package org.hawkular.openshift.auth;

import com.google.common.collect.Sets;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.Headers;
import io.undertow.util.Methods;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.hawkular.metrics.model.param.Tags;

/* loaded from: input_file:WEB-INF/lib/hawkular-openshift-security-filter-0.23.7.Final.jar:org/hawkular/openshift/auth/OpenshiftAuthHandler.class */
public class OpenshiftAuthHandler implements HttpHandler {
    private static final String SECURITY_OPTION_SYSPROP_SUFFIX = ".openshift.auth-methods";
    private final Set<SecurityOption> SECURITY_OPTIONS;
    private final HttpHandler containerHandler;
    private final TokenAuthenticator tokenAuthenticator;
    private final BasicAuthenticator basicAuthenticator;
    private final Pattern insecureEndpoints;
    private final Pattern postQuery;

    public OpenshiftAuthHandler(HttpHandler httpHandler, String str, String str2, Pattern pattern, Pattern pattern2) {
        this.containerHandler = httpHandler;
        this.insecureEndpoints = pattern;
        this.postQuery = pattern2;
        this.tokenAuthenticator = new TokenAuthenticator(httpHandler, str, str2, pattern2);
        this.basicAuthenticator = new BasicAuthenticator(httpHandler, str);
        HashSet hashSet = new HashSet();
        Set set = (Set) Arrays.stream(System.getProperty(str + SECURITY_OPTION_SYSPROP_SUFFIX, SecurityOption.OPENSHIFT_OAUTH.toString()).split(Tags.LIST_DELIMITER)).map((v0) -> {
            return v0.trim();
        }).collect(Collectors.toSet());
        for (SecurityOption securityOption : SecurityOption.values()) {
            if (set.contains(securityOption.toString())) {
                hashSet.add(securityOption);
            }
        }
        this.SECURITY_OPTIONS = Sets.immutableEnumSet(hashSet);
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        if (Methods.OPTIONS.equals(httpServerExchange.getRequestMethod()) && httpServerExchange.getRequestHeaders().contains(Headers.ORIGIN)) {
            this.containerHandler.handleRequest(httpServerExchange);
            return;
        }
        String relativePath = httpServerExchange.getRelativePath();
        if (this.insecureEndpoints != null && this.insecureEndpoints.matcher(relativePath).find()) {
            this.containerHandler.handleRequest(httpServerExchange);
            return;
        }
        if (this.SECURITY_OPTIONS.contains(SecurityOption.DISABLED)) {
            this.containerHandler.handleRequest(httpServerExchange);
            return;
        }
        String first = httpServerExchange.getRequestHeaders().getFirst(Headers.AUTHORIZATION);
        if (first == null) {
            Utils.endExchange(httpServerExchange, 403);
            return;
        }
        if (first.startsWith("Bearer ") && this.SECURITY_OPTIONS.contains(SecurityOption.OPENSHIFT_OAUTH)) {
            this.tokenAuthenticator.handleRequest(httpServerExchange);
        } else if (first.startsWith("Basic ") && this.SECURITY_OPTIONS.contains(SecurityOption.HTPASSWD)) {
            this.basicAuthenticator.handleRequest(httpServerExchange);
        } else {
            Utils.endExchange(httpServerExchange, 403);
        }
    }

    public void stop() {
        this.basicAuthenticator.stop();
        this.tokenAuthenticator.stop();
    }
}
