package org.killbill.billing.util.security;

import com.google.common.collect.ImmutableList;
import java.lang.annotation.Annotation;
import javax.inject.Inject;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.aop.AuthorizingAnnotationHandler;
import org.killbill.billing.callcontext.DefaultTenantContext;
import org.killbill.billing.security.RequiresPermissions;
import org.killbill.billing.security.SecurityApiException;
import org.killbill.billing.security.api.SecurityApi;
import org.killbill.billing.util.callcontext.TenantContext;

/* loaded from: input_file:WEB-INF/lib/killbill-util-0.18.4.jar:org/killbill/billing/util/security/PermissionAnnotationHandler.class */
public class PermissionAnnotationHandler extends AuthorizingAnnotationHandler {
    private final TenantContext context;

    @Inject
    SecurityApi securityApi;

    public PermissionAnnotationHandler() {
        super(RequiresPermissions.class);
        this.context = new DefaultTenantContext(null);
    }

    @Override // org.apache.shiro.authz.aop.AuthorizingAnnotationHandler
    public void assertAuthorized(Annotation annotation) throws AuthorizationException {
        if (annotation instanceof RequiresPermissions) {
            RequiresPermissions requiresPermissions = (RequiresPermissions) annotation;
            try {
                this.securityApi.checkCurrentUserPermissions(ImmutableList.copyOf(requiresPermissions.value()), requiresPermissions.logical(), this.context);
            } catch (SecurityApiException e) {
                if (e.getCause() != null && (e.getCause() instanceof AuthorizationException)) {
                    throw ((AuthorizationException) e.getCause());
                }
                if (e.getCause() == null) {
                    throw new AuthorizationException(e);
                }
                throw new AuthorizationException(e.getCause());
            }
        }
    }
}
