package com.atlassian.asap.core.server.jersey;

import com.atlassian.asap.api.Jwt;
import com.atlassian.asap.api.exception.AuthenticationFailedException;
import com.atlassian.asap.api.exception.PermanentAuthenticationFailedException;
import com.atlassian.asap.api.exception.TransientAuthenticationFailedException;
import com.atlassian.asap.api.server.http.RequestAuthenticator;
import com.atlassian.asap.core.keys.KeyProvider;
import com.atlassian.asap.core.server.AuthenticationContext;
import com.atlassian.asap.core.server.http.RequestAuthenticatorFactory;
import java.io.IOException;
import java.security.PublicKey;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
import javax.annotation.Priority;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.ext.Provider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Provider
@Priority(1000)
/* loaded from: input_file:com/atlassian/asap/core/server/jersey/AuthenticationRequestFilter.class */
public class AuthenticationRequestFilter implements ContainerRequestFilter {
    static final int MAX_TRANSIENT_FAILURES_RETRIES = 10;
    static final String ASAP_REQUEST_ATTRIBUTE = "asap.annotation";
    private static final Logger LOG = LoggerFactory.getLogger(AuthenticationRequestFilter.class);

    @Context
    ResourceInfo resourceInfo;
    private final RequestAuthenticator authenticator;
    private final FailureHandler failureHandler;

    public AuthenticationRequestFilter(RequestAuthenticator requestAuthenticator, FailureHandler failureHandler) {
        this.failureHandler = (FailureHandler) Objects.requireNonNull(failureHandler);
        this.authenticator = (RequestAuthenticator) Objects.requireNonNull(requestAuthenticator);
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        needsAuthentication().ifPresent(asap -> {
            containerRequestContext.setProperty("asap.authentic.jwt", authenticateToken(containerRequestContext));
            containerRequestContext.setProperty(ASAP_REQUEST_ATTRIBUTE, asap);
        });
    }

    @Nullable
    private Jwt authenticateToken(ContainerRequestContext containerRequestContext) {
        String headerString = containerRequestContext.getHeaderString("Authorization");
        for (int i = 0; i < MAX_TRANSIENT_FAILURES_RETRIES; i++) {
            try {
                Jwt authenticateRequest = this.authenticator.authenticateRequest(headerString);
                LOG.trace("Accepting authentic token with identifier '{}'", authenticateRequest.getClaims().getJwtId());
                return authenticateRequest;
            } catch (AuthenticationFailedException e) {
                this.failureHandler.onAuthenticationFailure(containerRequestContext, e);
                return null;
            } catch (PermanentAuthenticationFailedException e2) {
                this.failureHandler.onPermanentAuthenticationFailure(containerRequestContext, e2);
                return null;
            } catch (TransientAuthenticationFailedException e3) {
                if (i >= 9) {
                    this.failureHandler.onAuthenticationFailure(containerRequestContext, (AuthenticationFailedException) e3);
                    return null;
                }
                if (!this.failureHandler.onTransientAuthenticationFailure(containerRequestContext, e3)) {
                    return null;
                }
            }
        }
        throw new IllegalStateException();
    }

    private Optional<Asap> needsAuthentication() {
        Asap asap = null;
        if (this.resourceInfo.getResourceMethod().isAnnotationPresent(Asap.class)) {
            asap = (Asap) this.resourceInfo.getResourceMethod().getAnnotation(Asap.class);
        } else if (this.resourceInfo.getResourceClass().isAnnotationPresent(Asap.class)) {
            asap = (Asap) this.resourceInfo.getResourceClass().getAnnotation(Asap.class);
        } else if (this.resourceInfo.getResourceClass().getPackage().isAnnotationPresent(Asap.class)) {
            asap = (Asap) this.resourceInfo.getResourceClass().getPackage().getAnnotation(Asap.class);
        }
        return Optional.ofNullable(asap).filter((v0) -> {
            return v0.enabled();
        });
    }

    public static AuthenticationRequestFilter newInstance(String str, String str2) {
        return newInstance(new AuthenticationContext(str, str2));
    }

    public static AuthenticationRequestFilter newInstance(String str, KeyProvider<PublicKey> keyProvider) {
        return newInstance(new AuthenticationContext(str, keyProvider));
    }

    public static AuthenticationRequestFilter newInstance(AuthenticationContext authenticationContext) {
        return new AuthenticationRequestFilter(new RequestAuthenticatorFactory().create(authenticationContext), new EmptyBodyFailureHandler());
    }
}
