package org.apache.iotdb.db.protocol.rest.filter;

import java.io.IOException;
import java.time.ZoneId;
import java.util.Base64;
import java.util.UUID;
import javax.servlet.annotation.WebFilter;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.apache.iotdb.commons.conf.IoTDBConstant;
import org.apache.iotdb.db.auth.AuthorityChecker;
import org.apache.iotdb.db.conf.rest.IoTDBRestServiceConfig;
import org.apache.iotdb.db.conf.rest.IoTDBRestServiceDescriptor;
import org.apache.iotdb.db.protocol.rest.model.ExecutionStatus;
import org.apache.iotdb.db.protocol.session.RestClientSession;
import org.apache.iotdb.db.protocol.session.SessionManager;
import org.apache.iotdb.db.queryengine.transformation.dag.column.unary.scalar.SubStringFunctionColumnTransformer;
import org.apache.iotdb.rpc.TSStatusCode;

@WebFilter({"/*"})
@Provider
/* loaded from: input_file:org/apache/iotdb/db/protocol/rest/filter/AuthorizationFilter.class */
public class AuthorizationFilter implements ContainerRequestFilter, ContainerResponseFilter {
    private final UserCache userCache = UserCache.getInstance();
    IoTDBRestServiceConfig config = IoTDBRestServiceDescriptor.getInstance().getConfig();
    private static final SessionManager SESSION_MANAGER = SessionManager.getInstance();

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        if ("OPTIONS".equals(containerRequestContext.getMethod()) || "ping".equals(containerRequestContext.getUriInfo().getPath())) {
            return;
        }
        if (this.config.isEnableSwagger() && "swagger.json".equals(containerRequestContext.getUriInfo().getPath())) {
            return;
        }
        if (!this.config.isEnableSwagger() && "swagger.json".equals(containerRequestContext.getUriInfo().getPath())) {
            containerRequestContext.abortWith(Response.status(Response.Status.NOT_FOUND).type("application/json").entity(SubStringFunctionColumnTransformer.EMPTY_STRING).build());
            return;
        }
        String headerString = containerRequestContext.getHeaderString("authorization");
        if (headerString == null) {
            containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).type("application/json").entity(new ExecutionStatus().code(Integer.valueOf(TSStatusCode.INIT_AUTH_ERROR.getStatusCode())).message(TSStatusCode.INIT_AUTH_ERROR.name())).build());
            return;
        }
        User user = this.userCache.getUser(headerString);
        if (user == null) {
            user = checkLogin(containerRequestContext, headerString);
            if (user == null) {
                return;
            } else {
                this.userCache.setUser(headerString, user);
            }
        }
        String uuid = UUID.randomUUID().toString();
        if (SESSION_MANAGER.getCurrSession() == null) {
            RestClientSession restClientSession = new RestClientSession(uuid);
            restClientSession.setUsername(user.getUsername());
            SESSION_MANAGER.registerSession(restClientSession);
            SESSION_MANAGER.supplySession(SESSION_MANAGER.getCurrSession(), user.getUsername(), ZoneId.systemDefault(), IoTDBConstant.ClientVersion.V_1_0);
        }
        containerRequestContext.setSecurityContext(new BasicSecurityContext(user, IoTDBRestServiceDescriptor.getInstance().getConfig().isEnableHttps()));
    }

    private User checkLogin(ContainerRequestContext containerRequestContext, String str) {
        String[] split = new String(Base64.getDecoder().decode(str.replace("Basic ", SubStringFunctionColumnTransformer.EMPTY_STRING))).split(":");
        if (split.length != 2) {
            containerRequestContext.abortWith(Response.status(Response.Status.BAD_REQUEST).type("application/json").entity(new ExecutionStatus().code(Integer.valueOf(TSStatusCode.ILLEGAL_PARAMETER.getStatusCode())).message("Illegal format of authorization header.")).build());
            return null;
        }
        User user = new User();
        user.setUsername(split[0]);
        user.setPassword(split[1]);
        if (AuthorityChecker.checkUser(split[0], split[1]).code == 200) {
            return user;
        }
        containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).type("application/json").entity(new ExecutionStatus().code(Integer.valueOf(TSStatusCode.WRONG_LOGIN_PASSWORD.getStatusCode())).message(TSStatusCode.WRONG_LOGIN_PASSWORD.name())).build());
        return null;
    }

    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException {
        if (SESSION_MANAGER.getCurrSession() == null || SESSION_MANAGER.getSessionInfo(SESSION_MANAGER.getCurrSession()) == null) {
            return;
        }
        SESSION_MANAGER.removeCurrSession();
    }
}
