package org.apache.jena.fuseki.main.auth;

import java.io.IOException;
import java.security.Principal;
import java.util.Objects;
import java.util.function.Function;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.jena.atlas.web.AuthScheme;
import org.apache.jena.fuseki.Fuseki;
import org.apache.jena.fuseki.servlets.ServletOps;
import org.apache.jena.http.auth.AuthHeader;
import org.slf4j.Logger;

/* loaded from: input_file:org/apache/jena/fuseki/main/auth/AuthBearerFilter.class */
public class AuthBearerFilter implements Filter {
    private static Logger log = Fuseki.serverLog;
    private final Function<String, String> verifiedUser;
    private final boolean requireBearer;

    /* renamed from: org.apache.jena.fuseki.main.auth.AuthBearerFilter$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/jena/fuseki/main/auth/AuthBearerFilter$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$jena$atlas$web$AuthScheme = new int[AuthScheme.values().length];

        static {
            try {
                $SwitchMap$org$apache$jena$atlas$web$AuthScheme[AuthScheme.BEARER.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$jena$atlas$web$AuthScheme[AuthScheme.UNKNOWN.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$apache$jena$atlas$web$AuthScheme[AuthScheme.BASIC.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$apache$jena$atlas$web$AuthScheme[AuthScheme.DIGEST.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    /* loaded from: input_file:org/apache/jena/fuseki/main/auth/AuthBearerFilter$BearerMode.class */
    public enum BearerMode {
        REQUIRED,
        OPTIONAL
    }

    /* loaded from: input_file:org/apache/jena/fuseki/main/auth/AuthBearerFilter$HttpServletRequestWithPrincipal.class */
    private static class HttpServletRequestWithPrincipal extends HttpServletRequestWrapper {
        private final String username;

        HttpServletRequestWithPrincipal(HttpServletRequest httpServletRequest, String str) {
            super(httpServletRequest);
            this.username = str;
        }

        public String getRemoteUser() {
            return this.username;
        }

        public Principal getUserPrincipal() {
            return () -> {
                return this.username;
            };
        }
    }

    public AuthBearerFilter(Function<String, String> function) {
        this(function, BearerMode.REQUIRED);
    }

    public AuthBearerFilter(Function<String, String> function, BearerMode bearerMode) {
        Objects.requireNonNull(bearerMode);
        Objects.requireNonNull(function);
        this.verifiedUser = function;
        this.requireBearer = bearerMode == BearerMode.REQUIRED;
    }

    public void init(FilterConfig filterConfig) {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            String httpAuthField = getHttpAuthField(httpServletRequest);
            if (httpAuthField == null && this.requireBearer) {
                sendResponseNoAuthPresent(httpServletResponse);
                return;
            }
            if (httpAuthField == null && !this.requireBearer) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            AuthHeader authToken = getAuthToken(httpServletRequest, httpAuthField);
            if (this.requireBearer && !AuthScheme.BEARER.equals(authToken.getAuthScheme())) {
                sendResponseBearerRequired(httpServletResponse);
                return;
            }
            switch (AnonymousClass1.$SwitchMap$org$apache$jena$atlas$web$AuthScheme[authToken.getAuthScheme().ordinal()]) {
                case 1:
                    String bearerToken = authToken.getBearerToken();
                    if (bearerToken == null) {
                        log.warn("Not a legal bearer token: " + authToken.getAuthArgs());
                        httpServletResponse.sendError(400);
                        return;
                    } else {
                        if (this.verifiedUser == null) {
                            httpServletResponse.sendError(400);
                            return;
                        }
                        String apply = this.verifiedUser.apply(bearerToken);
                        if (apply == null) {
                            httpServletResponse.sendError(403);
                            return;
                        } else {
                            filterChain.doFilter(new HttpServletRequestWithPrincipal(httpServletRequest, apply), servletResponse);
                            return;
                        }
                    }
                case 2:
                case 3:
                case 4:
                default:
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
            }
        } catch (Throwable th) {
            log.info("Filter: unexpected exception: " + th.getMessage(), th);
            ServletOps.error(500);
        }
    }

    public void destroy() {
    }

    protected String getHttpAuthField(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader("Authorization");
    }

    protected void sendResponseNoAuthPresent(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("WWW-Authenticate", "Bearer");
        httpServletResponse.sendError(401);
    }

    protected void sendResponseBearerRequired(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendError(403);
    }

    protected AuthHeader getAuthToken(HttpServletRequest httpServletRequest, String str) {
        return AuthHeader.parseAuth(str);
    }
}
