package org.jboss.resteasy.skeleton.key.core;

import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.HashSet;
import java.util.Iterator;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.ext.Providers;
import org.jboss.resteasy.logging.Logger;
import org.jboss.resteasy.security.smime.PKCS7SignatureInput;
import org.jboss.resteasy.skeleton.key.keystone.model.Access;
import org.jboss.resteasy.skeleton.key.keystone.model.Role;

/* loaded from: input_file:org/jboss/resteasy/skeleton/key/core/AbstractTokenAuthFilter.class */
public abstract class AbstractTokenAuthFilter implements ContainerRequestFilter {
    protected X509Certificate certificate;
    protected Logger logger = Logger.getLogger(AbstractTokenAuthFilter.class);

    @Context
    SecurityContext securityContext;

    @Context
    Providers providers;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractTokenAuthFilter(X509Certificate x509Certificate) {
        this.certificate = x509Certificate;
    }

    protected Access signed(String str) {
        try {
            PKCS7SignatureInput pKCS7SignatureInput = new PKCS7SignatureInput(str);
            pKCS7SignatureInput.setProviders(this.providers);
            if (!pKCS7SignatureInput.verify(this.certificate)) {
                throw new WebApplicationException(403);
            }
            try {
                return (Access) pKCS7SignatureInput.getEntity(Access.class, MediaType.APPLICATION_JSON_TYPE);
            } catch (Exception e) {
                this.logger.error("Failed to unmarshall", e);
                throw new WebApplicationException(403);
            }
        } catch (Exception e2) {
            throw new WebApplicationException(403);
        }
    }

    protected abstract Access getTokenFromServer(String str);

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        String headerString = containerRequestContext.getHeaderString("X-Auth-Token");
        String headerString2 = containerRequestContext.getHeaderString("X-Auth-Signed-Token");
        Access access = null;
        if (headerString == null && headerString2 == null) {
            return;
        }
        if (headerString2 != null && this.certificate != null) {
            access = signed(headerString2);
        } else if (headerString != null) {
            access = getTokenFromServer(headerString);
        }
        if (access == null || access.getToken().expired()) {
            return;
        }
        final UserPrincipal userPrincipal = new UserPrincipal(access.getUser());
        final HashSet hashSet = new HashSet();
        Iterator<Role> it = access.getUser().getRoles().iterator();
        while (it.hasNext()) {
            hashSet.add(it.next().getName());
        }
        containerRequestContext.setSecurityContext(new SecurityContext() { // from class: org.jboss.resteasy.skeleton.key.core.AbstractTokenAuthFilter.1
            public Principal getUserPrincipal() {
                return userPrincipal;
            }

            public boolean isUserInRole(String str) {
                return hashSet.contains(str);
            }

            public boolean isSecure() {
                return AbstractTokenAuthFilter.this.securityContext.isSecure();
            }

            public String getAuthenticationScheme() {
                return AbstractTokenAuthFilter.this.securityContext.getAuthenticationScheme();
            }
        });
    }
}
