package com.aeontronix.kryptotek.rest.server.jaxrs;

import com.aeontronix.commons.BackendAccessException;
import com.aeontronix.commons.InvalidBackendDataException;
import com.aeontronix.commons.TimeUtils;
import com.aeontronix.kryptotek.CryptoEngine;
import com.aeontronix.kryptotek.DigestAlgorithm;
import com.aeontronix.kryptotek.key.SignatureVerificationKey;
import com.aeontronix.kryptotek.key.SigningKey;
import com.aeontronix.kryptotek.rest.AuthenticationFailedException;
import com.aeontronix.kryptotek.rest.AuthenticationFilterHelper;
import com.aeontronix.kryptotek.rest.InvalidRequestException;
import com.aeontronix.kryptotek.rest.RESTResponseSigner;
import com.aeontronix.kryptotek.rest.ReplayAttackValidator;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URI;
import java.security.Principal;
import java.util.Date;
import java.util.List;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.WriterInterceptor;
import javax.ws.rs.ext.WriterInterceptorContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/aeontronix/kryptotek/rest/server/jaxrs/RESTAuthenticationFilter.class */
public abstract class RESTAuthenticationFilter extends AuthenticationFilterHelper<Principal, ContainerRequestContext> implements ContainerRequestFilter, ContainerResponseFilter, WriterInterceptor {
    private static final Logger logger = LoggerFactory.getLogger(RESTAuthenticationFilter.class);
    public static final String TMP_REQDETAILS = "X-TMP-REQDETAILS";

    /* loaded from: input_file:com/aeontronix/kryptotek/rest/server/jaxrs/RESTAuthenticationFilter$RequestDetails.class */
    public class RequestDetails {
        private final String nonce;
        private final String signature;
        private final String identity;
        private final String responseTimestamp = TimeUtils.formatISOUTCDateTime(new Date());
        private final Principal principal;
        private final int statusCode;

        public RequestDetails(String str, String str2, String str3, Principal principal, int i) {
            this.nonce = str;
            this.signature = str2;
            this.identity = str3;
            this.principal = principal;
            this.statusCode = i;
        }
    }

    public RESTAuthenticationFilter() {
    }

    public RESTAuthenticationFilter(CryptoEngine cryptoEngine) {
        super(cryptoEngine);
    }

    public RESTAuthenticationFilter(CryptoEngine cryptoEngine, ReplayAttackValidator replayAttackValidator) {
        super(cryptoEngine, replayAttackValidator);
    }

    public RESTAuthenticationFilter(CryptoEngine cryptoEngine, Long l, DigestAlgorithm digestAlgorithm, long j, ReplayAttackValidator replayAttackValidator) {
        super(cryptoEngine, l, digestAlgorithm, j, replayAttackValidator);
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        URI requestUri = containerRequestContext.getUriInfo().getRequestUri();
        try {
            containerRequestContext.setSecurityContext(new RESTSecurityContext((Principal) authenticateRequest(containerRequestContext.getEntityStream(), containerRequestContext.getHeaderString("X-KT-NONCE"), containerRequestContext.getHeaderString("X-KT-IDENTITY"), containerRequestContext.getHeaderString("X-KT-TIMESTAMP"), containerRequestContext.getHeaderString("X-KT-SIGNATURE"), containerRequestContext.getMethod(), requestUri.getPath(), requestUri.getRawQuery(), containerRequestContext), containerRequestContext.getSecurityContext().isSecure()));
        } catch (AuthenticationFailedException e) {
            logger.warn(e.getMessage(), e);
            throw new WebApplicationException(e.getMessage(), e, Response.Status.UNAUTHORIZED);
        } catch (InvalidRequestException e2) {
            logger.warn(e2.getMessage(), e2);
            throw new WebApplicationException(e2.getMessage(), e2, Response.Status.UNAUTHORIZED);
        } catch (InvalidBackendDataException e3) {
            logger.error(e3.getMessage(), e3);
            throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void replaceDataStream(ContainerRequestContext containerRequestContext, InputStream inputStream) {
        containerRequestContext.setEntityStream(inputStream);
    }

    public void aroundWriteTo(WriterInterceptorContext writerInterceptorContext) throws IOException, WebApplicationException {
        RequestDetails requestDetails = (RequestDetails) writerInterceptorContext.getProperty(TMP_REQDETAILS);
        if (requestDetails.principal != null) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            OutputStream outputStream = writerInterceptorContext.getOutputStream();
            writerInterceptorContext.setOutputStream(byteArrayOutputStream);
            writerInterceptorContext.proceed();
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            RESTResponseSigner rESTResponseSigner = new RESTResponseSigner(requestDetails.nonce, requestDetails.signature, requestDetails.statusCode, byteArray);
            try {
                List list = (List) writerInterceptorContext.getHeaders().get("X-KT-SIGNATURE");
                if (list != null && !list.isEmpty()) {
                    throw new IllegalStateException("Signature header already exists in response");
                }
                writerInterceptorContext.getHeaders().add("X-KT-TIMESTAMP", requestDetails.responseTimestamp);
                writerInterceptorContext.getHeaders().add("X-KT-SIGNATURE", signResponse(requestDetails.principal, rESTResponseSigner.getDataToSign()));
                outputStream.write(byteArray);
            } catch (BackendAccessException e) {
                logger.error("Unexpected BackendAccessException" + e.getMessage(), e);
                throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
            } catch (InvalidBackendDataException e2) {
                logger.error("Invalid key for identity " + requestDetails.identity + " : " + e2.getMessage(), e2);
                throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
            }
        }
    }

    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException {
        RequestDetails requestDetails = new RequestDetails(containerRequestContext.getHeaderString("X-KT-NONCE"), containerRequestContext.getHeaderString("X-KT-SIGNATURE"), containerRequestContext.getHeaderString("X-KT-IDENTITY"), containerRequestContext.getSecurityContext().getUserPrincipal(), containerResponseContext.getStatus());
        if (containerResponseContext.getEntity() != null || requestDetails.principal == null) {
            containerRequestContext.setProperty(TMP_REQDETAILS, requestDetails);
            return;
        }
        RESTResponseSigner rESTResponseSigner = new RESTResponseSigner(requestDetails.nonce, requestDetails.signature, requestDetails.statusCode, (byte[]) null);
        containerResponseContext.getHeaders().add("X-KT-TIMESTAMP", requestDetails.responseTimestamp);
        try {
            containerResponseContext.getHeaders().add("X-KT-SIGNATURE", signResponse(requestDetails.principal, rESTResponseSigner.getDataToSign()));
        } catch (InvalidBackendDataException e) {
            throw new WebApplicationException(Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* renamed from: findUserPrincipal, reason: merged with bridge method [inline-methods] */
    public abstract Principal m1findUserPrincipal(String str) throws BackendAccessException;

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract SignatureVerificationKey findVerificationKey(Principal principal) throws BackendAccessException;

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract SigningKey findSigningKey(Principal principal) throws BackendAccessException;
}
