package org.graylog2.bootstrap.preflight.web;

import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.List;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.codec.digest.DigestUtils;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:org/graylog2/bootstrap/preflight/web/BasicAuthFilter.class */
public class BasicAuthFilter implements ContainerRequestFilter {
    private static final String AUTHORIZATION_PROPERTY = "Authorization";
    private static final String AUTHENTICATION_SCHEME = "Basic";
    private final String adminUsername;
    private final String adminPasswordHash;
    private final String realm;

    public BasicAuthFilter(String str, String str2, String str3) {
        this.adminUsername = str;
        this.adminPasswordHash = str2;
        this.realm = str3;
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        List list = (List) containerRequestContext.getHeaders().get(AUTHORIZATION_PROPERTY);
        if (list == null || list.isEmpty()) {
            abortRequestUnauthorized(containerRequestContext, "You cannot access this resource, missing authorization header!");
            return;
        }
        String[] split = new String(Base64.decode(((String) list.get(0)).replaceFirst("Basic ", "").getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8).split(":");
        if (split.length != 2) {
            abortRequestUnauthorized(containerRequestContext, "You cannot access this resource, invalid username/password combination!");
        } else {
            if (isUserMatching(split[0], split[1])) {
                return;
            }
            abortRequestUnauthorized(containerRequestContext, "You cannot access this resource, invalid username/password combination!");
        }
    }

    private void abortRequestUnauthorized(ContainerRequestContext containerRequestContext, String str) {
        containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity(str).type(MediaType.TEXT_PLAIN_TYPE).header("WWW-Authenticate", "Basic realm=" + this.realm).build());
    }

    private boolean isUserMatching(String str, String str2) {
        return str.equals(this.adminUsername) && isPasswordMatching(str2);
    }

    private boolean isPasswordMatching(String str) {
        return DigestUtils.sha256Hex(str).equals(this.adminPasswordHash);
    }
}
