package com.bitplan.rest.basicauth;

import com.bitplan.rest.PrincipalCache;
import com.bitplan.rest.User;
import com.bitplan.rest.UserManager;
import com.bitplan.rest.users.UserImpl;
import com.sun.jersey.api.container.MappableContainerException;
import com.sun.jersey.api.core.HttpContext;
import com.sun.jersey.core.util.Base64;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import java.security.Principal;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.ext.Provider;

@Provider
/* loaded from: input_file:com/bitplan/rest/basicauth/BasicAuthSecurityProvider.class */
public class BasicAuthSecurityProvider implements ContainerRequestFilter {
    protected Logger LOGGER = Logger.getLogger("com.bitplan.rest.basicauth");

    @Context
    private HttpContext ctx;
    private UserManager userManager;
    public static boolean enabled = true;
    private static final String REALM = "simpleREST SecurityProvider";

    /* loaded from: input_file:com/bitplan/rest/basicauth/BasicAuthSecurityProvider$AuthenticationException.class */
    public class AuthenticationException extends WebApplicationException {
        private static final long serialVersionUID = 1;
        private String realm;

        public AuthenticationException(String str, String str2) {
            super(Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic realm=\"" + str2 + "\"").entity(str).type("text/plain").build());
            this.realm = null;
            this.realm = str2;
        }

        public String getRealm() {
            return this.realm;
        }
    }

    /* loaded from: input_file:com/bitplan/rest/basicauth/BasicAuthSecurityProvider$Authorizer.class */
    public class Authorizer implements SecurityContext {
        private User user;
        private Principal principal;
        String scheme;

        public Authorizer(final User user) {
            this.user = user;
            this.scheme = "BASIC";
            this.principal = new Principal() { // from class: com.bitplan.rest.basicauth.BasicAuthSecurityProvider.Authorizer.1
                @Override // java.security.Principal
                public String getName() {
                    return user.getId();
                }
            };
        }

        public Authorizer(Principal principal) {
            this.scheme = "CLIENT_CERT";
            this.principal = principal;
            this.user = new UserImpl();
            this.user.setId(principal.getName());
            this.user.setRole("user");
        }

        public Principal getUserPrincipal() {
            return this.principal;
        }

        public boolean isUserInRole(String str) {
            return str.equals(this.user.getRole());
        }

        public boolean isSecure() {
            return "https".equals(BasicAuthSecurityProvider.this.ctx.getUriInfo().getRequestUri().getScheme());
        }

        public String getAuthenticationScheme() {
            return this.scheme;
        }
    }

    public BasicAuthSecurityProvider(UserManager userManager) {
        this.userManager = userManager;
    }

    public ContainerRequest filter(ContainerRequest containerRequest) {
        this.LOGGER.log(Level.INFO, "req is " + this.ctx.getRequest().getClass().getName() + "/" + containerRequest.getClass().getName());
        Principal principal = PrincipalCache.get(containerRequest.getHeaderValue("principal_id"));
        if (principal != null) {
            this.LOGGER.log(Level.INFO, "principal in SecurityProvider is " + principal.getName());
            containerRequest.setSecurityContext(new Authorizer(principal));
            this.LOGGER.log(Level.INFO, "request " + containerRequest.getPath());
        } else {
            try {
                containerRequest.setSecurityContext(new Authorizer(authenticate(containerRequest)));
            } catch (WebApplicationException e) {
                throw e;
            }
        }
        return containerRequest;
    }

    private User authenticate(ContainerRequest containerRequest) throws WebApplicationException {
        String headerValue = containerRequest.getHeaderValue("Authorization");
        if (headerValue == null) {
            if (enabled) {
                throw new MappableContainerException(new AuthenticationException("Authentication credentials are required", REALM));
            }
            return null;
        }
        if (!headerValue.startsWith("Basic ")) {
            return null;
        }
        String[] split = new String(Base64.base64Decode(headerValue.substring("Basic ".length()))).split(":");
        if (split.length < 2) {
            throw new WebApplicationException(400);
        }
        String str = split[0];
        String str2 = split[1];
        if (str == null || str2 == null) {
            throw new WebApplicationException(400);
        }
        User byId = this.userManager.getById(str);
        boolean z = false;
        if (byId != null) {
            try {
                if (this.userManager.getCrypt().encrypt(str2).equals(byId.getPassword())) {
                    this.LOGGER.log(Level.INFO, "USER " + byId.getId() + "(" + byId.getFirstname() + " " + byId.getName() + ") AUTHENTICATED");
                    z = true;
                }
            } catch (Exception e) {
            }
        }
        if (z) {
            return byId;
        }
        this.LOGGER.log(Level.INFO, "USER NOT AUTHENTICATED");
        throw new MappableContainerException(new AuthenticationException("Invalid username or password\r\n", REALM));
    }
}
