package org.hawkular.openshift.auth;

import com.google.common.net.HttpHeaders;
import java.io.IOException;
import java.io.OutputStream;
import java.net.URL;
import javax.net.ssl.HttpsURLConnection;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.codehaus.jackson.map.ObjectMapper;
import org.codehaus.jackson.node.JsonNodeFactory;
import org.codehaus.jackson.node.ObjectNode;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hawkular-metrics-openshift-integration-0.9.0-SNAPSHOT.jar:org/hawkular/openshift/auth/OpenShiftTokenAuthentication.class */
public class OpenShiftTokenAuthentication {
    private static final String HAWKULAR_TENANT = "hawkular-tenant";
    private static final String RESOURCE = "pods";
    private static final String KIND = "SubjectAccessReview";
    private static final Logger logger = LoggerFactory.getLogger(OpenShiftTokenAuthentication.class);
    private static final String KUBERNETES_MASTER_URL = System.getProperty("KUBERNETES_MASTER_URL", "https://kubernetes.default.svc.cluster.local");

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hawkular-metrics-openshift-integration-0.9.0-SNAPSHOT.jar:org/hawkular/openshift/auth/OpenShiftTokenAuthentication$HTTP_METHOD.class */
    public enum HTTP_METHOD {
        GET,
        PUT,
        POST,
        DELETE,
        PATCH
    }

    public void doFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String header = httpServletRequest.getHeader(OpenShiftAuthenticationFilter.AUTHORIZATION_HEADER);
        String header2 = httpServletRequest.getHeader(HAWKULAR_TENANT);
        if (header == null || header2 == null) {
            httpServletResponse.sendError(400, "The 'authorization' and 'hawkular-tenant' headers are required");
        } else if (isAuthorized(httpServletRequest.getMethod(), header, header2)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.sendError(403);
        }
    }

    private boolean isAuthorized(String str, String str2, String str3) {
        try {
            String verb = getVerb(str);
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(KUBERNETES_MASTER_URL + "/oapi/v1/subjectaccessreviews").openConnection();
            httpsURLConnection.setRequestMethod("POST");
            httpsURLConnection.setDoOutput(true);
            httpsURLConnection.setRequestProperty(HttpHeaders.ACCEPT, "application/json");
            httpsURLConnection.setRequestProperty(HttpHeaders.AUTHORIZATION, str2);
            OutputStream outputStream = httpsURLConnection.getOutputStream();
            Throwable th = null;
            try {
                try {
                    for (byte b : generateSubjectAccessReview(str3, verb).getBytes()) {
                        outputStream.write(b);
                    }
                    if (outputStream != null) {
                        if (0 != 0) {
                            try {
                                outputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            outputStream.close();
                        }
                    }
                    httpsURLConnection.connect();
                    return httpsURLConnection.getResponseCode() == 201 && new ObjectMapper().readTree(httpsURLConnection.getInputStream()).get("allowed").asText().equals("true");
                } catch (Throwable th3) {
                    th = th3;
                    throw th3;
                }
            } finally {
            }
        } catch (IOException e) {
            logger.error("Error trying to authenticate against the OpenShift server", (Throwable) e);
            return false;
        }
    }

    private String generateSubjectAccessReview(String str, String str2) throws IOException {
        ObjectNode objectNode = JsonNodeFactory.instance.objectNode();
        objectNode.put("kind", KIND);
        objectNode.put("resource", RESOURCE);
        objectNode.put("verb", str2);
        objectNode.put("namespace", str);
        return objectNode.toString();
    }

    private String getVerb(String str) {
        switch (HTTP_METHOD.valueOf(str)) {
            case GET:
                return "list";
            case PUT:
                return "update";
            case POST:
                return "update";
            case DELETE:
                return "delete";
            case PATCH:
                return "update";
            default:
                return null;
        }
    }
}
