package com.yahoo.athenz.common.server.rest;

import com.yahoo.athenz.auth.Authority;
import com.yahoo.athenz.auth.Authorizer;
import com.yahoo.athenz.auth.Principal;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/yahoo/athenz/common/server/rest/Http.class */
public class Http {
    private static final Logger LOG = LoggerFactory.getLogger(Http.class);
    public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
    public static final String INVALID_CRED_ATTR = "com.yahoo.athenz.auth.credential.error";
    public static final String AUTH_CHALLENGES = "com.yahoo.athenz.auth.credential.challenges";
    public static final String JAVAX_CERT_ATTR = "jakarta.servlet.request.X509Certificate";

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.yahoo.athenz.common.server.rest.Http$1, reason: invalid class name */
    /* loaded from: input_file:com/yahoo/athenz/common/server/rest/Http$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$yahoo$athenz$auth$Authority$CredSource = new int[Authority.CredSource.values().length];

        static {
            try {
                $SwitchMap$com$yahoo$athenz$auth$Authority$CredSource[Authority.CredSource.HEADER.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$yahoo$athenz$auth$Authority$CredSource[Authority.CredSource.CERTIFICATE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$yahoo$athenz$auth$Authority$CredSource[Authority.CredSource.REQUEST.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    /* loaded from: input_file:com/yahoo/athenz/common/server/rest/Http$AuthorityList.class */
    public static class AuthorityList {
        List<Authority> authorities = new ArrayList();

        public void add(Authority authority) {
            this.authorities.add(authority);
        }

        public List<Authority> getAuthorities() {
            return this.authorities;
        }
    }

    static String getCookieValue(HttpServletRequest httpServletRequest, String str) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (cookies == null) {
            return null;
        }
        for (Cookie cookie : cookies) {
            if (str.equals(cookie.getName())) {
                return cookie.getValue();
            }
        }
        return null;
    }

    static String authenticatingCredentials(HttpServletRequest httpServletRequest, Authority authority) {
        String header = authority.getHeader();
        if (header == null) {
            return null;
        }
        return header.startsWith("Cookie.") ? getCookieValue(httpServletRequest, header.substring(7)) : httpServletRequest.getHeader(header);
    }

    public static Principal authenticate(HttpServletRequest httpServletRequest, AuthorityList authorityList) {
        return authenticate(httpServletRequest, authorityList, false);
    }

    /* JADX WARN: Removed duplicated region for block: B:22:0x00e4  */
    /* JADX WARN: Removed duplicated region for block: B:35:0x00e1 A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static com.yahoo.athenz.auth.Principal authenticate(jakarta.servlet.http.HttpServletRequest r6, com.yahoo.athenz.common.server.rest.Http.AuthorityList r7, boolean r8) {
        /*
            Method dump skipped, instructions count: 402
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.yahoo.athenz.common.server.rest.Http.authenticate(jakarta.servlet.http.HttpServletRequest, com.yahoo.athenz.common.server.rest.Http$AuthorityList, boolean):com.yahoo.athenz.auth.Principal");
    }

    public static String authenticatedUser(HttpServletRequest httpServletRequest, AuthorityList authorityList) {
        return authenticate(httpServletRequest, authorityList).getFullName();
    }

    public static String authorizedUser(HttpServletRequest httpServletRequest, AuthorityList authorityList, Authorizer authorizer, String str, String str2, String str3) {
        Principal authenticate = authenticate(httpServletRequest, authorityList);
        authorize(authorizer, authenticate, str, str2, str3);
        return authenticate.getFullName();
    }

    public static Principal authorize(Authorizer authorizer, Principal principal, String str, String str2, String str3) {
        if (str == null || str2 == null) {
            throw new ResourceException(ResourceException.BAD_REQUEST, "Missing 'action' and/or 'resource' parameters");
        }
        if (principal.getMtlsRestricted()) {
            throw new ResourceException(ResourceException.FORBIDDEN, "mTLS Restricted");
        }
        if (authorizer == null) {
            throw new ResourceException(ResourceException.INTERNAL_SERVER_ERROR, "No authorizer configured in service");
        }
        if (authorizer.access(str, str2, principal, str3)) {
            return principal;
        }
        throw new ResourceException(ResourceException.FORBIDDEN, "Forbidden");
    }
}
