package com.terracotta.management.security.web.jersey;

import com.sun.jersey.api.client.ClientHandlerException;
import com.sun.jersey.api.client.ClientRequest;
import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.filter.ClientFilter;
import com.terracotta.management.keychain.URIKeyName;
import com.terracotta.management.security.HMACBuilder;
import com.terracotta.management.security.IACredentials;
import com.terracotta.management.security.KeyChainAccessor;
import com.terracotta.management.security.RequestTicketMonitor;
import com.terracotta.management.services.JerseyClientFactory;
import java.net.URI;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import javax.ws.rs.core.MultivaluedMap;

/* loaded from: input_file:WEB-INF/classes/com/terracotta/management/security/web/jersey/TMSRequestSecurityClientFilter.class */
public final class TMSRequestSecurityClientFilter extends ClientFilter {
    private final RequestTicketMonitor monitor;
    private final KeyChainAccessor accessor;

    public TMSRequestSecurityClientFilter(RequestTicketMonitor requestTicketMonitor, KeyChainAccessor keyChainAccessor) {
        this.monitor = requestTicketMonitor;
        this.accessor = keyChainAccessor;
    }

    @Override // com.sun.jersey.api.client.filter.ClientFilter, com.sun.jersey.api.client.ClientHandler
    public ClientResponse handle(ClientRequest clientRequest) throws ClientHandlerException {
        if (((Boolean) clientRequest.getProperties().get(JerseyClientFactory.SECURITY_ENABLED)).booleanValue()) {
            boolean booleanValue = ((Boolean) clientRequest.getProperties().get(JerseyClientFactory.CLIENT_CERT_AUTH_ENABLED)).booleanValue();
            MultivaluedMap<String, Object> headers = clientRequest.getHeaders();
            String issueRequestTicket = this.monitor.issueRequestTicket();
            headers.putSingle(IACredentials.REQ_TICKET, issueRequestTicket);
            if (issueRequestTicket == null) {
                throw new ClientHandlerException("Failed to obtain request ticket for security.");
            }
            if (!booleanValue) {
                String str = (String) ((List) headers.get(IACredentials.TC_ID_TOKEN)).get(0);
                URIKeyName uRIKeyName = new URIKeyName((URI) clientRequest.getProperties().get(JerseyClientFactory.CLIENT_BASE_URI));
                headers.putSingle(IACredentials.ALIAS, uRIKeyName);
                try {
                    headers.putSingle(IACredentials.SIGNATURE, HMACBuilder.getInstance(this.accessor.retrieveSecret(uRIKeyName)).addMessageComponent(issueRequestTicket).addMessageComponent(str).addMessageComponent(uRIKeyName.getURI().toString()).buildEncoded());
                } catch (InvalidKeyException e) {
                    throw new RuntimeException("BUG Alert! Failed to create signed hash.", e);
                } catch (NoSuchAlgorithmException e2) {
                    throw new RuntimeException("BUG Alert! Failed to create signed hash.", e2);
                }
            }
        } else {
            clientRequest.getHeaders().remove(IACredentials.TC_ID_TOKEN);
        }
        return getNext().handle(clientRequest);
    }
}
