package com.bazaarvoice.emodb.auth.jersey;

import ch.qos.logback.classic.spi.CallerData;
import com.google.common.base.Function;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import com.google.common.collect.Maps;
import com.sun.jersey.api.core.HttpRequestContext;
import com.sun.jersey.api.model.AbstractMethod;
import com.sun.jersey.spi.container.ResourceFilter;
import com.sun.jersey.spi.container.ResourceFilterFactory;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.ws.rs.Path;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.mgt.SecurityManager;

/* loaded from: input_file:com/bazaarvoice/emodb/auth/jersey/AuthResourceFilterFactory.class */
public class AuthResourceFilterFactory implements ResourceFilterFactory {
    private static final Pattern SUBSTITUTION_MATCHER = Pattern.compile("\\{(?<param>(\\?.|[^\\?]).*)\\}");
    private final SecurityManager _securityManager;
    private final AuthenticationTokenGenerator<?> _tokenGenerator;

    public AuthResourceFilterFactory(SecurityManager securityManager, AuthenticationTokenGenerator<?> authenticationTokenGenerator) {
        this._securityManager = (SecurityManager) Preconditions.checkNotNull(securityManager, "securityManager");
        this._tokenGenerator = (AuthenticationTokenGenerator) Preconditions.checkNotNull(authenticationTokenGenerator, "tokenGenerator");
    }

    @Override // com.sun.jersey.spi.container.ResourceFilterFactory
    public List<ResourceFilter> create(AbstractMethod abstractMethod) {
        LinkedList newLinkedList = Lists.newLinkedList();
        RequiresPermissions requiresPermissions = (RequiresPermissions) abstractMethod.getResource().getAnnotation(RequiresPermissions.class);
        if (requiresPermissions != null) {
            newLinkedList.add(new AuthorizationResourceFilter(ImmutableList.copyOf(requiresPermissions.value()), requiresPermissions.logical(), createSubstitutionMap(requiresPermissions, abstractMethod)));
        }
        RequiresPermissions requiresPermissions2 = (RequiresPermissions) abstractMethod.getAnnotation(RequiresPermissions.class);
        if (requiresPermissions2 != null) {
            newLinkedList.add(new AuthorizationResourceFilter(ImmutableList.copyOf(requiresPermissions2.value()), requiresPermissions2.logical(), createSubstitutionMap(requiresPermissions2, abstractMethod)));
        }
        if (!newLinkedList.isEmpty() || abstractMethod.getResource().getAnnotation(RequiresAuthentication.class) != null || abstractMethod.getAnnotation(RequiresAuthentication.class) != null) {
            newLinkedList.addFirst(new AuthenticationResourceFilter(this._securityManager, this._tokenGenerator));
        }
        return newLinkedList;
    }

    private Map<String, Function<HttpRequestContext, String>> createSubstitutionMap(RequiresPermissions requiresPermissions, AbstractMethod abstractMethod) {
        return createSubstitutionMap(requiresPermissions.value(), abstractMethod);
    }

    private Map<String, Function<HttpRequestContext, String>> createSubstitutionMap(String[] strArr, AbstractMethod abstractMethod) {
        LinkedHashMap newLinkedHashMap = Maps.newLinkedHashMap();
        for (String str : strArr) {
            Matcher matcher = SUBSTITUTION_MATCHER.matcher(str);
            while (matcher.find()) {
                String group = matcher.group();
                if (!newLinkedHashMap.containsKey(group)) {
                    String group2 = matcher.group("param");
                    newLinkedHashMap.put(group, group2.startsWith(CallerData.NA) ? createQuerySubstitution(group2.substring(1)) : createPathSubstitution(group2, abstractMethod));
                }
            }
        }
        return newLinkedHashMap;
    }

    private Function<HttpRequestContext, String> createPathSubstitution(String str, AbstractMethod abstractMethod) {
        int i = 0;
        int i2 = -1;
        for (Path path : new Path[]{(Path) abstractMethod.getResource().getAnnotation(Path.class), (Path) abstractMethod.getAnnotation(Path.class)}) {
            if (path != null) {
                int substitutionIndex = getSubstitutionIndex(str, path.value());
                if (substitutionIndex >= 0) {
                    i2 = i + substitutionIndex;
                } else {
                    i += -substitutionIndex;
                }
            }
        }
        if (i2 == -1) {
            throw new IllegalArgumentException("Param not found in path: " + str);
        }
        final int i3 = i2;
        return new Function<HttpRequestContext, String>() { // from class: com.bazaarvoice.emodb.auth.jersey.AuthResourceFilterFactory.1
            @Override // com.google.common.base.Function
            public String apply(HttpRequestContext httpRequestContext) {
                return httpRequestContext.getPathSegments().get(i3).getPath();
            }
        };
    }

    private int getSubstitutionIndex(String str, String str2) {
        String format = String.format("{%s}", str);
        if (str2.startsWith("/")) {
            str2 = str2.substring(1);
        }
        if (str2.endsWith("/")) {
            str2 = str2.substring(0, str2.length() - 1);
        }
        String[] split = str2.split("/");
        for (int i = 0; i < split.length; i++) {
            if (format.equals(split[i])) {
                return i;
            }
        }
        return -split.length;
    }

    private Function<HttpRequestContext, String> createQuerySubstitution(final String str) {
        return new Function<HttpRequestContext, String>() { // from class: com.bazaarvoice.emodb.auth.jersey.AuthResourceFilterFactory.2
            @Override // com.google.common.base.Function
            public String apply(HttpRequestContext httpRequestContext) {
                MultivaluedMap<String, String> queryParameters = httpRequestContext.getQueryParameters();
                if (!queryParameters.containsKey(str)) {
                    throw new IllegalStateException("Parameter required for authentication is missing: " + str);
                }
                List list = (List) queryParameters.get(str);
                if (list.size() != 1) {
                    throw new IllegalStateException("Exactly one parameter expected for authentication: " + str);
                }
                return (String) list.get(0);
            }
        };
    }
}
