package org.killbill.billing.server.security;

import com.google.common.collect.ImmutableList;
import java.io.IOException;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.pam.ModularRealmAuthenticator;
import org.killbill.billing.server.listeners.KillbillGuiceListener;
import org.killbill.billing.tenant.api.TenantApiException;
import org.killbill.billing.tenant.api.TenantUserApi;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:org/killbill/billing/server/security/TenantFilter.class */
public class TenantFilter implements Filter {
    public static final String TENANT = "killbill_tenant";
    private static final Logger log = LoggerFactory.getLogger(TenantFilter.class);

    @Inject
    protected TenantUserApi tenantUserApi;

    @Inject
    protected KillbillJdbcTenantRealm killbillJdbcTenantRealm;
    private ModularRealmAuthenticator modularRealmAuthenticator;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.modularRealmAuthenticator = new ModularRealmAuthenticator();
        this.modularRealmAuthenticator.setRealms(ImmutableList.of(this.killbillJdbcTenantRealm));
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String str = null;
        String str2 = null;
        if (servletRequest instanceof HttpServletRequest) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            str = httpServletRequest.getHeader("X-Killbill-ApiKey");
            str2 = httpServletRequest.getHeader("X-Killbill-ApiSecret");
        }
        if (str == null || str2 == null) {
            handleAuthenticationError(String.format("Make sure to set the %s and %s headers", "X-Killbill-ApiKey", "X-Killbill-ApiSecret"), filterChain, servletRequest, servletResponse);
            return;
        }
        try {
            this.modularRealmAuthenticator.authenticate(new UsernamePasswordToken(str, str2));
            try {
                servletRequest.setAttribute(TENANT, this.tenantUserApi.getTenantByApiKey(str));
                filterChain.doFilter(servletRequest, servletResponse);
            } catch (TenantApiException e) {
                log.warn("Couldn't find the tenant?", e);
            }
        } catch (AuthenticationException e2) {
            handleAuthenticationError(e2.getLocalizedMessage(), filterChain, servletRequest, servletResponse);
        }
    }

    private void handleAuthenticationError(String str, FilterChain filterChain, ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
        if (shouldContinueIfTenantInformationIsWrongOrMissing(servletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            sendAuthError(servletResponse, str);
        }
    }

    public void destroy() {
    }

    private boolean shouldContinueIfTenantInformationIsWrongOrMissing(ServletRequest servletRequest) {
        boolean z = false;
        if (servletRequest instanceof HttpServletRequest) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            String pathInfo = httpServletRequest.getPathInfo();
            String method = httpServletRequest.getMethod();
            if (isTenantCreationRequest(pathInfo, method) || isPermissionRequest(pathInfo, method) || isNodeCreationRequest(pathInfo, method) || isMetricsRequest(pathInfo, method) || isOptionsRequest(method) || isPluginRequest(pathInfo) || isNotKbNorPluginResourceRequest(pathInfo, method)) {
                z = true;
            }
        }
        return z;
    }

    private boolean isPermissionRequest(String str, String str2) {
        return str != null && str.startsWith("/1.0/kb/security");
    }

    private boolean isTenantCreationRequest(String str, String str2) {
        return "/1.0/kb/tenants".equals(str) && "POST".equals(str2);
    }

    private boolean isNodeCreationRequest(String str, String str2) {
        return "/1.0/kb/nodesInfo".equals(str) && "POST".equals(str2);
    }

    private boolean isMetricsRequest(String str, String str2) {
        return KillbillGuiceListener.METRICS_SERVLETS_PATHS.contains(str) && "GET".equals(str2);
    }

    private boolean isOptionsRequest(String str) {
        return "OPTIONS".equals(str);
    }

    private boolean isNotKbNorPluginResourceRequest(String str, String str2) {
        return (isPluginRequest(str) || isKbApiRequest(str) || !"GET".equals(str2)) ? false : true;
    }

    private boolean isKbApiRequest(String str) {
        return str != null && str.startsWith("/1.0/kb");
    }

    private boolean isPluginRequest(String str) {
        return str != null && str.startsWith("/plugins");
    }

    private void sendAuthError(ServletResponse servletResponse, String str) throws IOException {
        if (servletResponse instanceof HttpServletResponse) {
            ((HttpServletResponse) servletResponse).sendError(401, str);
        }
    }
}
