package org.realityforge.replicant.server.ee.rest;

import java.util.Collection;
import java.util.Objects;
import java.util.function.Supplier;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import org.keycloak.adapters.OidcKeycloakAccount;
import org.realityforge.keycloak.sks.SimpleAuthService;
import org.realityforge.replicant.server.ChannelAddress;
import org.realityforge.replicant.server.transport.ReplicantSession;

/* loaded from: input_file:org/realityforge/replicant/server/ee/rest/AbstractSecuredSessionRestService.class */
public abstract class AbstractSecuredSessionRestService extends AbstractSessionRestService {
    @Nonnull
    protected abstract SimpleAuthService getAuthService();

    protected boolean disableSecurity() {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.realityforge.replicant.server.ee.rest.AbstractSessionRestService
    @Nonnull
    public Response doCreateSession() {
        return (disableSecurity() || null != getAuthService().findAccount()) ? super.doCreateSession() : createForbiddenResponse();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.realityforge.replicant.server.ee.rest.AbstractSessionRestService
    @Nonnull
    public Response doDeleteSession(@Nonnull String str) {
        return guard(str, () -> {
            return super.doDeleteSession(str);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.realityforge.replicant.server.ee.rest.AbstractSessionRestService
    @Nonnull
    public Response doListSessions(@Nonnull UriInfo uriInfo) {
        return disableSecurity() ? super.doListSessions(uriInfo) : createForbiddenResponse();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.realityforge.replicant.server.ee.rest.AbstractSessionRestService
    @Nonnull
    public Response doGetSession(@Nonnull String str, @Nonnull UriInfo uriInfo) {
        return guard(str, () -> {
            return super.doGetSession(str, uriInfo);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.realityforge.replicant.server.ee.rest.AbstractSessionRestService
    @Nonnull
    public Response doSubscribeChannel(@Nonnull String str, @Nullable Integer num, @Nullable String str2, @Nonnull ChannelAddress channelAddress, @Nonnull String str3) {
        return guard(str, () -> {
            return super.doSubscribeChannel(str, num, str2, channelAddress, str3);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.realityforge.replicant.server.ee.rest.AbstractSessionRestService
    @Nonnull
    public Response doUnsubscribeChannel(@Nonnull String str, @Nullable Integer num, @Nonnull ChannelAddress channelAddress) {
        return guard(str, () -> {
            return super.doUnsubscribeChannel(str, num, channelAddress);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.realityforge.replicant.server.ee.rest.AbstractSessionRestService
    @Nonnull
    public Response doGetChannel(@Nonnull String str, @Nonnull ChannelAddress channelAddress, @Nonnull UriInfo uriInfo) {
        return guard(str, () -> {
            return super.doGetChannel(str, channelAddress, uriInfo);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.realityforge.replicant.server.ee.rest.AbstractSessionRestService
    @Nonnull
    public Response doGetChannels(@Nonnull String str, @Nonnull UriInfo uriInfo) {
        return guard(str, () -> {
            return super.doGetChannels(str, uriInfo);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.realityforge.replicant.server.ee.rest.AbstractSessionRestService
    @Nonnull
    public Response doBulkSubscribeChannel(@Nonnull String str, @Nullable Integer num, int i, @Nonnull Collection<Integer> collection, @Nonnull String str2) {
        return guard(str, () -> {
            return super.doBulkSubscribeChannel(str, num, i, collection, str2);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.realityforge.replicant.server.ee.rest.AbstractSessionRestService
    @Nonnull
    public Response doBulkUnsubscribeChannel(@Nonnull String str, @Nullable Integer num, int i, @Nonnull Collection<Integer> collection) {
        return guard(str, () -> {
            return super.doBulkUnsubscribeChannel(str, num, i, collection);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.realityforge.replicant.server.ee.rest.AbstractSessionRestService
    @Nonnull
    public Response doGetInstanceChannels(@Nonnull String str, int i, @Nonnull UriInfo uriInfo) {
        return guard(str, () -> {
            return super.doGetInstanceChannels(str, i, uriInfo);
        });
    }

    @Nonnull
    private Response guard(@Nonnull String str, @Nonnull Supplier<Response> supplier) {
        return (disableSecurity() || doesCurrentUserMatchSession(str)) ? supplier.get() : createForbiddenResponse();
    }

    private boolean doesCurrentUserMatchSession(@Nonnull String str) {
        OidcKeycloakAccount findAccount = getAuthService().findAccount();
        return null != findAccount && doesUserMatchSession(str, findAccount);
    }

    private boolean doesUserMatchSession(@Nonnull String str, @Nonnull OidcKeycloakAccount oidcKeycloakAccount) {
        String preferredUsername = oidcKeycloakAccount.getKeycloakSecurityContext().getToken().getPreferredUsername();
        ReplicantSession session = getSessionManager().getSession(str);
        return null != session && Objects.equals(session.getUserID(), preferredUsername);
    }

    private Response createForbiddenResponse() {
        return standardResponse(Response.Status.FORBIDDEN, "No user authenticated or user does not have permission to perform action.");
    }
}
