package com.facebook.airlift.http.server;

import com.facebook.airlift.http.server.HttpServerConfig;
import com.google.common.collect.ImmutableSet;
import com.google.common.io.ByteStreams;
import java.io.IOException;
import java.security.Principal;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import javax.annotation.security.RolesAllowed;
import javax.servlet.Servlet;
import javax.servlet.ServletException;
import javax.servlet.ServletInputStream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/facebook/airlift/http/server/AuthorizationEnabledServlet.class */
public class AuthorizationEnabledServlet extends HttpServlet {
    private final Servlet delegate;
    private final Authorizer authorizer;
    private final HttpServerConfig.AuthorizationPolicy authorizationPolicy;
    private final Set<String> defaultAllowedRoles;
    private final Optional<Set<String>> allowedRoles;
    private final boolean allowUnsecureRequestsInAuthorizer;

    public AuthorizationEnabledServlet(Servlet servlet, Authorizer authorizer, HttpServerConfig.AuthorizationPolicy authorizationPolicy, Set<String> set, boolean z) {
        this.delegate = (Servlet) Objects.requireNonNull(servlet, "delegate is null");
        this.authorizer = (Authorizer) Objects.requireNonNull(authorizer, "authorizer is null");
        this.authorizationPolicy = (HttpServerConfig.AuthorizationPolicy) Objects.requireNonNull(authorizationPolicy, "authorizationPolicy is null");
        this.defaultAllowedRoles = (Set) Objects.requireNonNull(set, "defaultAllowedRoles is null");
        this.allowedRoles = getRolesFromClassMetadata(servlet);
        this.allowUnsecureRequestsInAuthorizer = z;
    }

    public void init() throws ServletException {
        super.init();
        this.delegate.init(getServletConfig());
    }

    public void service(ServletRequest servletRequest, ServletResponse servletResponse) throws ServletException, IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (httpServletRequest.isSecure() || !this.allowUnsecureRequestsInAuthorizer) {
            Principal userPrincipal = httpServletRequest.getUserPrincipal();
            if (userPrincipal == null) {
                abortWithMessage(httpServletRequest, httpServletResponse, "Request principal is missing.");
                return;
            }
            Optional<Set<String>> optional = this.allowedRoles;
            if (!optional.isPresent()) {
                switch (this.authorizationPolicy) {
                    case ALLOW:
                        this.delegate.service(servletRequest, servletResponse);
                        return;
                    case DENY:
                        abortWithMessage(httpServletRequest, httpServletResponse, String.format("Principal %s is not allowed to access the resource. Reason: denied by default policy", userPrincipal.getName()));
                        return;
                    case DEFAULT_ROLES:
                        optional = Optional.of(this.defaultAllowedRoles);
                        break;
                }
            }
            AuthorizationResult authorize = this.authorizer.authorize(userPrincipal, optional.get(), httpServletRequest.getRequestURL().toString());
            if (authorize.isAllowed()) {
                this.delegate.service(servletRequest, servletResponse);
            } else {
                abortWithMessage(httpServletRequest, httpServletResponse, String.format("Principal %s is not allowed to access the resource. Reason: %s", userPrincipal.getName(), authorize.getReason()));
            }
        }
    }

    private static void abortWithMessage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws IOException {
        skipRequestBody(httpServletRequest);
        httpServletResponse.sendError(403, String.format(str, new Object[0]));
    }

    private static void skipRequestBody(HttpServletRequest httpServletRequest) throws IOException {
        ServletInputStream inputStream = httpServletRequest.getInputStream();
        Throwable th = null;
        try {
            ByteStreams.copy(inputStream, ByteStreams.nullOutputStream());
            if (inputStream != null) {
                if (0 == 0) {
                    inputStream.close();
                    return;
                }
                try {
                    inputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (inputStream != null) {
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    inputStream.close();
                }
            }
            throw th3;
        }
    }

    private static Optional<Set<String>> getRolesFromClassMetadata(Servlet servlet) {
        return servlet.getClass().isAnnotationPresent(RolesAllowed.class) ? Optional.of(ImmutableSet.copyOf(servlet.getClass().getAnnotation(RolesAllowed.class).value())) : Optional.empty();
    }
}
