package io.confluent.common.security.jetty;

import io.confluent.common.security.auth.RestUserPrincipal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.security.auth.Subject;
import org.eclipse.jetty.security.AuthenticationState;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.security.authentication.LoginAuthenticator;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Response;
import org.eclipse.jetty.util.Callback;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/common/security/jetty/OAuthOrBasicAuthenticator.class */
public class OAuthOrBasicAuthenticator extends LoginAuthenticator {
    private static final Logger log = LoggerFactory.getLogger(OAuthOrBasicAuthenticator.class);
    public static final String USE_JWT_LOGIN_SERVICE = "io.confluent.useJWTLoginService";
    public static final String METADATA_RESOURCE_URI = "/v1/metadata/id";
    private final OAuthBearerAuthenticator oauth;
    private final BasicAuthenticator basic;
    private final List<String> allowedNoAuthEndpoints;

    public OAuthOrBasicAuthenticator() {
        this(new BasicAuthenticator());
    }

    public OAuthOrBasicAuthenticator(BasicAuthenticator basicAuthenticator) {
        this(basicAuthenticator, Collections.emptyList());
    }

    public OAuthOrBasicAuthenticator(BasicAuthenticator basicAuthenticator, List<String> list) {
        this.oauth = new OAuthBearerAuthenticator();
        this.allowedNoAuthEndpoints = new ArrayList();
        this.basic = basicAuthenticator;
        this.allowedNoAuthEndpoints.add(METADATA_RESOURCE_URI);
        this.allowedNoAuthEndpoints.addAll(list);
    }

    public String getAuthenticationType() {
        return "BEARER+BASIC";
    }

    public AuthenticationState validateRequest(Request request, Response response, Callback callback) throws ServerAuthException {
        if (this.allowedNoAuthEndpoints.stream().anyMatch(str -> {
            return request.getHttpURI().getPath().equalsIgnoreCase(str);
        })) {
            return new LoginAuthenticator.UserAuthenticationSucceeded(getAuthenticationType(), this._identityService.newUserIdentity(new Subject(), new RestUserPrincipal(""), new String[0]));
        }
        if (log.isDebugEnabled() && !OAuthRequestDataFactory.getInstance().getOAuthRequestData(request).authInfoExists()) {
            log.debug("Authentication Header/token information missing in the request");
        }
        if (!this.oauth.requestIsOAuth(request)) {
            return this.basic.validateRequest(request, response, callback);
        }
        request.setAttribute(USE_JWT_LOGIN_SERVICE, true);
        return this.oauth.validateRequest(request, response, callback);
    }

    public void setConfiguration(Authenticator.Configuration configuration) {
        super.setConfiguration(configuration);
        this.basic.setConfiguration(configuration);
        this.oauth.setConfiguration(configuration);
    }
}
