package org.ff4j.web.api.security;

import com.sun.jersey.core.util.Base64;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import com.sun.jersey.spi.container.ContainerResponseFilter;
import com.sun.jersey.spi.container.ResourceFilter;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.ff4j.web.api.FF4jWebConstants;
import org.ff4j.web.api.conf.FF4jApiConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/ff4j/web/api/security/FF4jSecurityContextFilter.class */
public class FF4jSecurityContextFilter implements FF4jWebConstants, ContainerRequestFilter, ResourceFilter {
    private final Logger log = LoggerFactory.getLogger(getClass());
    public static FF4jApiConfig securityConfig = null;

    public ContainerRequest filter(ContainerRequest containerRequest) throws WebApplicationException {
        String method = containerRequest.getMethod();
        String path = containerRequest.getPath(true);
        this.log.debug("Entering security filter for <" + path + ">");
        if (method.equals("GET") && (path.equals("application.wadl") || path.equals("application.wadl/xsd0.xsd"))) {
            this.log.info("Accessing schema and wadl ok");
            return containerRequest;
        }
        String headerValue = containerRequest.getHeaderValue(FF4jWebConstants.HEADER_AUTHORIZATION);
        if (headerValue == null) {
            handleUnAuthorized("<p>'authorization' parameter is required in header  for authentication (HTTP-Basic or ApiKey)</p>");
        }
        if (headerValue.contains(FF4jWebConstants.PARAM_AUTHKEY)) {
            String replaceFirst = headerValue.replaceFirst("apiKey=", "");
            if (!securityConfig.getApiKeys().contains(replaceFirst)) {
                handleUnAuthorized("The api key provided '" + replaceFirst + "' is invalid ");
            }
            containerRequest.setSecurityContext(new FF4jSecurityContext(replaceFirst, FF4jWebConstants.PARAM_AUTHKEY, securityConfig.getPermissions().get(replaceFirst)));
            this.log.info("Client successfully logged with an ApiKey");
            return containerRequest;
        }
        if (!headerValue.toUpperCase().contains("BASIC")) {
            handleUnAuthorized("Cannot parse authorisation header attribute, valid are basic and apiKey");
            return null;
        }
        String[] split = new String(Base64.decode(headerValue.replaceFirst("[B|b]asic ", ""))).split(":", 2);
        if (split == null || split.length != 2) {
            handleUnAuthorized("Invalid BASIC Token, cannot parse");
        }
        String str = securityConfig.getUsers().get(split[0]);
        if (str == null || !split[1].equals(str)) {
            handleUnAuthorized("<p>Invalid username or password.</p>");
        }
        containerRequest.setSecurityContext(new FF4jSecurityContext(split[0], "BASIC", securityConfig.getPermissions().get(split[0])));
        this.log.info("Client successfully logged with a user/pasword pair ");
        return containerRequest;
    }

    private void handleUnAuthorized(String str) {
        StringBuilder sb = new StringBuilder("<p style=\"color:#880000\">");
        sb.append("<H1>ERROR HTTP 401 : Unauthorized</H1>");
        sb.append("<p>" + str + "</p>");
        this.log.error("Authentication error :" + str);
        throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).entity(sb.toString()).type(MediaType.TEXT_HTML_TYPE).build());
    }

    public ContainerRequestFilter getRequestFilter() {
        return this;
    }

    public ContainerResponseFilter getResponseFilter() {
        return null;
    }
}
