package org.apache.unomi.rest.authentication;

import java.io.IOException;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Priority;
import javax.security.auth.Subject;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import org.apache.commons.lang.time.DateUtils;
import org.apache.cxf.interceptor.security.RolePrefixSecurityContextImpl;
import org.apache.cxf.jaxrs.security.JAASAuthenticationFilter;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.security.SecurityContext;
import org.apache.karaf.jaas.boot.principal.RolePrincipal;
import org.apache.karaf.jaas.boot.principal.UserPrincipal;

@Priority(DateUtils.MILLIS_IN_SECOND)
@PreMatching
/* loaded from: input_file:org/apache/unomi/rest/authentication/AuthenticationFilter.class */
public class AuthenticationFilter implements ContainerRequestFilter {
    public static final String GUEST_USERNAME = "guest";
    public static final String GUEST_DEFAULT_ROLE = "ROLE_UNOMI_PUBLIC";
    private static final List<String> GUEST_ROLES = Collections.singletonList(GUEST_DEFAULT_ROLE);
    private static final Subject GUEST_SUBJECT = new Subject();
    private static final String ROLE_CLASSIFIER = "ROLE_UNOMI";
    private static final String ROLE_CLASSIFIER_TYPE = "prefix";
    private static final String REALM_NAME = "cxs";
    private static final String CONTEXT_NAME = "karaf";
    private final JAASAuthenticationFilter jaasAuthenticationFilter = new JAASAuthenticationFilter();
    private final RestAuthenticationConfig restAuthenticationConfig;

    public AuthenticationFilter(RestAuthenticationConfig restAuthenticationConfig) {
        this.restAuthenticationConfig = restAuthenticationConfig;
        this.jaasAuthenticationFilter.setRoleClassifier(ROLE_CLASSIFIER);
        this.jaasAuthenticationFilter.setRoleClassifierType(ROLE_CLASSIFIER_TYPE);
        this.jaasAuthenticationFilter.setContextName(CONTEXT_NAME);
        this.jaasAuthenticationFilter.setRealmName(REALM_NAME);
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        if (isPublicPath(containerRequestContext)) {
            JAXRSUtils.getCurrentMessage().put(SecurityContext.class, new RolePrefixSecurityContextImpl(GUEST_SUBJECT, ROLE_CLASSIFIER, ROLE_CLASSIFIER_TYPE));
        } else {
            this.jaasAuthenticationFilter.filter(containerRequestContext);
        }
    }

    private boolean isPublicPath(ContainerRequestContext containerRequestContext) {
        if (containerRequestContext.getMethod() == null || containerRequestContext.getMethod().length() > 10 || containerRequestContext.getUriInfo().getPath() == null) {
            return false;
        }
        String str = containerRequestContext.getMethod() + " " + containerRequestContext.getUriInfo().getPath();
        return this.restAuthenticationConfig.getPublicPathPatterns().stream().anyMatch(pattern -> {
            return pattern.matcher(str).matches();
        });
    }

    static {
        GUEST_SUBJECT.getPrincipals().add(new UserPrincipal(GUEST_USERNAME));
        Iterator<String> it = GUEST_ROLES.iterator();
        while (it.hasNext()) {
            GUEST_SUBJECT.getPrincipals().add(new RolePrincipal(it.next()));
        }
    }
}
