package org.openas2.cmd.processor.restapi;

import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import javax.annotation.security.DenyAll;
import javax.annotation.security.PermitAll;
import javax.annotation.security.RolesAllowed;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.util.encoders.Base64;
import org.openas2.cmd.CommandResult;

@Provider
/* loaded from: input_file:org/openas2/cmd/processor/restapi/AuthenticationRequestFilter.class */
public class AuthenticationRequestFilter implements ContainerRequestFilter {

    @Context
    private ResourceInfo resourceInfo;
    private static final String AUTHORIZATION_PROPERTY = "Authorization";
    private static final String AUTHENTICATION_SCHEME = "Basic";
    private static final CommandResult ERROR_ACCESS_DENIED = new CommandResult(CommandResult.TYPE_ERROR, "You cannot access this resource");
    private static final CommandResult ERROR_ACCESS_FORBIDDEN = new CommandResult(CommandResult.TYPE_ERROR, "Access blocked for all users !!");
    private String adminUsername;
    private String adminPassword;
    private Log logger = LogFactory.getLog(AuthenticationRequestFilter.class.getSimpleName());

    public AuthenticationRequestFilter(String str, String str2) {
        this.adminUsername = str;
        this.adminPassword = str2;
    }

    public void filter(ContainerRequestContext containerRequestContext) {
        Method resourceMethod = this.resourceInfo.getResourceMethod();
        if (resourceMethod.isAnnotationPresent(PermitAll.class)) {
            return;
        }
        if (resourceMethod.isAnnotationPresent(DenyAll.class)) {
            containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).entity(ERROR_ACCESS_FORBIDDEN).build());
            return;
        }
        List list = (List) containerRequestContext.getHeaders().get(AUTHORIZATION_PROPERTY);
        if (list == null || list.isEmpty()) {
            containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity(ERROR_ACCESS_DENIED).build());
            return;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(new String(Base64.decode(((String) list.get(0)).replaceFirst("Basic ", "").getBytes())), ":");
        String nextToken = stringTokenizer.nextToken();
        String nextToken2 = stringTokenizer.nextToken();
        this.logger.info("Username: " + nextToken);
        if (nextToken2.length() > 0) {
            this.logger.info("password: " + new String(new char[nextToken2.length()]).replace("��", "*"));
        } else {
            this.logger.info("password: <none>");
        }
        if (!resourceMethod.isAnnotationPresent(RolesAllowed.class) || isUserAllowed(nextToken, nextToken2, new HashSet(Arrays.asList(resourceMethod.getAnnotation(RolesAllowed.class).value())))) {
            return;
        }
        containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity(ERROR_ACCESS_DENIED).build());
    }

    private boolean isUserAllowed(String str, String str2, Set<String> set) {
        boolean z = false;
        if (str.equals(this.adminUsername) && str2.equals(this.adminPassword) && set.contains("ADMIN")) {
            z = true;
        }
        return z;
    }
}
