package org.eclipse.hawkbit.security;

import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.eclipse.hawkbit.tenancy.configuration.TenantConfigurationProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/hawkbit-security-integration-0.2.1.jar:org/eclipse/hawkbit/security/ControllerPreAuthenticatedGatewaySecurityTokenFilter.class */
public class ControllerPreAuthenticatedGatewaySecurityTokenFilter extends AbstractControllerAuthenticationFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) ControllerPreAuthenticatedGatewaySecurityTokenFilter.class);
    private static final String GATEWAY_SECURITY_TOKEN_AUTH_SCHEME = "GatewayToken ";
    private static final int OFFSET_GATEWAY_TOKEN = GATEWAY_SECURITY_TOKEN_AUTH_SCHEME.length();
    private final GetGatewaySecurityConfigurationKeyTenantRunner gatewaySecurityTokenKeyConfigRunner;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/hawkbit-security-integration-0.2.1.jar:org/eclipse/hawkbit/security/ControllerPreAuthenticatedGatewaySecurityTokenFilter$GetGatewaySecurityConfigurationKeyTenantRunner.class */
    public final class GetGatewaySecurityConfigurationKeyTenantRunner implements TenantAware.TenantRunner<String> {
        private GetGatewaySecurityConfigurationKeyTenantRunner() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.eclipse.hawkbit.tenancy.TenantAware.TenantRunner
        public String run() {
            ControllerPreAuthenticatedGatewaySecurityTokenFilter.LOGGER.trace("retrieving configuration value for configuration key {}", TenantConfigurationProperties.TenantConfigurationKey.AUTHENTICATION_MODE_GATEWAY_SECURITY_TOKEN_KEY);
            return (String) ControllerPreAuthenticatedGatewaySecurityTokenFilter.this.systemSecurityContext.runAsSystem(() -> {
                return (String) ControllerPreAuthenticatedGatewaySecurityTokenFilter.this.tenantConfigurationManagement.getConfigurationValue(TenantConfigurationProperties.TenantConfigurationKey.AUTHENTICATION_MODE_GATEWAY_SECURITY_TOKEN_KEY, String.class).getValue();
            });
        }
    }

    public ControllerPreAuthenticatedGatewaySecurityTokenFilter(TenantConfigurationManagement tenantConfigurationManagement, TenantAware tenantAware, SystemSecurityContext systemSecurityContext) {
        super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
        this.gatewaySecurityTokenKeyConfigRunner = new GetGatewaySecurityConfigurationKeyTenantRunner();
    }

    @Override // org.eclipse.hawkbit.security.PreAuthenticationFilter
    public HeaderAuthentication getPreAuthenticatedPrincipal(DmfTenantSecurityToken dmfTenantSecurityToken) {
        String header = dmfTenantSecurityToken.getHeader("Authorization");
        if (header == null || !header.startsWith(GATEWAY_SECURITY_TOKEN_AUTH_SCHEME)) {
            LOGGER.debug("security token filter is enabled but request does not contain either the necessary secruity token {} or the authorization header with scheme {}", dmfTenantSecurityToken, GATEWAY_SECURITY_TOKEN_AUTH_SCHEME);
            return null;
        }
        LOGGER.debug("found authorization header with scheme {} using target security token for authentication", GATEWAY_SECURITY_TOKEN_AUTH_SCHEME);
        return new HeaderAuthentication(dmfTenantSecurityToken.getControllerId(), header.substring(OFFSET_GATEWAY_TOKEN));
    }

    @Override // org.eclipse.hawkbit.security.PreAuthenticationFilter
    public HeaderAuthentication getPreAuthenticatedCredentials(DmfTenantSecurityToken dmfTenantSecurityToken) {
        return new HeaderAuthentication(dmfTenantSecurityToken.getControllerId(), (String) this.tenantAware.runAsTenant(dmfTenantSecurityToken.getTenant(), this.gatewaySecurityTokenKeyConfigRunner));
    }

    @Override // org.eclipse.hawkbit.security.AbstractControllerAuthenticationFilter
    protected String getTenantConfigurationKey() {
        return TenantConfigurationProperties.TenantConfigurationKey.AUTHENTICATION_MODE_GATEWAY_SECURITY_TOKEN_ENABLED;
    }
}
