package _ss_com.streamsets.lib.security.http;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.security.ServerAuthException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:_ss_com/streamsets/lib/security/http/SSOAppAuthenticator.class */
public class SSOAppAuthenticator extends AbstractSSOAuthenticator {
    private static final Logger LOG = LoggerFactory.getLogger(SSOAppAuthenticator.class);

    public SSOAppAuthenticator(SSOService sSOService) {
        super(sSOService);
    }

    @Override // _ss_com.streamsets.lib.security.http.AbstractSSOAuthenticator
    protected Logger getLog() {
        return LOG;
    }

    String getAppAuthToken(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader(SSOConstants.X_APP_AUTH_TOKEN);
    }

    String getAppComponentId(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader(SSOConstants.X_APP_COMPONENT_ID);
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public org.eclipse.jetty.server.Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        org.eclipse.jetty.server.Authentication returnUnauthorized;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String appComponentId = getAppComponentId(httpServletRequest);
        if (!z) {
            if (LOG.isDebugEnabled()) {
                LOG.trace("URL '{}' does not require authentication", getRequestInfoForLogging(httpServletRequest, appComponentId));
            }
            returnUnauthorized = org.eclipse.jetty.server.Authentication.NOT_CHECKED;
        } else if (((HttpServletRequest) servletRequest).getHeader("X-Requested-By") == null) {
            returnUnauthorized = returnUnauthorized(httpServletRequest, httpServletResponse, appComponentId, "Not a REST call: {}");
        } else {
            String appAuthToken = getAppAuthToken(httpServletRequest);
            if (appAuthToken == null) {
                returnUnauthorized = returnUnauthorized(httpServletRequest, httpServletResponse, appComponentId, "Missing app authentication token: {}");
            } else if (appComponentId == null) {
                returnUnauthorized = returnUnauthorized(httpServletRequest, httpServletResponse, null, "Missing component ID: {}");
            } else {
                try {
                    SSOPrincipal validateAppToken = getSsoService().validateAppToken(appAuthToken, appComponentId);
                    returnUnauthorized = validateAppToken != null ? new SSOAuthenticationUser(validateAppToken) : returnUnauthorized(httpServletRequest, httpServletResponse, appComponentId, "Invalid app authentication token: {}");
                } catch (ForbiddenException e) {
                    returnUnauthorized = returnUnauthorized(httpServletRequest, httpServletResponse, e.getErrorInfo(), appComponentId, "Request: {}");
                }
            }
        }
        return returnUnauthorized;
    }
}
