package io.hops.hopsworks.ca.api.filter;

import com.auth0.jwt.algorithms.Algorithm;
import com.auth0.jwt.interfaces.DecodedJWT;
import io.hops.hopsworks.api.auth.key.ApiKeyFilter;
import io.hops.hopsworks.api.auth.key.ApiKeyRequired;
import io.hops.hopsworks.ca.api.exception.mapper.CAJsonResponse;
import io.hops.hopsworks.ca.configuration.CAConf;
import io.hops.hopsworks.jwt.AlgorithmFactory;
import io.hops.hopsworks.jwt.Constants;
import io.hops.hopsworks.jwt.JWTController;
import io.hops.hopsworks.jwt.annotation.JWTRequired;
import io.hops.hopsworks.jwt.exception.SigningKeyNotFoundException;
import io.hops.hopsworks.jwt.filter.JWTFilter;
import io.hops.hopsworks.restutils.RESTCodes;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.Priority;
import javax.ejb.EJB;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Provider;

@Provider
@Priority(1000)
@JWTRequired
/* loaded from: input_file:WEB-INF/classes/io/hops/hopsworks/ca/api/filter/AuthFilter.class */
public class AuthFilter extends JWTFilter {
    private static final Logger LOGGER = Logger.getLogger(AuthFilter.class.getName());

    @EJB
    private JWTController jwtController;

    @EJB
    private AlgorithmFactory algorithmFactory;

    @EJB
    private CAConf CAConf;

    @Context
    private ResourceInfo resourceInfo;

    @Context
    private UriInfo uriInfo;

    @Override // io.hops.hopsworks.jwt.filter.JWTFilter
    public Algorithm getAlgorithm(DecodedJWT decodedJWT) throws SigningKeyNotFoundException {
        return this.algorithmFactory.getAlgorithm(decodedJWT);
    }

    @Override // io.hops.hopsworks.jwt.filter.JWTFilter
    public boolean isTokenValid(DecodedJWT decodedJWT) {
        return !this.jwtController.isTokenInvalidated(decodedJWT);
    }

    @Override // io.hops.hopsworks.jwt.filter.JWTFilter
    public boolean preJWTFilter(ContainerRequestContext containerRequestContext) throws IOException {
        String headerString = containerRequestContext.getHeaderString("Authorization");
        if (headerString == null || !headerString.startsWith(ApiKeyFilter.API_KEY)) {
            return true;
        }
        LOGGER.log(Level.FINEST, "{0} found, leaving JWT interceptor", ApiKeyFilter.API_KEY);
        if (getApiKeyAnnotation() != null) {
            return false;
        }
        containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", Constants.WWW_AUTHENTICATE_VALUE).entity(responseEntity(Response.Status.UNAUTHORIZED, "Authorization method not supported.")).build());
        return false;
    }

    @Override // io.hops.hopsworks.jwt.filter.JWTFilter
    public String getIssuer() {
        return this.CAConf.getString(CAConf.CAConfKeys.JWT_ISSUER);
    }

    @Override // io.hops.hopsworks.jwt.filter.JWTFilter
    public Set<String> allowedRoles() {
        Class<?> resourceClass = this.resourceInfo.getResourceClass();
        JWTRequired jWTRequired = (JWTRequired) this.resourceInfo.getResourceMethod().getAnnotation(JWTRequired.class);
        JWTRequired jWTRequired2 = jWTRequired != null ? jWTRequired : (JWTRequired) resourceClass.getAnnotation(JWTRequired.class);
        if (jWTRequired2 == null) {
            return null;
        }
        return new HashSet(Arrays.asList(jWTRequired2.allowedUserRoles()));
    }

    @Override // io.hops.hopsworks.jwt.filter.JWTFilter
    public Set<String> acceptedTokens() {
        Class<?> resourceClass = this.resourceInfo.getResourceClass();
        JWTRequired jWTRequired = (JWTRequired) this.resourceInfo.getResourceMethod().getAnnotation(JWTRequired.class);
        JWTRequired jWTRequired2 = jWTRequired != null ? jWTRequired : (JWTRequired) resourceClass.getAnnotation(JWTRequired.class);
        if (jWTRequired2 == null) {
            return null;
        }
        return new HashSet(Arrays.asList(jWTRequired2.acceptedTokens()));
    }

    @Override // io.hops.hopsworks.jwt.filter.JWTFilter
    public void postJWTFilter(ContainerRequestContext containerRequestContext, DecodedJWT decodedJWT) throws IOException {
    }

    @Override // io.hops.hopsworks.jwt.filter.JWTFilter
    public Object responseEntity(Response.Status status, String str) {
        CAJsonResponse cAJsonResponse = new CAJsonResponse();
        if (null != status) {
            switch (status) {
                case UNAUTHORIZED:
                    cAJsonResponse.setErrorCode(RESTCodes.SecurityErrorCode.EJB_ACCESS_LOCAL.getCode());
                    break;
                case FORBIDDEN:
                    cAJsonResponse.setErrorCode(RESTCodes.SecurityErrorCode.REST_ACCESS_CONTROL.getCode());
                    break;
                default:
                    cAJsonResponse.setErrorCode(RESTCodes.GenericErrorCode.UNKNOWN_ERROR.getCode());
                    break;
            }
        } else {
            cAJsonResponse.setErrorCode(RESTCodes.GenericErrorCode.UNKNOWN_ERROR.getCode());
        }
        cAJsonResponse.setErrorMsg(str);
        return cAJsonResponse;
    }

    private ApiKeyRequired getApiKeyAnnotation() {
        Class<?> resourceClass = this.resourceInfo.getResourceClass();
        ApiKeyRequired apiKeyRequired = (ApiKeyRequired) this.resourceInfo.getResourceMethod().getAnnotation(ApiKeyRequired.class);
        return apiKeyRequired != null ? apiKeyRequired : (ApiKeyRequired) resourceClass.getAnnotation(ApiKeyRequired.class);
    }
}
