package de.svws_nrw.server.jetty;

import de.svws_nrw.api.RestAppAdminClient;
import de.svws_nrw.api.RestAppDebug;
import de.svws_nrw.api.RestAppSchemaRoot;
import de.svws_nrw.api.RestAppServer;
import de.svws_nrw.config.SVWSKonfiguration;
import jakarta.ws.rs.WebApplicationException;
import jakarta.ws.rs.core.Response;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.security.AuthenticationState;
import org.eclipse.jetty.security.ServerAuthException;
import org.eclipse.jetty.security.UserIdentity;
import org.eclipse.jetty.security.authentication.LoginAuthenticator;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.Response;
import org.eclipse.jetty.util.Callback;

/* loaded from: input_file:de/svws_nrw/server/jetty/SVWSAuthenticator.class */
public final class SVWSAuthenticator extends LoginAuthenticator {
    public String getAuthenticationType() {
        return "BASIC";
    }

    public AuthenticationState validateRequest(Request request, Response response, Callback callback) throws ServerAuthException {
        int indexOf;
        SVWSKonfiguration sVWSKonfiguration = SVWSKonfiguration.get();
        if (sVWSKonfiguration.hatPortHTTPPrivilegedAccess()) {
            String pathInContext = Request.getPathInContext(request);
            boolean z = RestAppDebug.checkIsInPathSpecification(pathInContext) || RestAppServer.checkIsInPathSpecificationCommon(pathInContext);
            boolean z2 = RestAppSchemaRoot.checkIsInPathSpecification(pathInContext) || RestAppAdminClient.checkIsInPathSpecification(pathInContext);
            if (!z && z2 && Request.getServerPort(request) != sVWSKonfiguration.getPortHTTPPrivilegedAccess()) {
                throw new ServerAuthException("Zugriff auf diese API wurde in der Serverkonfiguration unterbunden.");
            }
            if (!z && !z2 && Request.getServerPort(request) == sVWSKonfiguration.getPortHTTPPrivilegedAccess()) {
                throw new ServerAuthException("Zugriff auf diese API wurde in der Serverkonfiguration unterbunden.");
            }
        }
        String str = request.getHeaders().get(HttpHeader.AUTHORIZATION);
        String str2 = "";
        String str3 = "";
        String str4 = "";
        String str5 = "";
        if (str != null && (indexOf = str.indexOf(32)) > 0 && "basic".equalsIgnoreCase(str.substring(0, indexOf))) {
            String str6 = new String(Base64.getDecoder().decode(str.substring(indexOf + 1)), StandardCharsets.UTF_8);
            int indexOf2 = str6.indexOf(58);
            if (indexOf2 > 0) {
                str2 = str6.substring(0, indexOf2);
                str3 = str6.substring(indexOf2 + 1);
            }
            String str7 = new String(Base64.getDecoder().decode(str.substring(indexOf + 1)), StandardCharsets.ISO_8859_1);
            int indexOf3 = str7.indexOf(58);
            if (indexOf3 > 0) {
                str4 = str7.substring(0, indexOf3);
                str5 = str7.substring(indexOf3 + 1);
            }
        }
        if ("OPTIONS".equals(request.getMethod()) && request.getHttpURI().getPath().contains("/dav")) {
            response.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PATCH, PUT, DELETE, OPTIONS, HEAD, PROPFIND, REPORT");
            response.getHeaders().add("DAV", "addressbook, calendar-access");
        }
        if ((str2 != null && !str2.isBlank()) || !RestAppSchemaRoot.checkIsInPathSpecification(Request.getPathInContext(request))) {
            try {
                UserIdentity login = login(str2, str3, request, response);
                if (login != null) {
                    return new LoginAuthenticator.UserAuthenticationSucceeded(getAuthenticationType(), login);
                }
                UserIdentity login2 = login(str4, str5, request, response);
                if (login2 != null) {
                    return new LoginAuthenticator.UserAuthenticationSucceeded(getAuthenticationType(), login2);
                }
            } catch (WebApplicationException e) {
                jakarta.ws.rs.core.Response response2 = e.getResponse();
                try {
                    response.setStatus(response2.getStatus());
                    response.write(true, ByteBuffer.wrap((response2.getEntity() == null ? e.getMessage() : response2.getEntity().toString()).getBytes()), callback);
                    AuthenticationState authenticationState = AuthenticationState.SEND_FAILURE;
                    if (response2 != null) {
                        response2.close();
                    }
                    return authenticationState;
                } catch (Throwable th) {
                    if (response2 != null) {
                        try {
                            response2.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
        }
        response.getHeaders().add(HttpHeader.WWW_AUTHENTICATE.asString(), "basic realm=\"" + this._loginService.getName() + "\", charset=\"UTF-8\"");
        String str8 = request.getHeaders().get("Origin");
        response.getHeaders().add("Vary", "Origin");
        response.getHeaders().add("Access-Control-Allow-Origin", (str8 == null || "".equals(str8)) ? "*" : str8);
        response.getHeaders().add("Access-Control-Allow-Headers", "origin, content-type, accept, authorization");
        response.getHeaders().add("Access-Control-Allow-Credentials", "true");
        response.getHeaders().add("Access-Control-Allow-Methods", "GET, POST, PATCH, PUT, DELETE, OPTIONS, HEAD");
        response.getHeaders().add("Access-Control-Max-Age", 43200L);
        Response.writeError(request, response, callback, "OPTIONS".equals(request.getMethod()) ? Response.Status.OK.getStatusCode() : Response.Status.UNAUTHORIZED.getStatusCode());
        return AuthenticationState.SEND_SUCCESS;
    }
}
