package org.sdase.commons.server.auth.filter;

import io.dropwizard.auth.AuthFilter;
import io.opentelemetry.api.OpenTelemetry;
import io.opentelemetry.api.trace.Span;
import io.opentelemetry.api.trace.Tracer;
import io.opentelemetry.context.Scope;
import jakarta.annotation.Priority;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.core.MultivaluedMap;
import java.security.Principal;
import java.util.List;
import java.util.Optional;
import org.sdase.commons.server.auth.error.JwtAuthException;

@Priority(1000)
/* loaded from: input_file:org/sdase/commons/server/auth/filter/JwtAuthFilter.class */
public class JwtAuthFilter<P extends Principal> extends AuthFilter<Optional<String>, P> {
    private static final String AUTHENTICATION_SCHEME_BEARER = "Bearer";
    private static final String AUTHENTICATED = "authenticated";
    private boolean acceptAnonymous;
    private Tracer tracer;

    /* loaded from: input_file:org/sdase/commons/server/auth/filter/JwtAuthFilter$Builder.class */
    public static class Builder<P extends Principal> extends AuthFilter.AuthFilterBuilder<Optional<String>, P, JwtAuthFilter<P>> {
        private boolean acceptAnonymous;
        private Tracer tracer = OpenTelemetry.noop().getTracer(JwtAuthFilter.class.getName());

        /* JADX INFO: Access modifiers changed from: protected */
        /* renamed from: newInstance, reason: merged with bridge method [inline-methods] */
        public JwtAuthFilter<P> m4newInstance() {
            return new JwtAuthFilter<>();
        }

        public Builder<P> setAcceptAnonymous(boolean z) {
            this.acceptAnonymous = z;
            return this;
        }

        public Builder<P> withTracer(Tracer tracer) {
            this.tracer = tracer;
            return this;
        }

        /* renamed from: buildAuthFilter, reason: merged with bridge method [inline-methods] */
        public JwtAuthFilter<P> m5buildAuthFilter() {
            JwtAuthFilter<P> jwtAuthFilter = (JwtAuthFilter) super.buildAuthFilter();
            ((JwtAuthFilter) jwtAuthFilter).acceptAnonymous = this.acceptAnonymous;
            ((JwtAuthFilter) jwtAuthFilter).tracer = this.tracer;
            return jwtAuthFilter;
        }
    }

    private JwtAuthFilter() {
    }

    public void filter(ContainerRequestContext containerRequestContext) {
        Span startSpan = this.tracer.spanBuilder("validateToken").setAttribute(AUTHENTICATED, false).startSpan();
        try {
            Scope makeCurrent = startSpan.makeCurrent();
            try {
                boolean authenticate = authenticate(containerRequestContext, Optional.ofNullable(extractAuthorizationToken(containerRequestContext.getHeaders())), "BASIC");
                startSpan.setAttribute(AUTHENTICATED, authenticate);
                if (!this.acceptAnonymous && !authenticate) {
                    throw new JwtAuthException("Credentials are required to access this resource.");
                }
                if (makeCurrent != null) {
                    makeCurrent.close();
                }
            } finally {
            }
        } finally {
            startSpan.end();
        }
    }

    private String extractAuthorizationToken(MultivaluedMap<String, String> multivaluedMap) {
        List list = (List) multivaluedMap.get("Authorization");
        if (list == null || list.isEmpty()) {
            return null;
        }
        String str = (String) list.get(0);
        if (str.contains(AUTHENTICATION_SCHEME_BEARER)) {
            return str.replaceFirst("Bearer ", "");
        }
        return null;
    }
}
