package io.robe.auth.token.jersey;

import com.google.common.base.Optional;
import com.google.common.hash.Hashing;
import io.dropwizard.auth.AuthenticationException;
import io.dropwizard.auth.Authenticator;
import io.robe.auth.Credentials;
import io.robe.auth.token.Token;
import io.robe.auth.token.TokenManager;
import java.lang.reflect.InvocationTargetException;
import java.nio.charset.StandardCharsets;
import java.util.Iterator;
import java.util.List;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.Response;
import org.glassfish.jersey.server.internal.inject.AbstractContainerRequestValueFactory;
import org.glassfish.jersey.uri.UriTemplate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/robe/auth/token/jersey/TokenFactory.class */
public class TokenFactory<T extends Token> extends AbstractContainerRequestValueFactory<Credentials> {
    private static final Logger LOGGER = LoggerFactory.getLogger(TokenFactory.class);
    public static Authenticator<String, Token> authenticator;
    public static String tokenKey;
    private boolean required;

    public TokenFactory(boolean z) {
        this.required = true;
        this.required = z;
    }

    public TokenFactory() {
        this.required = true;
    }

    public static Credentials createEmptyCredentials() {
        return new Credentials() { // from class: io.robe.auth.token.jersey.TokenFactory.1
            @Override // io.robe.auth.Credentials
            public String getUserId() {
                return null;
            }

            @Override // io.robe.auth.Credentials
            public String getUsername() {
                return null;
            }

            @Override // java.security.Principal
            public String getName() {
                return null;
            }
        };
    }

    public boolean isRequired() {
        return this.required;
    }

    public void setRequired(boolean z) {
        this.required = z;
    }

    /* renamed from: provide, reason: merged with bridge method [inline-methods] */
    public Credentials m8provide() {
        Cookie cookie = (Cookie) getContainerRequest().getCookies().get(tokenKey);
        if (!isRequired()) {
            if (cookie == null) {
                return createEmptyCredentials();
            }
            try {
                Optional authenticate = authenticator.authenticate(cookie.getValue());
                return authenticate.isPresent() ? (Credentials) authenticate.get() : createEmptyCredentials();
            } catch (AuthenticationException e) {
                return createEmptyCredentials();
            }
        }
        if (cookie == null) {
            throw new WebApplicationException(Response.Status.UNAUTHORIZED);
        }
        if (nullOrEmpty(cookie.getValue())) {
            throw new WebApplicationException(Response.Status.UNAUTHORIZED);
        }
        try {
            if (!isRealOwnerOfToken(cookie)) {
                throw new WebApplicationException(Response.Status.UNAUTHORIZED);
            }
            Optional authenticate2 = authenticator.authenticate(cookie.getValue());
            if (!authenticate2.isPresent()) {
                throw new WebApplicationException(Response.Status.UNAUTHORIZED);
            }
            if (isAuthorized((Token) authenticate2.get(), getContainerRequest().getUriInfo().getMatchedTemplates(), getContainerRequest().getMethod())) {
                return (Credentials) authenticate2.get();
            }
            throw new WebApplicationException(Response.Status.FORBIDDEN);
        } catch (IllegalAccessException | InstantiationException | InvocationTargetException e2) {
            LOGGER.error("Authentication Exception  (Is Real ownwer of token) ", e2);
            throw new WebApplicationException(Response.Status.PRECONDITION_FAILED);
        } catch (AuthenticationException e3) {
            LOGGER.error("Authentication Exception  by Dropwizard", e3);
            throw new WebApplicationException(Response.Status.PRECONDITION_FAILED);
        }
    }

    private boolean isRealOwnerOfToken(Cookie cookie) throws IllegalAccessException, InvocationTargetException, InstantiationException {
        LOGGER.debug("HttpContext : " + getContainerRequest().getPath(true) + " Cookie : " + cookie);
        return generateAttributesHash().equals(TokenManager.getInstance().createToken(cookie.getValue()).getAttributesHash());
    }

    private boolean nullOrEmpty(String str) {
        return str == null || str.length() == 0;
    }

    private boolean isAuthorized(Token token, List<UriTemplate> list, String str) {
        StringBuilder sb = new StringBuilder();
        Iterator<UriTemplate> it = list.iterator();
        while (it.hasNext()) {
            sb.insert(0, it.next().getTemplate());
        }
        sb.append(":").append(str);
        return token.getPermissions().contains(sb.toString());
    }

    public String generateAttributesHash() {
        return Hashing.sha256().hashString(getContainerRequest().getHeaderString("User-Agent"), StandardCharsets.UTF_8).toString();
    }
}
