package org.eclipse.hawkbit.security;

import java.util.Optional;
import org.eclipse.hawkbit.repository.ControllerManagement;
import org.eclipse.hawkbit.repository.TenantConfigurationManagement;
import org.eclipse.hawkbit.tenancy.TenantAware;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/hawkbit/security/ControllerPreAuthenticateSecurityTokenFilter.class */
public class ControllerPreAuthenticateSecurityTokenFilter extends AbstractControllerAuthenticationFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(ControllerPreAuthenticateSecurityTokenFilter.class);
    private static final String TARGET_SECURITY_TOKEN_AUTH_SCHEME = "TargetToken ";
    private static final int OFFSET_TARGET_TOKEN = TARGET_SECURITY_TOKEN_AUTH_SCHEME.length();
    private final ControllerManagement controllerManagement;

    public ControllerPreAuthenticateSecurityTokenFilter(TenantConfigurationManagement tenantConfigurationManagement, ControllerManagement controllerManagement, TenantAware tenantAware, SystemSecurityContext systemSecurityContext) {
        super(tenantConfigurationManagement, tenantAware, systemSecurityContext);
        this.controllerManagement = controllerManagement;
    }

    @Override // org.eclipse.hawkbit.security.PreAuthenticationFilter
    public HeaderAuthentication getPreAuthenticatedPrincipal(DmfTenantSecurityToken dmfTenantSecurityToken) {
        String resolveControllerId = resolveControllerId(dmfTenantSecurityToken);
        String header = dmfTenantSecurityToken.getHeader(DmfTenantSecurityToken.AUTHORIZATION_HEADER);
        if (header == null || !header.startsWith(TARGET_SECURITY_TOKEN_AUTH_SCHEME)) {
            LOGGER.debug("security token filter is enabled but requst does not contain either the necessary path variables {} or the authorization header with scheme {}", dmfTenantSecurityToken, TARGET_SECURITY_TOKEN_AUTH_SCHEME);
            return null;
        }
        LOGGER.debug("found authorization header with scheme {} using target security token for authentication", TARGET_SECURITY_TOKEN_AUTH_SCHEME);
        return new HeaderAuthentication(resolveControllerId, header.substring(OFFSET_TARGET_TOKEN));
    }

    @Override // org.eclipse.hawkbit.security.PreAuthenticationFilter
    public HeaderAuthentication getPreAuthenticatedCredentials(DmfTenantSecurityToken dmfTenantSecurityToken) {
        return (HeaderAuthentication) ((Optional) this.systemSecurityContext.runAsSystemAsTenant(() -> {
            return dmfTenantSecurityToken.getTargetId() != null ? this.controllerManagement.get(dmfTenantSecurityToken.getTargetId().longValue()) : this.controllerManagement.getByControllerId(dmfTenantSecurityToken.getControllerId());
        }, dmfTenantSecurityToken.getTenant())).map(target -> {
            return new HeaderAuthentication(target.getControllerId(), (String) this.systemSecurityContext.runAsSystemAsTenant(() -> {
                return target.getSecurityToken();
            }, dmfTenantSecurityToken.getTenant()));
        }).orElse(null);
    }

    private String resolveControllerId(DmfTenantSecurityToken dmfTenantSecurityToken) {
        return dmfTenantSecurityToken.getControllerId() != null ? dmfTenantSecurityToken.getControllerId() : (String) ((Optional) this.systemSecurityContext.runAsSystemAsTenant(() -> {
            return this.controllerManagement.get(dmfTenantSecurityToken.getTargetId().longValue());
        }, dmfTenantSecurityToken.getTenant())).map((v0) -> {
            return v0.getControllerId();
        }).orElse(null);
    }

    @Override // org.eclipse.hawkbit.security.AbstractControllerAuthenticationFilter
    protected String getTenantConfigurationKey() {
        return "authentication.targettoken.enabled";
    }
}
