package io.divide.server.auth;

import io.divide.server.dao.DAOManager;
import io.divide.server.dao.ServerCredentials;
import io.divide.server.dao.Session;
import io.divide.server.utils.ResponseUtils;
import io.divide.shared.server.DAO;
import io.divide.shared.transitory.Credentials;
import io.divide.shared.transitory.TransientObject;
import io.divide.shared.transitory.query.OPERAND;
import io.divide.shared.transitory.query.QueryBuilder;
import io.divide.shared.transitory.query.SelectOperation;
import io.divide.shared.util.AuthTokenUtils;
import io.divide.shared.util.ObjectUtils;
import java.io.IOException;
import java.util.logging.Logger;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Context;

/* loaded from: input_file:io/divide/server/auth/SecurityFilter.class */
public class SecurityFilter implements ContainerRequestFilter {
    Logger log = Logger.getLogger(SecurityFilter.class.getName());

    @Context
    DAOManager dao;

    @Context
    SecManager securityManager;

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        this.log.info("Filter(): " + containerRequestContext.getUriInfo().getPath());
        String path = containerRequestContext.getUriInfo().getPath();
        if (!path.startsWith("/auth/user/data") && !path.startsWith("/auth/user/data/") && (path.startsWith("auth") || path.startsWith("/auth") || this.securityManager.getSafePaths().contains(path))) {
            this.log.info("Auth Skipped : (" + path + ")");
            return;
        }
        UserContext authenticate = authenticate(containerRequestContext);
        if (authenticate != null) {
            this.log.info("Authenticated: " + authenticate.getUser().getEmailAddress());
        } else {
            this.log.info("Authentication Failed");
        }
        containerRequestContext.setProperty(Session.SESSION_KEY, authenticate);
        containerRequestContext.setSecurityContext(authenticate);
    }

    private UserContext authenticate(ContainerRequestContext containerRequestContext) {
        String headerString = containerRequestContext.getHeaderString("Authorization");
        System.out.println("HeaderCount: " + containerRequestContext.getHeaders().keySet().size());
        System.out.println(containerRequestContext.getHeaders().keySet());
        System.out.println(containerRequestContext.getPropertyNames());
        System.out.println(containerRequestContext.getCookies().keySet());
        if (headerString == null) {
            return abort(containerRequestContext, "Authentication credentials are required");
        }
        if (!headerString.startsWith("CUSTOM ")) {
            return abort(containerRequestContext, "Only CUSTOM authentication is supported: " + headerString);
        }
        String substring = headerString.substring("CUSTOM ".length());
        if (substring == null) {
            return abort(containerRequestContext, "Missing token");
        }
        try {
            AuthTokenUtils.AuthToken authToken = new AuthTokenUtils.AuthToken(this.securityManager.getSymmetricKey(), substring);
            if (authToken.isExpired()) {
                return abort(containerRequestContext, "Auth Token Expired: " + System.currentTimeMillis() + " : " + authToken.expirationDate);
            }
            synchronized (this.dao) {
                try {
                    TransientObject transientObject = (TransientObject) ObjectUtils.get1stOrNull(this.dao.query(new QueryBuilder().select(new SelectOperation[0]).from(Credentials.class).where(Credentials.AUTH_TOKEN_KEY, OPERAND.EQ, substring).build()));
                    if (transientObject != null) {
                        return new UserContext(containerRequestContext.getUriInfo(), new ServerCredentials(new ServerCredentials(transientObject)));
                    }
                    containerRequestContext.abortWith(ResponseUtils.notAuthReponse("Invalid authentication token"));
                    return abort(containerRequestContext, "Invalid authentication token");
                } catch (DAO.DAOException e) {
                    this.log.severe("Authentication Failed(" + e.getStatusCode() + ") " + e.getMessage());
                    e.printStackTrace();
                    return abort(containerRequestContext, "Invalid authentication token");
                }
            }
        } catch (AuthTokenUtils.AuthenticationException e2) {
            return abort(containerRequestContext, "Auth Token Expired: " + e2.getMessage());
        }
    }

    private UserContext abort(ContainerRequestContext containerRequestContext, String str) {
        this.log.warning("Auth Failed: " + str);
        containerRequestContext.abortWith(ResponseUtils.notAuthReponse(str));
        return null;
    }
}
