package com.predic8.membrane.core.interceptor.authentication;

import com.google.common.collect.ImmutableMap;
import com.predic8.membrane.annot.MCChildElement;
import com.predic8.membrane.annot.MCElement;
import com.predic8.membrane.core.Constants;
import com.predic8.membrane.core.Router;
import com.predic8.membrane.core.exchange.Exchange;
import com.predic8.membrane.core.http.Response;
import com.predic8.membrane.core.interceptor.AbstractInterceptor;
import com.predic8.membrane.core.interceptor.Interceptor;
import com.predic8.membrane.core.interceptor.Outcome;
import com.predic8.membrane.core.interceptor.authentication.session.StaticUserDataProvider;
import com.predic8.membrane.core.interceptor.authentication.session.UserDataProvider;
import com.predic8.membrane.core.util.HttpUtil;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.util.Iterator;
import java.util.List;
import java.util.NoSuchElementException;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringEscapeUtils;

@MCElement(name = "basicAuthentication")
/* loaded from: input_file:lib/service-proxy-core-4.8.7.jar:com/predic8/membrane/core/interceptor/authentication/BasicAuthenticationInterceptor.class */
public class BasicAuthenticationInterceptor extends AbstractInterceptor {
    private UserDataProvider userDataProvider = new StaticUserDataProvider();

    public BasicAuthenticationInterceptor() {
        this.name = "Basic Authenticator";
        setFlow(Interceptor.Flow.Set.REQUEST);
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public Outcome handleRequest(Exchange exchange) throws Exception {
        return (hasNoAuthorizationHeader(exchange) || !validUser(exchange)) ? deny(exchange) : Outcome.CONTINUE;
    }

    private boolean validUser(Exchange exchange) throws Exception {
        try {
            this.userDataProvider.verify(ImmutableMap.of("username", getUsername(exchange), "password", getPassword(exchange)));
            return true;
        } catch (NoSuchElementException e) {
            return false;
        }
    }

    private String getUsername(Exchange exchange) throws Exception {
        return getAuthorizationHeaderDecoded(exchange).split(":", 2)[0];
    }

    private String getPassword(Exchange exchange) throws Exception {
        return getAuthorizationHeaderDecoded(exchange).split(":", 2)[1];
    }

    private Outcome deny(Exchange exchange) {
        exchange.setResponse(Response.unauthorized("").header(HttpUtil.createHeaders(null, "WWW-Authenticate", "Basic realm=\"Membrane Service Proxy Authentication\"")).build());
        return Outcome.ABORT;
    }

    private boolean hasNoAuthorizationHeader(Exchange exchange) {
        return exchange.getRequest().getHeader().getFirstValue("Authorization") == null;
    }

    private String getAuthorizationHeaderDecoded(Exchange exchange) throws Exception {
        return new String(Base64.decodeBase64(exchange.getRequest().getHeader().getFirstValue("Authorization").substring(6).getBytes(Constants.UTF_8_CHARSET)), Constants.UTF_8_CHARSET);
    }

    public List<StaticUserDataProvider.User> getUsers() {
        return ((StaticUserDataProvider) this.userDataProvider).getUsers();
    }

    @MCChildElement(order = 20)
    public void setUsers(List<StaticUserDataProvider.User> list) throws UnsupportedEncodingException, NoSuchAlgorithmException {
        ((StaticUserDataProvider) this.userDataProvider).setUsers(list);
    }

    public UserDataProvider getUserDataProvider() {
        return this.userDataProvider;
    }

    @MCChildElement(order = 10)
    public void setUserDataProvider(UserDataProvider userDataProvider) {
        this.userDataProvider = userDataProvider;
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public void init(Router router) throws Exception {
        if (this.userDataProvider instanceof StaticUserDataProvider) {
            for (StaticUserDataProvider.User user : getUsers()) {
                if (user.getAttributes().containsKey("name")) {
                    String str = user.getAttributes().get("name");
                    user.getAttributes().remove("name");
                    user.getAttributes().put("username", str);
                }
            }
        }
        this.userDataProvider.init(router);
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public String getShortDescription() {
        return "Authenticates incoming requests based on a fixed user list.";
    }

    @Override // com.predic8.membrane.core.interceptor.AbstractInterceptor, com.predic8.membrane.core.interceptor.Interceptor
    public String getLongDescription() {
        StringBuilder sb = new StringBuilder();
        sb.append(getShortDescription());
        sb.append("<br/>");
        if (this.userDataProvider instanceof StaticUserDataProvider) {
            sb.append("Users: ");
            Iterator<StaticUserDataProvider.User> it = ((StaticUserDataProvider) this.userDataProvider).getUsers().iterator();
            while (it.hasNext()) {
                sb.append(StringEscapeUtils.escapeHtml(it.next().getUsername()));
                sb.append(", ");
            }
            sb.delete(sb.length() - 2, sb.length());
            sb.append("<br/>Passwords are not shown.");
        }
        return sb.toString();
    }
}
