package com.redhat.cloud.common.auth;

import io.opentracing.Scope;
import io.opentracing.Tracer;
import io.quarkus.cache.CacheResult;
import java.io.IOException;
import java.util.logging.Logger;
import javax.annotation.Priority;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.eclipse.microprofile.config.inject.ConfigProperty;
import org.eclipse.microprofile.rest.client.inject.RestClient;

@Provider
@Priority(3001)
/* loaded from: input_file:com/redhat/cloud/common/auth/RbacFilter.class */
public class RbacFilter implements ContainerRequestFilter {
    private final Logger log = Logger.getLogger("RbacFilter");

    @Inject
    Tracer tracer;

    @Inject
    @RestClient
    RbacServer rbac;

    @Inject
    RhIdPrincipal user;

    @ConfigProperty(name = "warn.rbac.slow", defaultValue = "true")
    Instance<Boolean> warnSlowRbac;

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        long currentTimeMillis = System.currentTimeMillis();
        try {
            try {
                Scope startActive = this.tracer.buildSpan("getRBac").startActive(true);
                try {
                    RbacRaw rbacInfo = getRbacInfo(this.user.getRawRhIdHeader());
                    if (startActive != null) {
                        startActive.close();
                    }
                    long currentTimeMillis2 = System.currentTimeMillis();
                    if (((Boolean) this.warnSlowRbac.get()).booleanValue() && currentTimeMillis2 - currentTimeMillis > 500) {
                        this.log.warning("Call to RBAC took " + (currentTimeMillis2 - currentTimeMillis) + "ms");
                    }
                    this.user.setRbac(rbacInfo.canReadAll(), rbacInfo.canWriteAll());
                    ((RhIdPrincipal) containerRequestContext.getSecurityContext().getUserPrincipal()).setRbac(rbacInfo.canReadAll(), rbacInfo.canWriteAll());
                } catch (Throwable th) {
                    if (startActive != null) {
                        try {
                            startActive.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (Throwable th3) {
                long currentTimeMillis3 = System.currentTimeMillis();
                if (((Boolean) this.warnSlowRbac.get()).booleanValue() && currentTimeMillis3 - currentTimeMillis > 500) {
                    this.log.warning("Call to RBAC took " + (currentTimeMillis3 - currentTimeMillis) + "ms");
                }
                throw th3;
            }
        } catch (Throwable th4) {
            containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
            long currentTimeMillis4 = System.currentTimeMillis();
            if (!((Boolean) this.warnSlowRbac.get()).booleanValue() || currentTimeMillis4 - currentTimeMillis <= 500) {
                return;
            }
            this.log.warning("Call to RBAC took " + (currentTimeMillis4 - currentTimeMillis) + "ms");
        }
    }

    @CacheResult(cacheName = "rbac-cache")
    RbacRaw getRbacInfo(String str) {
        return this.rbac.getRbacInfo("policies", str);
    }
}
