package io.jans.configapi.filters;

import io.jans.configapi.core.rest.ProtectedApi;
import io.jans.configapi.security.service.AuthorizationService;
import jakarta.annotation.Priority;
import jakarta.inject.Inject;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerRequestFilter;
import jakarta.ws.rs.container.ResourceInfo;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriInfo;
import jakarta.ws.rs.ext.Provider;
import org.slf4j.Logger;

@Provider
@ProtectedApi
@Priority(1000)
/* loaded from: input_file:io/jans/configapi/filters/AuthorizationFilter.class */
public class AuthorizationFilter implements ContainerRequestFilter {
    private static final String AUTHENTICATION_SCHEME = "Bearer";

    @Inject
    Logger log;

    @Context
    UriInfo info;

    @Context
    HttpServletRequest request;

    @Context
    private HttpHeaders httpHeaders;

    @Context
    private ResourceInfo resourceInfo;

    @Inject
    AuthorizationService authorizationService;

    public void filter(ContainerRequestContext containerRequestContext) {
        this.log.info("=======================================================================");
        this.log.info("====== context = " + containerRequestContext + " , info.getAbsolutePath() = " + this.info.getAbsolutePath() + " , info.getRequestUri() = " + this.info.getRequestUri() + "\n\n");
        this.log.info("====== info.getBaseUri()=" + this.info.getBaseUri() + " info.getPath()=" + this.info.getPath() + " info.toString()=" + this.info.toString());
        this.log.info("====== request.getContextPath()=" + this.request.getContextPath() + " request.getRequestURI()=" + this.request.getRequestURI() + " request.toString() " + this.request.toString());
        this.log.info("======" + containerRequestContext.getMethod() + " " + this.info.getPath() + " FROM IP " + this.request.getRemoteAddr());
        this.log.info("======PERFORMING AUTHORIZATION=========================================");
        String headerString = containerRequestContext.getHeaderString("Authorization");
        String headerString2 = containerRequestContext.getHeaderString("issuer");
        boolean isConfigOauthEnabled = this.authorizationService.isConfigOauthEnabled();
        this.log.info("\n\n\n AuthorizationFilter::filter() - authorizationHeader = " + headerString + " , issuer = " + headerString2 + " , configOauthEnabled = " + isConfigOauthEnabled + "\n\n\n");
        if (!isConfigOauthEnabled) {
            this.log.info("====== Authorization Granted...====== ");
            return;
        }
        this.log.info("\n\n\n AuthorizationFilter::filter() - Config Api OAuth Valdation Enabled");
        if (!isTokenBasedAuthentication(headerString)) {
            abortWithUnauthorized(containerRequestContext, "ONLY TOKEN BASED AUTHORIZATION IS SUPPORTED!");
            this.log.info("======ONLY TOKEN BASED AUTHORIZATION IS SUPPORTED======================");
            return;
        }
        try {
            String processAuthorization = this.authorizationService.processAuthorization(headerString, headerString2, this.resourceInfo, containerRequestContext.getMethod(), this.request.getRequestURI());
            if (processAuthorization != null && processAuthorization.trim().length() > 0) {
                containerRequestContext.getHeaders().remove("Authorization");
                containerRequestContext.getHeaders().add("Authorization", processAuthorization);
            }
            this.log.info("======AUTHORIZATION  GRANTED===========================================");
        } catch (Exception e) {
            this.log.error("======AUTHORIZATION  FAILED ===========================================", e);
            abortWithUnauthorized(containerRequestContext, e.getMessage());
        }
    }

    private boolean isTokenBasedAuthentication(String str) {
        return str != null && str.toLowerCase().startsWith(AUTHENTICATION_SCHEME.toLowerCase() + " ");
    }

    private void abortWithUnauthorized(ContainerRequestContext containerRequestContext, String str) {
        containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity(str).header("WWW-Authenticate", AUTHENTICATION_SCHEME).build());
    }
}
