package io.confluent.kafkarest.security.filter;

import io.confluent.common.security.auth.AuthenticationModule;
import io.confluent.common.security.auth.AuthenticationModuleFactory;
import io.confluent.common.security.auth.RestAuthType;
import io.confluent.common.security.auth.RestSecurityContext;
import io.confluent.kafkarest.security.config.ConfluentSecureKafkaRestConfig;
import java.io.IOException;
import javax.annotation.Priority;
import javax.security.auth.login.LoginException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Priority(1000)
/* loaded from: input_file:io/confluent/kafkarest/security/filter/AuthenticationFilter.class */
public final class AuthenticationFilter implements ContainerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger(AuthenticationFilter.class);
    private final ConfluentSecureKafkaRestConfig secureKafkaRestConfig;
    private final AuthenticationModule authenticationModule;

    public AuthenticationFilter(ConfluentSecureKafkaRestConfig confluentSecureKafkaRestConfig) {
        this.secureKafkaRestConfig = confluentSecureKafkaRestConfig;
        this.authenticationModule = AuthenticationModuleFactory.getInstance().getAuthenticationModule(RestAuthType.valueOf(this.secureKafkaRestConfig.getString(ConfluentSecureKafkaRestConfig.CONFLUENT_AUTH_PROPAGATE_CONFIG_CONFIG)));
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        if (this.authenticationModule != null) {
            try {
                containerRequestContext.setSecurityContext(new RestSecurityContext(this.authenticationModule.authenticate(containerRequestContext), this.authenticationModule.getAuthScheme()));
            } catch (LoginException e) {
                log.error("Error attempting to authenticate the user ", e);
                containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity("User cannot access the resource.").build());
            }
        }
    }
}
