package com.redhat.cloud.common.auth;

import io.quarkus.vertx.http.runtime.CurrentVertxRequest;
import io.vertx.ext.web.RoutingContext;
import java.io.IOException;
import java.lang.annotation.Annotation;
import java.util.Optional;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.enterprise.inject.spi.CDI;
import javax.inject.Inject;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;

@Provider
@PreMatching
/* loaded from: input_file:com/redhat/cloud/common/auth/IncomingRequestFilter.class */
public class IncomingRequestFilter implements ContainerRequestFilter {
    private final Logger log = Logger.getLogger(getClass().getSimpleName());
    private final boolean logFine = this.log.isLoggable(Level.FINE);

    @Inject
    RhIdPrincipalProducer producer;
    volatile CurrentVertxRequest currentVertxRequest;

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        RoutingContext current = request().getCurrent();
        if (current.normalisedPath().endsWith("openapi.json")) {
            return;
        }
        String headerString = containerRequestContext.getHeaderString("x-rh-identity");
        if (headerString == null || headerString.isEmpty()) {
            containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
            if (this.logFine) {
                this.log.fine("No x-rh-identity header passed");
                return;
            }
            return;
        }
        Optional<XRhIdentity> rhIdFromString = HeaderHelper.getRhIdFromString(headerString);
        if (!rhIdFromString.isPresent()) {
            if (this.logFine) {
                this.log.fine("X-rh-identity header could not be parsed");
            }
            containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
            return;
        }
        XRhIdentity xRhIdentity = rhIdFromString.get();
        if (xRhIdentity.getUsername() == null || xRhIdentity.getUsername().isEmpty() || xRhIdentity.identity.accountNumber == null || xRhIdentity.identity.accountNumber.isEmpty()) {
            containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
            if (this.logFine) {
                this.log.fine("X-rh-identity header has no user or account");
                return;
            }
            return;
        }
        RhIdPrincipal rhIdPrincipal = new RhIdPrincipal(xRhIdentity.getUsername(), xRhIdentity.identity.accountNumber);
        rhIdPrincipal.setRawRhIdHeader(headerString);
        current.put("x-rh-account", xRhIdentity.identity.accountNumber);
        containerRequestContext.setSecurityContext(new RhIdSecurityContext(xRhIdentity, rhIdPrincipal));
        this.producer.setPrincipal(rhIdPrincipal);
    }

    CurrentVertxRequest request() {
        if (this.currentVertxRequest == null) {
            this.currentVertxRequest = (CurrentVertxRequest) CDI.current().select(CurrentVertxRequest.class, new Annotation[0]).get();
        }
        return this.currentVertxRequest;
    }
}
