest) : unauthorizedResponse();
    }

    public Promise<ResourceResponse, ResourceException> filterUpdate(Context context, UpdateRequest updateRequest, RequestHandler requestHandler) {
        return (this.exceptUpdate || isAuthenticated(context)) ? requestHandler.handleUpdate(context, updateRequest) : unauthorizedResponse();
    }

    private boolean isAuthenticated(Context context) {
        return context.containsContext(SecurityContext.class) && ServerContextHelper.getCookieFromServerContext(context) != null;
    }

    private <T extends Response> Promise<T, ResourceException> unauthorizedResponse() {
        return ResourceException.getException(Status.UNAUTHORIZED.getCode(), "Access Denied").asPromise();
    }
}
