package de.alpharogroup.service.rs.filter;

import de.alpharogroup.service.rs.Securable;
import java.io.IOException;
import javax.annotation.Priority;
import javax.net.ssl.SSLException;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.ext.Provider;

@Provider
@Priority(1000)
@Securable
/* loaded from: input_file:WEB-INF/lib/rest-api-3.33.0.jar:de/alpharogroup/service/rs/filter/AuthenticationFilter.class */
public abstract class AuthenticationFilter implements ContainerRequestFilter {

    @Context
    private ResourceInfo resourceInfo;

    @Context
    private HttpServletRequest servletRequest;

    @Context
    private UriInfo info;

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        try {
            if (isSigninRequest(containerRequestContext)) {
                return;
            }
            if (isSecured()) {
                String headerString = containerRequestContext.getHeaderString("Authorization");
                if (headerString == null) {
                    throw new NotAuthorizedException("Authorization header must be provided", new Object[0]);
                }
                containerRequestContext.setSecurityContext(newSecurityContext(onValidateToken(headerString.substring("Bearer".length()).trim())));
            }
        } catch (Exception e) {
            containerRequestContext.abortWith(newFaultResponse());
        }
    }

    protected boolean isSecured() {
        if (((Securable) this.resourceInfo.getResourceClass().getAnnotation(Securable.class)) != null) {
            return true;
        }
        return ((Securable) this.resourceInfo.getResourceMethod().getAnnotation(Securable.class)) != null;
    }

    protected boolean isSigninPath(String str) {
        return str.equals("auth/credentials") || str.equals("auth/form");
    }

    protected boolean isSigninRequest(ContainerRequestContext containerRequestContext) throws Exception {
        boolean z = false;
        if (isSigninPath(this.info.getPath())) {
            if (!this.servletRequest.isSecure()) {
                throw new SSLException("use https scheme");
            }
            z = true;
        }
        return z;
    }

    protected Response newFaultResponse() {
        return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic realm=\"" + newRealmValue() + "\"").build();
    }

    protected String newRealmValue() {
        return "alpharogroup.de";
    }

    protected SecurityContext newSecurityContext(String str) {
        return new AuthenticationSecurityContext(str);
    }

    protected abstract String onValidateToken(String str) throws Exception;
}
