package org.apache.pulsar.websocket.admin;

import javax.naming.AuthenticationException;
import org.apache.pulsar.broker.authentication.AuthenticationDataHttps;
import org.apache.pulsar.shade.javax.servlet.ServletContext;
import org.apache.pulsar.shade.javax.servlet.http.HttpServletRequest;
import org.apache.pulsar.shade.javax.ws.rs.core.Context;
import org.apache.pulsar.shade.javax.ws.rs.core.Response;
import org.apache.pulsar.shade.javax.ws.rs.core.UriInfo;
import org.apache.pulsar.shade.org.apache.commons.lang3.StringUtils;
import org.apache.pulsar.shade.org.apache.pulsar.common.naming.TopicName;
import org.apache.pulsar.websocket.WebSocketService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/pulsar/websocket/admin/WebSocketWebResource.class */
public class WebSocketWebResource {
    public static final String ATTRIBUTE_PROXY_SERVICE_NAME = "webProxyService";
    public static final String ADMIN_PATH_V1 = "/admin";
    public static final String ADMIN_PATH_V2 = "/admin/v2";

    @Context
    protected ServletContext servletContext;

    @Context
    protected HttpServletRequest httpRequest;

    @Context
    protected UriInfo uri;
    private WebSocketService socketService;
    private String clientId;
    private AuthenticationDataHttps authData;
    private static final Logger log = LoggerFactory.getLogger(WebSocketWebResource.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public WebSocketService service() {
        if (this.socketService == null) {
            this.socketService = (WebSocketService) this.servletContext.getAttribute(ATTRIBUTE_PROXY_SERVICE_NAME);
        }
        return this.socketService;
    }

    public String clientAppId() {
        if (StringUtils.isBlank(this.clientId)) {
            try {
                this.clientId = service().getAuthenticationService().authenticateHttpRequest(this.httpRequest);
            } catch (AuthenticationException e) {
                if (service().getConfig().isAuthenticationEnabled()) {
                    throw new RestException(Response.Status.UNAUTHORIZED, "Failed to get clientId from request");
                }
            }
            if (StringUtils.isBlank(this.clientId) && service().getConfig().isAuthenticationEnabled()) {
                throw new RestException(Response.Status.UNAUTHORIZED, "Failed to get auth data from the request");
            }
        }
        return this.clientId;
    }

    public AuthenticationDataHttps authData() {
        if (this.authData == null) {
            this.authData = new AuthenticationDataHttps(this.httpRequest);
        }
        return this.authData;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateSuperUserAccess() {
        if (service().getConfig().isAuthenticationEnabled()) {
            String clientAppId = clientAppId();
            if (log.isDebugEnabled()) {
                log.debug("[{}] Check super user access: Authenticated: {} -- Role: {}", new Object[]{this.uri.getRequestUri(), clientAppId(), clientAppId});
            }
            if (!service().getConfig().getSuperUserRoles().contains(clientAppId)) {
                throw new RestException(Response.Status.UNAUTHORIZED, "This operation requires super-user access");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateUserAccess(TopicName topicName) {
        boolean isAuthorized;
        try {
            validateSuperUserAccess();
            isAuthorized = true;
        } catch (Exception e) {
            try {
                isAuthorized = isAuthorized(topicName);
            } catch (Exception e2) {
                throw new RestException(e2);
            }
        }
        if (!isAuthorized) {
            throw new RestException(Response.Status.UNAUTHORIZED, "Don't have permission to access this topic");
        }
    }

    protected boolean isAuthorized(TopicName topicName) throws Exception {
        if (service().isAuthorizationEnabled()) {
            return service().getAuthorizationService().canLookup(topicName, clientAppId(), authData());
        }
        return true;
    }
}
