package com.e2eq.framework.rest.filters.inactive;

import com.e2eq.framework.model.persistent.base.DataDomain;
import com.e2eq.framework.model.persistent.morphia.CredentialRepo;
import com.e2eq.framework.model.persistent.morphia.RealmRepo;
import com.e2eq.framework.model.persistent.security.CredentialUserIdPassword;
import com.e2eq.framework.model.persistent.security.Realm;
import com.e2eq.framework.model.securityrules.PrincipalContext;
import com.e2eq.framework.model.securityrules.ResourceContext;
import com.e2eq.framework.model.securityrules.RuleContext;
import com.e2eq.framework.util.SecurityUtils;
import io.quarkus.logging.Log;
import io.smallrye.jwt.auth.principal.JWTParser;
import io.smallrye.jwt.auth.principal.ParseException;
import jakarta.inject.Inject;
import jakarta.ws.rs.NotFoundException;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerRequestFilter;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext;
import java.io.IOException;
import java.security.Principal;
import java.util.Optional;
import java.util.StringTokenizer;
import org.eclipse.microprofile.jwt.JsonWebToken;
import org.jboss.logging.Logger;

/* loaded from: input_file:com/e2eq/framework/rest/filters/inactive/RequestFilter.class */
public class RequestFilter implements ContainerRequestFilter {
    private static final String AUTHENTICATION_SCHEME = "Bearer";

    @Inject
    JWTParser parser;

    @Inject
    RuleContext ruleContext;

    @Inject
    RealmRepo realmRepo;

    @Inject
    CredentialRepo credentialRepo;

    @Inject
    SecurityUtils securityUtils;

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        Log.info("In Request  filter:");
        determineResourceContext(containerRequestContext);
        final PrincipalContext determinePrincipalContext = determinePrincipalContext(containerRequestContext);
        if (determinePrincipalContext == null) {
            throw new IllegalStateException("Principal context came back null and should not be null");
        }
        containerRequestContext.setSecurityContext(new SecurityContext(this) { // from class: com.e2eq.framework.rest.filters.inactive.RequestFilter.1
            final /* synthetic */ RequestFilter this$0;

            {
                this.this$0 = this;
            }

            public Principal getUserPrincipal() {
                return new Principal() { // from class: com.e2eq.framework.rest.filters.inactive.RequestFilter.1.1
                    @Override // java.security.Principal
                    public String getName() {
                        return determinePrincipalContext.getUserId();
                    }
                };
            }

            public boolean isUserInRole(String str) {
                if (str.equals("user")) {
                    return true;
                }
                for (String str2 : determinePrincipalContext.getRoles()) {
                    if (str2.equals(str)) {
                        return true;
                    }
                }
                return false;
            }

            public boolean isSecure() {
                return false;
            }

            public String getAuthenticationScheme() {
                return "basic";
            }
        });
    }

    protected ResourceContext determineResourceContext(ContainerRequestContext containerRequestContext) {
        ResourceContext resourceContext;
        Log.info("determining Resource Context");
        String path = containerRequestContext.getUriInfo().getPath();
        StringTokenizer stringTokenizer = new StringTokenizer(path, "/");
        int countTokens = stringTokenizer.countTokens();
        if (countTokens > 2) {
            if (Log.isEnabled(Logger.Level.WARN)) {
                Log.warn("Path: +" + path + " Request format is such that there are more than two levels to parse from parsing...");
            }
            String nextToken = stringTokenizer.nextToken();
            String nextToken2 = stringTokenizer.nextToken();
            String nextToken3 = stringTokenizer.nextToken();
            if (Log.isDebugEnabled()) {
                Log.debug("Based upon request convention assumed that the area is:" + nextToken + " functional domain is:" + nextToken2 + " and action is:" + nextToken3);
            }
            resourceContext = new ResourceContext.Builder().withAction(nextToken3).withArea(nextToken).withFunctionalDomain(nextToken2).build();
            com.e2eq.framework.model.securityrules.SecurityContext.setResourceContext(resourceContext);
            if (Log.isDebugEnabled()) {
                Log.debug("Resource Context set");
            }
        } else if (countTokens == 2) {
            if (Log.isEnabled(Logger.Level.INFO)) {
                Log.infof("Path:%s has two tokens", path);
            }
            String nextToken4 = stringTokenizer.nextToken();
            String nextToken5 = stringTokenizer.nextToken();
            resourceContext = new ResourceContext.Builder().withAction(nextToken5).withArea(nextToken4).withFunctionalDomain(nextToken4).build();
            com.e2eq.framework.model.securityrules.SecurityContext.setResourceContext(resourceContext);
            if (Log.isEnabled(Logger.Level.WARN)) {
                Log.warn(path + ":Odd request convention, not following /area/fd/fa .. so assuming the fd and area are equal: Only two tokens for resource, assuming area as fd, fd=" + nextToken4 + " action=" + nextToken5);
            }
            if (Log.isDebugEnabled()) {
                Log.debug("Resource Context set");
            }
        } else {
            Log.warn("Non conformant url:" + path + " could not set resource context as a result, expecting /area/functionalDomain/action: TokenCount:" + countTokens);
            Log.warn("Creating generic Context");
            resourceContext = ResourceContext.DEFAULT_ANONYMOUS_CONTEXT;
        }
        return resourceContext;
    }

    protected PrincipalContext determinePrincipalContext(ContainerRequestContext containerRequestContext) {
        PrincipalContext principalContext = null;
        String headerString = containerRequestContext.getHeaderString("Authorization");
        if (headerString != null) {
            if (Log.isDebugEnabled()) {
                Log.debugf("Authorization Header Provided: %s", headerString);
            }
            String trim = headerString.substring(AUTHENTICATION_SCHEME.length()).trim();
            String[] strArr = new String[0];
            try {
                JsonWebToken parse = this.parser.parse(trim);
                String str = (String) parse.getClaim("orgRefName");
                String str2 = (String) parse.getClaim("tenantId");
                String str3 = (String) parse.getClaim("accountId");
                String str4 = (String) parse.getClaim("defaultRealm");
                String[] strArr2 = (String[]) parse.getGroups().toArray(strArr);
                String str5 = (String) parse.getClaim("scope");
                if (Log.isDebugEnabled()) {
                    Log.debug("--- Request has an Existing JWT Token: --");
                    Log.debug("UserId:" + parse.getSubject());
                    Log.debug("Org:" + str);
                    Log.debug("tenant:" + str2);
                    Log.debug("accountId:" + str3);
                    Log.debug("defaultRealm:" + str4);
                    Log.debugf("roles:", new Object[0]);
                    for (String str6 : strArr2) {
                        Log.debugf("   %s", str6);
                    }
                    Log.debug("scope:" + str5);
                }
                String name = containerRequestContext.getSecurityContext().getUserPrincipal().getName();
                DataDomain dataDomain = new DataDomain();
                dataDomain.setOrgRefName(str);
                dataDomain.setAccountNum(str3);
                dataDomain.setTenantId(str2);
                dataDomain.setDataSegment(0);
                principalContext = new PrincipalContext.Builder().withDefaultRealm(str4).withDataDomain(dataDomain).withUserId(name).withRoles(strArr2).withScope(str5).build();
            } catch (ParseException e) {
                e.printStackTrace();
                containerRequestContext.abortWith(Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("Token:" + trim + "Msg:" + e.getMessage()).build());
            }
        } else {
            if (Log.isEnabled(Logger.Level.WARN)) {
                Log.warn("No Authorization header presented ");
            }
            String str7 = (String) containerRequestContext.getUriInfo().getQueryParameters().getFirst("tenantId");
            if (str7 != null) {
                if (Log.isInfoEnabled()) {
                    Log.infof("tenantId Provided: %s", str7);
                }
                Optional<Realm> findByTenantId = this.realmRepo.findByTenantId(str7);
                if (!findByTenantId.isPresent()) {
                    throw new NotFoundException("Realm for tenantId:" + str7 + " not found");
                }
                Realm realm = findByTenantId.get();
                DataDomain dataDomain2 = realm.getDomainContext().toDataDomain(realm.getDefaultAdminUserId());
                Optional<CredentialUserIdPassword> findByUserId = this.credentialRepo.findByUserId(str7, realm.getDefaultAdminUserId());
                if (!findByUserId.isPresent()) {
                    throw new IllegalStateException("Default userId:" + realm.getDefaultAdminUserId() + " could not be found for tenantId:" + str7);
                }
                principalContext = new PrincipalContext.Builder().withDefaultRealm(realm.getRefName()).withDataDomain(dataDomain2).withUserId(realm.getDefaultAdminUserId()).withRoles(findByUserId.get().getRoles()).withScope("systemGenerated").build();
            } else {
                if (Log.isEnabled(Logger.Level.WARN)) {
                    Log.warn("No tenantId or auth token provided assuming an anonymous user context");
                }
                principalContext = new PrincipalContext.Builder().withDefaultRealm(this.securityUtils.getSystemRealm()).withDataDomain(this.securityUtils.getSystemDataDomain()).withUserId(this.securityUtils.getAnonymousUserId()).withRoles(new String[]{"ANONYMOUS"}).withScope("systemGenerated").build();
            }
        }
        return principalContext;
    }
}
