package org.hawkular.metrics.api.jaxrs.filter;

import com.google.common.base.Charsets;
import com.google.common.hash.Hashing;
import java.io.IOException;
import javax.annotation.Priority;
import javax.inject.Inject;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.hawkular.metrics.model.ApiError;
import org.hawkular.metrics.sysconfig.ConfigurationService;

@Provider
@Priority(20)
@PreMatching
/* loaded from: input_file:org/hawkular/metrics/api/jaxrs/filter/AdminFilter.class */
public class AdminFilter implements ContainerRequestFilter {
    public static final String TENANT_HEADER_NAME = "Hawkular-Tenant";
    public static final String ADMIN_TOKEN_HEADER_NAME = "Hawkular-Admin-Token";
    private static final String MISSING_TENANT_MSG = "Tenant is not specified. Use 'Hawkular-Tenant' header.";
    private static final String WRONG_ADMIN_TOKEN_MSG = "Admin token is wrong or not specified.";

    @Inject
    private ConfigurationService configurationService;
    private String savedAdminToken;

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        if (containerRequestContext.getUriInfo().getPath().startsWith("/tenants")) {
            String str = (String) containerRequestContext.getHeaders().getFirst("Hawkular-Tenant");
            if (str == null || str.trim().isEmpty()) {
                containerRequestContext.abortWith(Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(new ApiError(MISSING_TENANT_MSG)).build());
                return;
            }
            String str2 = (String) containerRequestContext.getHeaders().getFirst(ADMIN_TOKEN_HEADER_NAME);
            if (str2 == null || str2.trim().isEmpty() || !validAdminToken(str2)) {
                containerRequestContext.abortWith(Response.status(Response.Status.BAD_REQUEST).type(MediaType.APPLICATION_JSON_TYPE).entity(new ApiError(WRONG_ADMIN_TOKEN_MSG)).build());
            }
        }
    }

    private boolean validAdminToken(String str) {
        if (this.savedAdminToken == null) {
            this.savedAdminToken = (String) this.configurationService.load("org.hawkular.metrics", "admin.token").toBlocking().firstOrDefault("");
        }
        return Hashing.sha256().newHasher().putString(str, Charsets.UTF_8).hash().toString().equals(this.savedAdminToken);
    }
}
