package _ss_com.streamsets.datacollector.activation;

import _ss_com.com.google.common.collect.ImmutableSet;
import _ss_com.streamsets.datacollector.restapi.configuration.ActivationInjector;
import _ss_com.streamsets.datacollector.util.AuthzRole;
import com.streamsets.pipeline.api.impl.Utils;
import java.security.Principal;
import java.util.Set;
import javax.security.auth.Subject;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.eclipse.jetty.security.Authenticator;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.server.Authentication;
import org.eclipse.jetty.server.UserIdentity;

/* loaded from: input_file:_ss_com/streamsets/datacollector/activation/ActivationAuthenticator.class */
public class ActivationAuthenticator implements Authenticator {
    private final Authenticator authenticator;
    private final Activation activation;
    private static final Set<String> ALLOWED_ROLES = ImmutableSet.of("user", AuthzRole.GUEST, AuthzRole.GUEST_REMOTE);

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:_ss_com/streamsets/datacollector/activation/ActivationAuthenticator$ExpiredActivationUser.class */
    public class ExpiredActivationUser implements Authentication.User {
        private final Authentication.User user;

        public ExpiredActivationUser(Authentication.User user) {
            this.user = user;
        }

        @Override // org.eclipse.jetty.server.Authentication.User
        public String getAuthMethod() {
            return this.user.getAuthMethod();
        }

        @Override // org.eclipse.jetty.server.Authentication.User
        public UserIdentity getUserIdentity() {
            final UserIdentity userIdentity = this.user.getUserIdentity();
            return new UserIdentity() { // from class: _ss_com.streamsets.datacollector.activation.ActivationAuthenticator.ExpiredActivationUser.1
                @Override // org.eclipse.jetty.server.UserIdentity
                public Subject getSubject() {
                    return userIdentity.getSubject();
                }

                @Override // org.eclipse.jetty.server.UserIdentity
                public Principal getUserPrincipal() {
                    return userIdentity.getUserPrincipal();
                }

                @Override // org.eclipse.jetty.server.UserIdentity
                public boolean isUserInRole(String str, UserIdentity.Scope scope) {
                    return ExpiredActivationUser.this.isUserInRole(scope, str);
                }
            };
        }

        @Override // org.eclipse.jetty.server.Authentication.User
        public boolean isUserInRole(UserIdentity.Scope scope, String str) {
            if (ActivationAuthenticator.ALLOWED_ROLES.contains(str)) {
                return true;
            }
            if (AuthzRole.ADMIN_ACTIVATION.equals(str)) {
                return this.user.isUserInRole(scope, AuthzRole.ADMIN) || this.user.isUserInRole(scope, AuthzRole.ADMIN_REMOTE);
            }
            return false;
        }

        @Override // org.eclipse.jetty.server.Authentication.User
        public void logout() {
            this.user.logout();
        }
    }

    public ActivationAuthenticator(Authenticator authenticator, Activation activation) {
        Utils.checkNotNull(authenticator, "authenticator");
        Utils.checkNotNull(activation, ActivationInjector.ACTIVATION);
        this.authenticator = authenticator;
        this.activation = activation;
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public void setConfiguration(Authenticator.AuthConfiguration authConfiguration) {
        this.authenticator.setConfiguration(authConfiguration);
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public String getAuthMethod() {
        return this.authenticator.getAuthMethod();
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public void prepareRequest(ServletRequest servletRequest) {
        this.authenticator.prepareRequest(servletRequest);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v2, types: [org.eclipse.jetty.server.Authentication] */
    @Override // org.eclipse.jetty.security.Authenticator
    public Authentication validateRequest(ServletRequest servletRequest, ServletResponse servletResponse, boolean z) throws ServerAuthException {
        Authentication.User validateRequest = this.authenticator.validateRequest(servletRequest, servletResponse, z);
        if ((validateRequest instanceof Authentication.User) && this.activation.isEnabled() && !this.activation.getInfo().isValid()) {
            validateRequest = createExpiredActivationUser(validateRequest);
        }
        return validateRequest;
    }

    @Override // org.eclipse.jetty.security.Authenticator
    public boolean secureResponse(ServletRequest servletRequest, ServletResponse servletResponse, boolean z, Authentication.User user) throws ServerAuthException {
        return this.authenticator.secureResponse(servletRequest, servletResponse, z, user);
    }

    protected Authentication.User createExpiredActivationUser(Authentication.User user) {
        return new ExpiredActivationUser(user);
    }
}
