package io.confluent.common.security.jetty;

import io.confluent.common.security.auth.RestUserPrincipal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.UserAuthentication;
import org.eclipse.jetty.security.authentication.BasicAuthenticator;
import org.eclipse.jetty.security.authentication.DeferredAuthentication;
import org.eclipse.jetty.security.authentication.LoginAuthenticator;
import org.eclipse.jetty.server.Authentication;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/confluent/common/security/jetty/OAuthOrBasicAuthenticator.class */
public class OAuthOrBasicAuthenticator extends LoginAuthenticator {
    public static final String USE_JWT_LOGIN_SERVICE = "io.confluent.useJWTLoginService";
    public static final String METADATA_RESOURCE_URI = "/v1/metadata/id";
    private final BasicAuthenticator basic;
    private final List<String> allowedNoAuthEndpoints;
    private static final Logger log = LoggerFactory.getLogger(OAuthOrBasicAuthenticator.class);
    private static final OAuthBearerAuthenticator oauth = new OAuthBearerAuthenticator();

    public OAuthOrBasicAuthenticator() {
        this(new BasicAuthenticator());
    }

    public OAuthOrBasicAuthenticator(BasicAuthenticator basicAuthenticator) {
        this(basicAuthenticator, Collections.emptyList());
    }

    public OAuthOrBasicAuthenticator(BasicAuthenticator basicAuthenticator, List<String> list) {
        this.allowedNoAuthEndpoints = new ArrayList();
        this.basic = basicAuthenticator;
        this.allowedNoAuthEndpoints.add(METADATA_RESOURCE_URI);
        this.allowedNoAuthEndpoints.addAll(list);
    }

    public String getAuthMethod() {
        return "BEARER+BASIC";
    }

    public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (this.allowedNoAuthEndpoints.stream().anyMatch(str -> {
            return httpServletRequest.getRequestURI().equalsIgnoreCase(str);
        })) {
            return new UserAuthentication(getAuthMethod(), this._identityService.newUserIdentity(new Subject(), new RestUserPrincipal(""), new String[0]));
        }
        if (!z) {
            return new DeferredAuthentication(this);
        }
        if (log.isDebugEnabled() && !new OAuthRequestData(httpServletRequest).authInfoExists()) {
            log.debug("Authentication Header/token information missing in the request");
        }
        if (!oauth.requestIsOath((HttpServletRequest) servletRequest)) {
            return this.basic.validateRequest(servletRequest, servletResponse, true);
        }
        servletRequest.setAttribute(USE_JWT_LOGIN_SERVICE, true);
        return oauth.validateRequest(servletRequest, servletResponse, true);
    }

    public void setConfiguration(Authenticator.AuthConfiguration authConfiguration) {
        super.setConfiguration(authConfiguration);
        this.basic.setConfiguration(authConfiguration);
        oauth.setConfiguration(authConfiguration);
    }

    public boolean secureResponse(ServletRequest servletRequest, ServletResponse servletResponse, boolean z, Authentication.User user) {
        return true;
    }
}
