package org.wso2.ei.dashboard.core.commons.auth;

import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import javax.annotation.Priority;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.apache.logging.log4j.core.jackson.JsonConstants;
import org.glassfish.jersey.server.ContainerRequest;
import org.wso2.ei.dashboard.core.rest.annotation.Secured;
import org.wso2.micro.integrator.dashboard.utils.SSOConfig;

@Secured
@Provider
@Priority(1000)
/* loaded from: input_file:WEB-INF/classes/org/wso2/ei/dashboard/core/commons/auth/AuthenticationFilter.class */
public class AuthenticationFilter implements ContainerRequestFilter {
    private static final String AUTHENTICATION_SCHEME = "Bearer";
    private static final List<String> adminOnlyPaths = Arrays.asList("/log-configs", "/users");

    @Context
    private HttpServletRequest servletRequest;

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) {
        String headerString = containerRequestContext.getHeaderString("Authorization");
        if (!isTokenBasedAuthentication(headerString)) {
            abortWithUnauthorized(containerRequestContext);
            return;
        }
        String trim = headerString.substring(AUTHENTICATION_SCHEME.length()).trim();
        SSOConfig sSOConfig = null;
        if (this.servletRequest.getServletContext().getAttribute("org.wso2.micro.integrator.dashboard.sso.config") instanceof SSOConfig) {
            sSOConfig = (SSOConfig) this.servletRequest.getServletContext().getAttribute("org.wso2.micro.integrator.dashboard.sso.config");
        }
        SecurityHandler securityHandler = getSecurityHandler(trim);
        if (!securityHandler.isAuthenticated(sSOConfig, trim)) {
            abortWithUnauthorized(containerRequestContext);
        }
        if (!isAdminResource(containerRequestContext) || securityHandler.isAuthorized(sSOConfig, trim)) {
            return;
        }
        abortWithUnauthorized(containerRequestContext);
    }

    private static boolean isAdminResource(ContainerRequestContext containerRequestContext) {
        String path = ((ContainerRequest) containerRequestContext).getPath(false);
        return adminOnlyPaths.contains(path.substring(path.lastIndexOf("/")));
    }

    private static SecurityHandler getSecurityHandler(String str) {
        return TokenCache.getInstance().getToken(str) != null ? new InMemorySecurityHandler() : isJWTToken(str) ? new JWTSecurityHandler() : new OpaqueTokenSecurityHandler();
    }

    private boolean isTokenBasedAuthentication(String str) {
        return str != null && str.toLowerCase().startsWith(new StringBuilder().append(AUTHENTICATION_SCHEME.toLowerCase()).append(" ").toString());
    }

    private void abortWithUnauthorized(ContainerRequestContext containerRequestContext) {
        HashMap hashMap = new HashMap();
        hashMap.put(JsonConstants.ELT_MESSAGE, "Unauthorized");
        containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity(hashMap).header("content-type", "application/json").build());
    }

    private static boolean isJWTToken(String str) {
        return str.split("\\.").length >= 2;
    }
}
