package com.atlassian.asap.core.server.jersey;

import com.atlassian.asap.api.Jwt;
import com.atlassian.asap.api.exception.AuthenticationFailedException;
import com.atlassian.asap.api.exception.PermanentAuthenticationFailedException;
import com.atlassian.asap.api.exception.TransientAuthenticationFailedException;
import com.atlassian.asap.api.server.http.RequestAuthenticator;
import com.atlassian.asap.core.keys.KeyProvider;
import com.atlassian.asap.core.server.AuthenticationContext;
import com.atlassian.asap.core.server.http.RequestAuthenticatorFactory;
import java.lang.annotation.Annotation;
import java.lang.reflect.AnnotatedElement;
import java.security.PublicKey;
import java.util.Objects;
import java.util.Optional;
import java.util.function.Supplier;
import java.util.stream.Stream;
import javax.annotation.Priority;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.ext.Provider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Provider
@Priority(1000)
/* loaded from: input_file:com/atlassian/asap/core/server/jersey/AuthenticationRequestFilter.class */
public class AuthenticationRequestFilter implements ContainerRequestFilter {
    private static final Logger LOG = LoggerFactory.getLogger(AuthenticationRequestFilter.class);

    @Context
    ResourceInfo resourceInfo;
    private final RequestAuthenticator authenticator;
    private final FailureHandler failureHandler;
    private final JwtSecurityContextFactory jwtSecurityContextFactory;

    public AuthenticationRequestFilter(RequestAuthenticator requestAuthenticator, FailureHandler failureHandler) {
        this(requestAuthenticator, failureHandler, new JwtSecurityContextFactoryImpl());
    }

    public AuthenticationRequestFilter(RequestAuthenticator requestAuthenticator, FailureHandler failureHandler, JwtSecurityContextFactory jwtSecurityContextFactory) {
        this.failureHandler = (FailureHandler) Objects.requireNonNull(failureHandler);
        this.authenticator = (RequestAuthenticator) Objects.requireNonNull(requestAuthenticator);
        this.jwtSecurityContextFactory = (JwtSecurityContextFactory) Objects.requireNonNull(jwtSecurityContextFactory);
    }

    public void filter(ContainerRequestContext containerRequestContext) {
        mayNeedAuthentication().map(asap -> {
            return (Asap) setProperty(containerRequestContext, "asap.annotation", asap);
        }).flatMap(asap2 -> {
            return authenticateToken(containerRequestContext, asap2);
        }).map(jwt -> {
            return (Jwt) setProperty(containerRequestContext, "asap.authentic.jwt", jwt);
        }).ifPresent(jwt2 -> {
            setSecurityContext(containerRequestContext, jwt2);
        });
    }

    private Optional<Jwt> authenticateToken(ContainerRequestContext containerRequestContext, Asap asap) {
        try {
            return maybeGetAuthorizationHeader(containerRequestContext, asap).flatMap(str -> {
                return authenticateToken(containerRequestContext, str);
            });
        } catch (PermanentAuthenticationFailedException e) {
            this.failureHandler.onPermanentAuthenticationFailure(containerRequestContext, e);
            return Optional.empty();
        }
    }

    private static Optional<String> maybeGetAuthorizationHeader(ContainerRequestContext containerRequestContext, Asap asap) throws PermanentAuthenticationFailedException {
        String headerString = containerRequestContext.getHeaderString("Authorization");
        if (asap.mandatory() && headerString == null) {
            throw new PermanentAuthenticationFailedException("Authorization header is missing");
        }
        return Optional.ofNullable(headerString);
    }

    private Optional<Jwt> authenticateToken(ContainerRequestContext containerRequestContext, String str) {
        for (int i = 0; i < 10; i++) {
            try {
                Jwt authenticateRequest = this.authenticator.authenticateRequest(str);
                LOG.trace("Accepting authentic token with identifier '{}'", authenticateRequest.getClaims().getJwtId());
                return Optional.of(authenticateRequest);
            } catch (AuthenticationFailedException e) {
                this.failureHandler.onAuthenticationFailure(containerRequestContext, e);
                return Optional.empty();
            } catch (TransientAuthenticationFailedException e2) {
                if (i >= 9) {
                    this.failureHandler.onAuthenticationFailure(containerRequestContext, e2);
                    return Optional.empty();
                }
                if (!this.failureHandler.onTransientAuthenticationFailure(containerRequestContext, e2)) {
                    return Optional.empty();
                }
            } catch (PermanentAuthenticationFailedException e3) {
                this.failureHandler.onPermanentAuthenticationFailure(containerRequestContext, e3);
                return Optional.empty();
            }
        }
        throw new IllegalStateException();
    }

    private void setSecurityContext(ContainerRequestContext containerRequestContext, Jwt jwt) {
        containerRequestContext.setSecurityContext(this.jwtSecurityContextFactory.createSecurityContext(jwt, containerRequestContext.getSecurityContext()));
    }

    private Optional<Asap> mayNeedAuthentication() {
        return findFirstNonNullAnnotation(Asap.class, () -> {
            return this.resourceInfo.getResourceMethod();
        }, () -> {
            return this.resourceInfo.getResourceClass();
        }, () -> {
            return this.resourceInfo.getResourceClass().getPackage();
        }).filter((v0) -> {
            return v0.enabled();
        });
    }

    @SafeVarargs
    private static <A extends Annotation> Optional<A> findFirstNonNullAnnotation(Class<A> cls, Supplier<? extends AnnotatedElement>... supplierArr) {
        return Stream.of((Object[]) supplierArr).map((v0) -> {
            return v0.get();
        }).filter(annotatedElement -> {
            return annotatedElement.isAnnotationPresent(cls);
        }).map(annotatedElement2 -> {
            return annotatedElement2.getAnnotation(cls);
        }).findFirst();
    }

    public static AuthenticationRequestFilter newInstance(String str, String str2) {
        return newInstance(new AuthenticationContext(str, str2));
    }

    public static AuthenticationRequestFilter newInstance(String str, KeyProvider<PublicKey> keyProvider) {
        return newInstance(new AuthenticationContext(str, keyProvider));
    }

    public static AuthenticationRequestFilter newInstance(AuthenticationContext authenticationContext) {
        return new AuthenticationRequestFilter(new RequestAuthenticatorFactory().create(authenticationContext), new EmptyBodyFailureHandler());
    }

    private static <T> T setProperty(ContainerRequestContext containerRequestContext, String str, T t) {
        containerRequestContext.setProperty(str, t);
        return t;
    }
}
