package org.eclipse.hawkbit.security;

import java.util.Arrays;
import java.util.List;
import java.util.stream.Collectors;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.config.Elements;

/* loaded from: input_file:BOOT-INF/lib/hawkbit-security-integration-0.2.0M8.jar:org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilter.class */
public class ControllerPreAuthenticatedSecurityHeaderFilter extends AbstractControllerAuthenticationFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) ControllerPreAuthenticatedSecurityHeaderFilter.class);
    private static final Logger LOG_SECURITY_AUTH = LoggerFactory.getLogger("server-security.authentication");
    private final GetSecurityAuthorityNameTenantRunner sslIssuerNameConfigTenantRunner;
    private final String caCommonNameHeader;
    private final String sslIssuerHashBasicHeader;

    /* loaded from: input_file:BOOT-INF/lib/hawkbit-security-integration-0.2.0M8.jar:org/eclipse/hawkbit/security/ControllerPreAuthenticatedSecurityHeaderFilter$GetSecurityAuthorityNameTenantRunner.class */
    private final class GetSecurityAuthorityNameTenantRunner implements TenantAware.TenantRunner<String> {
        private GetSecurityAuthorityNameTenantRunner() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.eclipse.hawkbit.tenancy.TenantAware.TenantRunner
        public String run() {
            return (String) ControllerPreAuthenticatedSecurityHeaderFilter.this.systemSecurityContext.runAsSystem(() -> {
                return (String) ControllerPreAuthenticatedSecurityHeaderFilter.this.tenantConfigurationManagement.getConfigurationValue(TenantConfigurationProperties.TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_AUTHORITY_NAME, String.class).getValue();
            });
        }
    }

    public ControllerPreAuthenticatedSecurityHeaderFilter(String str, String str2, TenantConfigurationManagement tenantConfigurationManagement, TenantAware tenantAware, SystemSecurityContext systemSecurityContext) {
        super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
        this.sslIssuerNameConfigTenantRunner = new GetSecurityAuthorityNameTenantRunner();
        this.caCommonNameHeader = str;
        this.sslIssuerHashBasicHeader = str2;
    }

    @Override // org.eclipse.hawkbit.security.PreAuthenticationFilter
    public HeaderAuthentication getPreAuthenticatedPrincipal(DmfTenantSecurityToken dmfTenantSecurityToken) {
        String header = dmfTenantSecurityToken.getHeader(this.caCommonNameHeader);
        String issuerHashHeader = getIssuerHashHeader(dmfTenantSecurityToken, (String) this.tenantAware.runAsTenant(dmfTenantSecurityToken.getTenant(), this.sslIssuerNameConfigTenantRunner));
        if (header != null && LOGGER.isTraceEnabled()) {
            LOGGER.trace("Found commonNameHeader {}={}, using as credentials", this.caCommonNameHeader, header);
        }
        if (issuerHashHeader != null && LOGGER.isTraceEnabled()) {
            LOGGER.trace("Found sslIssuerHash ****, using as credentials for tenant {}", dmfTenantSecurityToken.getTenant());
        }
        if (header == null || issuerHashHeader == null) {
            return null;
        }
        return new HeaderAuthentication(header, issuerHashHeader);
    }

    @Override // org.eclipse.hawkbit.security.PreAuthenticationFilter
    public Object getPreAuthenticatedCredentials(DmfTenantSecurityToken dmfTenantSecurityToken) {
        String str = (String) this.tenantAware.runAsTenant(dmfTenantSecurityToken.getTenant(), this.sslIssuerNameConfigTenantRunner);
        String controllerId = dmfTenantSecurityToken.getControllerId();
        if (controllerId == null || Elements.ANONYMOUS.equals(controllerId)) {
            controllerId = dmfTenantSecurityToken.getHeader(this.caCommonNameHeader);
        }
        List<String> splitMultiHashBySemicolon = splitMultiHashBySemicolon(str);
        String str2 = controllerId;
        return splitMultiHashBySemicolon.stream().map(str3 -> {
            return new HeaderAuthentication(str2, str3);
        }).collect(Collectors.toSet());
    }

    private String getIssuerHashHeader(DmfTenantSecurityToken dmfTenantSecurityToken, String str) {
        List<String> splitMultiHashBySemicolon = splitMultiHashBySemicolon(str);
        int i = 1;
        while (true) {
            String header = dmfTenantSecurityToken.getHeader(String.format(this.sslIssuerHashBasicHeader, Integer.valueOf(i)));
            if (header == null) {
                LOG_SECURITY_AUTH.debug("Certifacte request but no matching hash found in headers {} for common name {} in request", this.sslIssuerHashBasicHeader, dmfTenantSecurityToken.getHeader(this.caCommonNameHeader));
                return null;
            }
            if (splitMultiHashBySemicolon.contains(header.toLowerCase())) {
                if (LOGGER.isTraceEnabled()) {
                    LOGGER.trace("Found matching ssl issuer hash at position {}", Integer.valueOf(i));
                }
                return header.toLowerCase();
            }
            i++;
        }
    }

    @Override // org.eclipse.hawkbit.security.AbstractControllerAuthenticationFilter
    protected String getTenantConfigurationKey() {
        return TenantConfigurationProperties.TenantConfigurationKey.AUTHENTICATION_MODE_HEADER_ENABLED;
    }

    private static List<String> splitMultiHashBySemicolon(String str) {
        return (List) Arrays.stream(str.split(";|,")).map((v0) -> {
            return v0.toLowerCase();
        }).collect(Collectors.toList());
    }
}
