package org.neo4j.server.rest.security;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:org/neo4j/server/rest/security/SecurityFilter.class */
public class SecurityFilter implements Filter {
    private final SecurityRule rule;
    private final UriPathWildcardMatcher pathMatcher;

    public SecurityFilter(SecurityRule securityRule) {
        this.rule = securityRule;
        String forUriPath = securityRule.forUriPath();
        this.pathMatcher = new UriPathWildcardMatcher(forUriPath.endsWith("*") ? forUriPath : forUriPath + "*");
    }

    public SecurityRule getRule() {
        return this.rule;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        validateRequestType(servletRequest);
        validateResponseType(servletResponse);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String str = httpServletRequest.getContextPath() + (httpServletRequest.getPathInfo() == null ? "" : httpServletRequest.getPathInfo());
        this.pathMatcher.matches(str);
        if (!this.pathMatcher.matches(str) || this.rule.isAuthorized(httpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            createUnauthorizedChallenge(servletResponse);
        }
    }

    private void validateRequestType(ServletRequest servletRequest) throws ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            throw new ServletException(String.format("Expected HttpServletRequest, received [%s]", servletRequest.getClass().getCanonicalName()));
        }
    }

    private void validateResponseType(ServletResponse servletResponse) throws ServletException {
        if (!(servletResponse instanceof HttpServletResponse)) {
            throw new ServletException(String.format("Expected HttpServletResponse, received [%s]", servletResponse.getClass().getCanonicalName()));
        }
    }

    private void createUnauthorizedChallenge(ServletResponse servletResponse) {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setStatus(401);
        httpServletResponse.addHeader("WWW-Authenticate", this.rule.wwwAuthenticateHeader());
    }

    public void destroy() {
    }

    public static String basicAuthenticationResponse(String str) {
        return "Basic realm=\"" + str + "\"";
    }
}
