package org.trellisldp.auth.basic;

import java.io.File;
import java.io.IOException;
import java.security.Principal;
import java.util.Optional;
import java.util.stream.Stream;
import javax.annotation.Priority;
import javax.inject.Inject;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.SecurityContext;
import org.apache.tamaya.ConfigurationProvider;

@Priority(1000)
/* loaded from: input_file:org/trellisldp/auth/basic/BasicAuthFilter.class */
public class BasicAuthFilter implements ContainerRequestFilter {
    public static final String CONFIG_AUTH_BASIC_CREDENTIALS = "trellis.auth.basic.credentials";
    public static final String CONFIG_AUTH_REALM = "trellis.auth.realm";
    private final File file;
    private final String challenge;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/trellisldp/auth/basic/BasicAuthFilter$BasiAuthSecurityContext.class */
    public static final class BasiAuthSecurityContext implements SecurityContext {
        private final Principal principal;
        private final boolean secure;

        private BasiAuthSecurityContext(Principal principal, boolean z) {
            this.principal = principal;
            this.secure = z;
        }

        public Principal getUserPrincipal() {
            return this.principal;
        }

        public boolean isSecure() {
            return this.secure;
        }

        public String getAuthenticationScheme() {
            return "BASIC";
        }

        public boolean isUserInRole(String str) {
            return true;
        }
    }

    @Inject
    public BasicAuthFilter() {
        this(ConfigurationProvider.getConfiguration().get(CONFIG_AUTH_BASIC_CREDENTIALS));
    }

    public BasicAuthFilter(String str) {
        this(new File(str));
    }

    public BasicAuthFilter(File file) {
        this(file, ConfigurationProvider.getConfiguration().getOrDefault(CONFIG_AUTH_REALM, "trellis"));
    }

    public BasicAuthFilter(File file, String str) {
        this.file = file;
        this.challenge = "Basic realm=\"" + str + "\"";
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        boolean isPresent = Optional.ofNullable(containerRequestContext.getSecurityContext()).filter((v0) -> {
            return v0.isSecure();
        }).isPresent();
        getCredentials(containerRequestContext).map(str -> {
            return authenticate(str).orElseThrow(() -> {
                return new NotAuthorizedException(this.challenge, new Object[0]);
            });
        }).ifPresent(principal -> {
            containerRequestContext.setSecurityContext(new BasiAuthSecurityContext(principal, isPresent));
        });
    }

    private Optional<Principal> authenticate(String str) {
        return Optional.ofNullable(Credentials.parse(str)).flatMap(credentials -> {
            return Optional.of(this.file).filter((v0) -> {
                return v0.exists();
            }).map((v0) -> {
                return v0.toPath();
            }).flatMap(path -> {
                Stream<String> uncheckedLines = BasicAuthUtils.uncheckedLines(path);
                Throwable th = null;
                try {
                    Optional map = uncheckedLines.map((v0) -> {
                        return v0.trim();
                    }).filter(str2 -> {
                        return !str2.startsWith("#");
                    }).map(str3 -> {
                        return str3.split(":", 3);
                    }).filter(strArr -> {
                        return strArr.length == 3;
                    }).filter(strArr2 -> {
                        return strArr2[0].trim().equals(credentials.getUsername()) && strArr2[1].trim().equals(credentials.getPassword());
                    }).map(strArr3 -> {
                        return strArr3[2].trim();
                    }).findFirst().map(BasicPrincipal::new);
                    if (uncheckedLines != null) {
                        if (0 != 0) {
                            try {
                                uncheckedLines.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            uncheckedLines.close();
                        }
                    }
                    return map;
                } catch (Throwable th3) {
                    if (uncheckedLines != null) {
                        if (0 != 0) {
                            try {
                                uncheckedLines.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            uncheckedLines.close();
                        }
                    }
                    throw th3;
                }
            });
        });
    }

    private Optional<String> getCredentials(ContainerRequestContext containerRequestContext) {
        return Optional.ofNullable(containerRequestContext.getHeaderString("Authorization")).map(str -> {
            return str.split(" ", 2);
        }).filter(strArr -> {
            return strArr[0].equalsIgnoreCase("BASIC");
        }).filter(strArr2 -> {
            return strArr2.length == 2;
        }).map(strArr3 -> {
            return strArr3[1];
        });
    }
}
