package io.robe.auth.tokenbased.injectable;

import com.google.common.base.Optional;
import com.google.common.hash.Hashing;
import com.sun.jersey.api.core.HttpContext;
import com.sun.jersey.api.core.HttpRequestContext;
import com.sun.jersey.api.uri.UriTemplate;
import com.sun.jersey.server.impl.application.WebApplicationContext;
import com.sun.jersey.server.impl.inject.AbstractHttpContextInjectable;
import io.dropwizard.auth.AuthenticationException;
import io.dropwizard.auth.Authenticator;
import io.robe.auth.tokenbased.Token;
import io.robe.auth.tokenbased.TokenFactory;
import io.robe.auth.tokenbased.configuration.TokenBasedAuthConfiguration;
import java.lang.reflect.InvocationTargetException;
import java.nio.charset.StandardCharsets;
import java.util.Iterator;
import java.util.List;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/robe/auth/tokenbased/injectable/TokenBasedAuthInjectable.class */
public class TokenBasedAuthInjectable<T extends Token> extends AbstractHttpContextInjectable<T> {
    private static final Logger LOGGER = LoggerFactory.getLogger(TokenBasedAuthInjectable.class);
    private final Authenticator<String, T> authenticator;
    private final String tokenKey;

    /* JADX INFO: Access modifiers changed from: protected */
    public TokenBasedAuthInjectable(Authenticator<String, T> authenticator, TokenBasedAuthConfiguration tokenBasedAuthConfiguration) {
        this.authenticator = authenticator;
        this.tokenKey = tokenBasedAuthConfiguration.getTokenKey();
    }

    /* renamed from: getValue, reason: merged with bridge method [inline-methods] */
    public T m9getValue(HttpContext httpContext) {
        Cookie cookie = (Cookie) httpContext.getRequest().getCookies().get(this.tokenKey);
        if (cookie == null) {
            throw new WebApplicationException(Response.Status.UNAUTHORIZED);
        }
        if (nullOrEmpty(cookie.getValue())) {
            throw new WebApplicationException(Response.Status.UNAUTHORIZED);
        }
        try {
            if (!isRealOwnerOfToken(httpContext, cookie)) {
                throw new WebApplicationException(Response.Status.UNAUTHORIZED);
            }
            Optional authenticate = this.authenticator.authenticate(cookie.getValue());
            if (!authenticate.isPresent()) {
                throw new WebApplicationException(Response.Status.UNAUTHORIZED);
            }
            if (isAuthorized((Token) authenticate.get(), ((WebApplicationContext) httpContext).getMatchedTemplates(), httpContext.getRequest().getMethod())) {
                return (T) authenticate.get();
            }
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        } catch (IllegalAccessException | InstantiationException | InvocationTargetException e) {
            LOGGER.error("Authentication Exception  (Is Real ownwer of token) ", e);
            throw new WebApplicationException(Response.Status.PRECONDITION_FAILED);
        } catch (AuthenticationException e2) {
            LOGGER.error("Authentication Exception  by Dropwizard", e2);
            throw new WebApplicationException(Response.Status.PRECONDITION_FAILED);
        }
    }

    private boolean isRealOwnerOfToken(HttpContext httpContext, Cookie cookie) throws IllegalAccessException, InvocationTargetException, InstantiationException {
        LOGGER.debug("HttpContext : " + httpContext + " Cookie : " + cookie);
        return generateAttributesHash(httpContext.getRequest()).equals(TokenFactory.getInstance().createToken(cookie.getValue()).getAttributesHash());
    }

    private boolean nullOrEmpty(String str) {
        return str == null || str.length() == 0;
    }

    private boolean isAuthorized(Token token, List<UriTemplate> list, String str) {
        StringBuilder sb = new StringBuilder();
        Iterator<UriTemplate> it = list.iterator();
        while (it.hasNext()) {
            sb.insert(0, it.next().getTemplate());
        }
        sb.append(":").append(str);
        return token.getPermissions().contains(sb.toString());
    }

    public String generateAttributesHash(HttpRequestContext httpRequestContext) {
        return Hashing.sha256().hashString(httpRequestContext.getHeaderValue("User-Agent"), StandardCharsets.UTF_8).toString();
    }
}
