package de.dfki.km.pimo.backend.filter;

import de.dfki.km.pimo.jsonrpc.PimoJsonrpcClient;
import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.StringTokenizer;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pimobackendcommons-2.20-SNAPSHOT.jar:de/dfki/km/pimo/backend/filter/PimoAuthFilter.class */
public class PimoAuthFilter extends PimoFilter {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) PimoAuthFilter.class);
    public static final String REALM_NAME = "Pimo";
    public static final String APP_KEY = "PimoRealm";
    public static final String EXCLUDED_PARAM_NAME = "excluded";
    public static final String PARAMETER_KEY = "de.dfki.km.pimo.backend.filter.PimoPrincipal";
    private PimoJsonrpcClient pimoClient;
    private List<String> excludedPaths;

    @Override // de.dfki.km.pimo.backend.filter.PimoFilter
    public void init(FilterConfig filterConfig) throws ServletException {
        super.init(filterConfig);
        this.pimoClient = new PimoJsonrpcClient(APP_KEY, this.properties.getPimodbUrl());
        String initParameter = filterConfig.getInitParameter(EXCLUDED_PARAM_NAME);
        if (initParameter != null) {
            this.excludedPaths = Arrays.asList(initParameter.split(","));
        }
        logger.debug("PimoAuthFilter initialized successfully");
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String servletPath = httpServletRequest.getServletPath();
        if (this.excludedPaths != null) {
            Iterator<String> it = this.excludedPaths.iterator();
            while (it.hasNext()) {
                if (servletPath.startsWith(it.next())) {
                    filterChain.doFilter(servletRequest, servletResponse);
                    return;
                }
            }
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            requestPassword(httpServletRequest, httpServletResponse);
            return;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(header, StringUtils.SPACE);
        if (!stringTokenizer.hasMoreTokens()) {
            logger.error("Unexpected Authorization token content");
            requestPassword(httpServletRequest, httpServletResponse);
            return;
        }
        if (!"Basic".equalsIgnoreCase(stringTokenizer.nextToken()) || !stringTokenizer.hasMoreTokens()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        byte[] decodeBase64 = Base64.decodeBase64(stringTokenizer.nextToken());
        String characterEncoding = httpServletRequest.getCharacterEncoding();
        if (characterEncoding == null) {
            characterEncoding = "UTF-8";
        }
        String str = new String(decodeBase64, characterEncoding);
        int indexOf = str.indexOf(":");
        if (indexOf == -1) {
            logger.error("Unexpected Authorization token content. Sending 401 ...");
            requestPassword(httpServletRequest, httpServletResponse);
            return;
        }
        PimoPrincipal authenticate = authenticate(str.substring(0, indexOf), str.substring(indexOf + 1));
        if (authenticate == null) {
            requestPassword(httpServletRequest, httpServletResponse);
            return;
        }
        PimoPrincipalAwareRequestWrapper pimoPrincipalAwareRequestWrapper = new PimoPrincipalAwareRequestWrapper(httpServletRequest, authenticate);
        pimoPrincipalAwareRequestWrapper.setAttribute(PARAMETER_KEY, authenticate);
        filterChain.doFilter(pimoPrincipalAwareRequestWrapper, servletResponse);
    }

    public PimoPrincipal authenticate(String str, String str2) {
        logger.info("authenticate() called by user {}", str);
        try {
            String createSession = this.pimoClient.getUserApi().createSession(str, str2);
            if (createSession == null) {
                logger.error("authentication of user {} failed", str);
                return null;
            }
            PimoPrincipal pimoPrincipal = new PimoPrincipal(str, createSession);
            logger.info("user {} authenticated", str);
            return pimoPrincipal;
        } catch (Exception e) {
            logger.error("authentication of user {} failed", str, e);
            return null;
        }
    }

    protected void requestPassword(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("WWW-Authenticate", "BASIC realm=\"Pimo\"");
        httpServletResponse.sendError(401);
    }
}
