package org.openmetadata.service.security;

import com.google.common.base.Strings;
import javax.annotation.Priority;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.MultivaluedMap;
import org.openmetadata.schema.api.security.AuthenticationConfiguration;
import org.openmetadata.schema.api.security.AuthorizerConfiguration;
import org.openmetadata.service.security.auth.CatalogSecurityContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Priority(100)
/* loaded from: input_file:org/openmetadata/service/security/CatalogOpenIdAuthorizationRequestFilter.class */
public class CatalogOpenIdAuthorizationRequestFilter implements ContainerRequestFilter {
    private static final Logger LOG = LoggerFactory.getLogger(CatalogOpenIdAuthorizationRequestFilter.class);
    public static final String X_AUTH_PARAMS_EMAIL_HEADER = "X-Auth-Params-Email";
    public static final String EMAIL_ADDRESS = "emailAddress";
    private static final String HEALTH_END_POINT = "health";

    private CatalogOpenIdAuthorizationRequestFilter() {
    }

    public CatalogOpenIdAuthorizationRequestFilter(AuthenticationConfiguration authenticationConfiguration, AuthorizerConfiguration authorizerConfiguration) {
    }

    public void filter(ContainerRequestContext containerRequestContext) {
        if (isHealthEndpoint(containerRequestContext)) {
            LOG.debug("Caller is health-agent, no authorization needed.");
            return;
        }
        String extractAuthorizedUserName = extractAuthorizedUserName(containerRequestContext.getHeaders());
        LOG.debug("AuthorizedUserName:{}", extractAuthorizedUserName);
        CatalogSecurityContext catalogSecurityContext = new CatalogSecurityContext(new CatalogPrincipal(extractAuthorizedUserName), containerRequestContext.getUriInfo().getRequestUri().getScheme(), CatalogSecurityContext.OPENID_AUTH);
        LOG.debug("SecurityContext {}", catalogSecurityContext);
        containerRequestContext.setSecurityContext(catalogSecurityContext);
    }

    protected boolean isHealthEndpoint(ContainerRequestContext containerRequestContext) {
        return containerRequestContext.getUriInfo().getPath().equalsIgnoreCase(HEALTH_END_POINT);
    }

    protected String extractAuthorizedUserName(MultivaluedMap<String, String> multivaluedMap) {
        LOG.debug("Request Headers:{}", multivaluedMap);
        String str = (String) multivaluedMap.getFirst(X_AUTH_PARAMS_EMAIL_HEADER);
        if (Strings.isNullOrEmpty(str)) {
            throw new AuthenticationException("Not authorized; User's Email is not present");
        }
        return str.split("@")[0];
    }

    protected String extractAuthorizedEmailAddress(MultivaluedMap<String, String> multivaluedMap) {
        LOG.debug("Request Headers:{}", multivaluedMap);
        String str = (String) multivaluedMap.getFirst(X_AUTH_PARAMS_EMAIL_HEADER);
        if (Strings.isNullOrEmpty(str)) {
            throw new AuthenticationException("Not authorized; User's Email is not present");
        }
        return str;
    }
}
