package alpine.server.filters;

import alpine.common.logging.Logger;
import alpine.model.ApiKey;
import alpine.server.auth.ApiKeyAuthenticationService;
import alpine.server.auth.JwtAuthenticationService;
import java.security.Principal;
import javax.annotation.Priority;
import javax.naming.AuthenticationException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Response;
import org.glassfish.jersey.server.ContainerRequest;
import org.owasp.security.logging.SecurityMarkers;

@Priority(1000)
/* loaded from: input_file:alpine/server/filters/AuthenticationFilter.class */
public class AuthenticationFilter implements ContainerRequestFilter {
    private static final Logger LOGGER = Logger.getLogger(AuthenticationFilter.class);

    public void filter(ContainerRequestContext containerRequestContext) {
        if (containerRequestContext instanceof ContainerRequest) {
            ContainerRequest containerRequest = (ContainerRequest) containerRequestContext;
            if ("OPTIONS".equals(containerRequest.getMethod()) || containerRequest.getRequestUri().getPath().contains("/api/swagger")) {
                return;
            }
            Principal principal = null;
            ApiKeyAuthenticationService apiKeyAuthenticationService = new ApiKeyAuthenticationService(containerRequest);
            if (apiKeyAuthenticationService.isSpecified()) {
                try {
                    principal = apiKeyAuthenticationService.authenticate();
                    if (principal instanceof ApiKey) {
                        ApiKeyUsageTracker.onApiKeyUsed((ApiKey) principal);
                    }
                } catch (AuthenticationException e) {
                    LOGGER.info(SecurityMarkers.SECURITY_FAILURE, "Invalid API key asserted");
                    containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
                    return;
                }
            }
            JwtAuthenticationService jwtAuthenticationService = new JwtAuthenticationService(containerRequest);
            if (jwtAuthenticationService.isSpecified()) {
                try {
                    principal = jwtAuthenticationService.authenticate();
                } catch (AuthenticationException e2) {
                    LOGGER.info(SecurityMarkers.SECURITY_FAILURE, "Invalid JWT asserted");
                    containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
                    return;
                }
            }
            if (principal == null) {
                containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
            } else {
                containerRequestContext.setProperty("Principal", principal);
            }
        }
    }
}
