package io.stargate.graphql.web.resources;

import com.datastax.oss.driver.shaded.guava.common.collect.ImmutableList;
import com.datastax.oss.driver.shaded.guava.common.collect.ImmutableMap;
import io.stargate.auth.AuthenticationService;
import io.stargate.auth.AuthenticationSubject;
import io.stargate.auth.UnauthorizedException;
import io.stargate.db.datastore.DataStore;
import io.stargate.db.datastore.DataStoreFactory;
import io.stargate.db.datastore.DataStoreOptions;
import io.stargate.graphql.schema.CassandraFetcher;
import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;

@Authenticated
@Provider
/* loaded from: input_file:io/stargate/graphql/web/resources/AuthenticationFilter.class */
public class AuthenticationFilter implements ContainerRequestFilter {
    public static final String SUBJECT_KEY = AuthenticationSubject.class.getName();
    public static final String DATA_STORE_KEY = DataStore.class.getName();
    private final AuthenticationService authenticationService;
    private final DataStoreFactory dataStoreFactory;

    public AuthenticationFilter(AuthenticationService authenticationService, DataStoreFactory dataStoreFactory) {
        this.authenticationService = authenticationService;
        this.dataStoreFactory = dataStoreFactory;
    }

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) {
        String headerString = containerRequestContext.getHeaderString("X-Cassandra-Token");
        try {
            Map<String, String> deduplicate = deduplicate(containerRequestContext.getHeaders());
            AuthenticationSubject validateToken = this.authenticationService.validateToken(headerString, deduplicate);
            containerRequestContext.setProperty(SUBJECT_KEY, validateToken);
            containerRequestContext.setProperty(DATA_STORE_KEY, this.dataStoreFactory.create(validateToken.asUser(), DataStoreOptions.builder().putAllCustomProperties(deduplicate).defaultParameters(CassandraFetcher.DEFAULT_PARAMETERS).alwaysPrepareQueries(true).build()));
        } catch (UnauthorizedException e) {
            containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity(buildError("Authentication required", containerRequestContext.getMediaType())).build());
        }
    }

    private Map<String, String> deduplicate(MultivaluedMap<String, String> multivaluedMap) {
        HashMap hashMap = new HashMap();
        for (String str : multivaluedMap.keySet()) {
            hashMap.put(str, multivaluedMap.getFirst(str));
        }
        return hashMap;
    }

    private static Object buildError(String str, MediaType mediaType) {
        return (mediaType == null || !("json".equals(mediaType.getSubtype()) || "graphql".equals(mediaType.getSubtype()))) ? str : ImmutableMap.of("errors", ImmutableList.of(str));
    }
}
