package com.fnklabs.splac.secure;

import com.fnklabs.splac.DefaultHttpServlet;
import com.fnklabs.splac.ImmediateResponse;
import com.fnklabs.splac.MetricsFactory;
import com.fnklabs.splac.Response;
import com.fnklabs.splac.Serializer;
import com.fnklabs.splac.StatusCode;
import com.fnklabs.splac.secure.AuthorizedRequest;
import java.util.concurrent.ExecutorService;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:com/fnklabs/splac/secure/AuthorizedHttpServlet.class */
public abstract class AuthorizedHttpServlet<InputRequest extends AuthorizedRequest, OutputType> extends DefaultHttpServlet<InputRequest, OutputType> {

    @NotNull
    private final UserService userService;
    private final ThreadLocal<UserToken> userToken;

    public AuthorizedHttpServlet(MetricsFactory metricsFactory, @NotNull ExecutorService executorService, @NotNull UserService userService, Serializer serializer, Class<InputRequest> cls) {
        super(metricsFactory, executorService, serializer, cls);
        this.userToken = new ThreadLocal<>();
        this.userService = userService;
    }

    public AuthorizedHttpServlet(long j, @NotNull ExecutorService executorService, @NotNull UserService userService, Serializer serializer, Class<InputRequest> cls, MetricsFactory metricsFactory) {
        super(j, executorService, metricsFactory, serializer, cls);
        this.userToken = new ThreadLocal<>();
        this.userService = userService;
    }

    protected UserToken getUserToken() {
        return this.userToken.get();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.fnklabs.splac.DefaultHttpServlet
    public void prepareRequest(@NotNull InputRequest inputrequest) throws ImmediateResponse {
        try {
            UserToken authenticate = authenticate(inputrequest);
            Secured secured = (Secured) getClass().getAnnotation(Secured.class);
            if (secured != null && secured.value() != null) {
                boolean z = false;
                for (String str : secured.value()) {
                    try {
                        this.userService.authorize(authenticate, str);
                        z = true;
                        break;
                    } catch (InsufficientPrivileges e) {
                    }
                }
                if (!z) {
                    throw new ImmediateResponse(new Response(inputrequest.getId(), StatusCode.AUTHORIZATION_ERROR));
                }
            }
            this.userToken.set(authenticate);
        } catch (UserNotFoundException e2) {
            throw new ImmediateResponse(new Response(inputrequest.getId(), StatusCode.AUTHENTICATION_ERROR));
        }
    }

    @Override // com.fnklabs.splac.DefaultHttpServlet
    protected void afterExecute(@NotNull Response response) throws ImmediateResponse {
        this.userToken.remove();
    }

    protected UserToken authenticate(InputRequest inputrequest) throws UserNotFoundException {
        UserToken authenticate = this.userService.authenticate(inputrequest.getUser(), inputrequest.getToken());
        if (authenticate == null) {
            throw new UserNotFoundException(String.format("User %s not found", inputrequest.getUser()));
        }
        return authenticate;
    }
}
