package org.apache.inlong.manager.web.auth.openapi;

import java.io.IOException;
import java.util.Base64;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.inlong.manager.pojo.user.LoginUserUtils;
import org.apache.inlong.manager.pojo.user.UserInfo;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/inlong/manager/web/auth/openapi/OpenAPIFilter.class */
public class OpenAPIFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(OpenAPIFilter.class);
    private static final Logger LOGGER = LoggerFactory.getLogger(OpenAPIFilter.class);
    private final boolean openAPIAuthEnabled;

    public OpenAPIFilter(boolean z) {
        this.openAPIAuthEnabled = z;
    }

    public void init(FilterConfig filterConfig) {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        Subject subject = SecurityUtils.getSubject();
        try {
            subject.login(parseBasicAuth(httpServletRequest));
            if (!subject.isAuthenticated()) {
                log.error("Access denied for anonymous user:{}, path:{} ", subject.getPrincipal(), httpServletRequest.getServletPath());
                ((HttpServletResponse) servletResponse).sendError(403);
                return;
            }
            LoginUserUtils.setUserLoginInfo((UserInfo) subject.getPrincipal());
            try {
                filterChain.doFilter(servletRequest, servletResponse);
                LoginUserUtils.removeUserLoginInfo();
            } catch (Throwable th) {
                LoginUserUtils.removeUserLoginInfo();
                throw th;
            }
        } catch (Exception e) {
            LOGGER.error("login error", e);
            ((HttpServletResponse) servletResponse).sendError(403, e.getMessage());
        }
    }

    private SecretToken parseBasicAuth(HttpServletRequest httpServletRequest) {
        if (!this.openAPIAuthEnabled) {
            return new SecretToken();
        }
        String header = httpServletRequest.getHeader("authorization");
        if (StringUtils.isBlank(header)) {
            log.error("basic auth header is empty");
            return null;
        }
        String[] split = header.split(" ");
        if (split.length != 2) {
            log.error("the length parts size error: {}", Integer.valueOf(split.length));
            return null;
        }
        if (!split[0].equals("Basic")) {
            log.error("prefix error: {}", split[0]);
            return null;
        }
        String[] split2 = new String(Base64.getDecoder().decode(split[1])).split(":");
        if (split2.length != 2) {
            log.error("pair format error: {}", Integer.valueOf(split2.length));
            return null;
        }
        String str = split2[0];
        String str2 = split2[1];
        if (!StringUtils.isBlank(str) && !StringUtils.isBlank(str2)) {
            return new SecretToken(str, str2);
        }
        log.error("invalid id = {} or key = {}", str, str2);
        return null;
    }

    public void destroy() {
    }
}
