package org.wso2.ei.dashboard.core.commons.auth;

import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.Priority;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.glassfish.jersey.server.ContainerRequest;
import org.wso2.ei.dashboard.core.commons.Constants;
import org.wso2.ei.dashboard.core.rest.annotation.Secured;
import org.wso2.micro.integrator.dashboard.utils.SSOConfig;

@Secured
@Provider
@Priority(1000)
/* loaded from: input_file:WEB-INF/classes/org/wso2/ei/dashboard/core/commons/auth/AuthenticationFilter.class */
public class AuthenticationFilter implements ContainerRequestFilter {
    private static final String AUTHENTICATION_SCHEME = "Bearer";
    private static final List<String> adminOnlyPaths = Arrays.asList("/log-configs", "/users");

    @Context
    private HttpServletRequest servletRequest;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v37, types: [org.wso2.ei.dashboard.core.commons.auth.SecurityHandler] */
    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) {
        String value;
        InMemorySecurityHandler inMemorySecurityHandler;
        String headerString = containerRequestContext.getHeaderString("Authorization");
        Map<String, Cookie> cookies = containerRequestContext.getCookies();
        if (isTokenBasedAuthentication(headerString)) {
            value = headerString.substring(AUTHENTICATION_SCHEME.length()).trim();
            inMemorySecurityHandler = getSSOSecurityHandler(value);
        } else if (!isCookieBasedAuthentication(cookies)) {
            abortWithUnauthorized(containerRequestContext);
            return;
        } else {
            value = cookies.get(Constants.JWT_COOKIE).getValue();
            inMemorySecurityHandler = new InMemorySecurityHandler();
        }
        SSOConfig sSOConfig = null;
        if (this.servletRequest.getServletContext().getAttribute("org.wso2.micro.integrator.dashboard.sso.config") instanceof SSOConfig) {
            sSOConfig = (SSOConfig) this.servletRequest.getServletContext().getAttribute("org.wso2.micro.integrator.dashboard.sso.config");
        }
        if (!inMemorySecurityHandler.isAuthenticated(sSOConfig, value)) {
            abortWithUnauthorized(containerRequestContext);
        }
        if (!isAdminResource(containerRequestContext) || inMemorySecurityHandler.isAuthorized(sSOConfig, value)) {
            return;
        }
        abortWithUnauthorized(containerRequestContext);
    }

    private static boolean isAdminResource(ContainerRequestContext containerRequestContext) {
        String path = ((ContainerRequest) containerRequestContext).getPath(false);
        return adminOnlyPaths.contains(path.substring(path.lastIndexOf(Constants.DOMAIN_SEPARATOR)));
    }

    private static SecurityHandler getSSOSecurityHandler(String str) {
        return isJWTToken(str) ? new JWTSecurityHandler() : new OpaqueTokenSecurityHandler();
    }

    private boolean isTokenBasedAuthentication(String str) {
        return str != null && str.toLowerCase().startsWith(new StringBuilder().append(AUTHENTICATION_SCHEME.toLowerCase()).append(" ").toString());
    }

    private boolean isCookieBasedAuthentication(Map<String, Cookie> map) {
        return (map == null || map.get(Constants.JWT_COOKIE) == null) ? false : true;
    }

    private void abortWithUnauthorized(ContainerRequestContext containerRequestContext) {
        HashMap hashMap = new HashMap();
        hashMap.put("message", "Unauthorized");
        containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity(hashMap).header("content-type", "application/json").build());
    }

    private static boolean isJWTToken(String str) {
        return str.split("\\.").length >= 2;
    }
}
