package dev.galasa.framework.api.authentication.internal;

import java.io.IOException;
import java.security.Principal;
import java.util.Base64;
import java.util.HashSet;
import java.util.StringTokenizer;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:dev/galasa/framework/api/authentication/internal/BasicAuthFilter.class */
public class BasicAuthFilter implements Filter {
    private final Log logger = LogFactory.getLog(getClass());

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (httpServletRequest.getUserPrincipal() != null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(header);
        if (!stringTokenizer.hasMoreTokens()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!"basic".equalsIgnoreCase(stringTokenizer.nextToken())) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (!stringTokenizer.hasMoreTokens()) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String[] split = new String(Base64.getDecoder().decode(stringTokenizer.nextToken())).split(":");
        if (split.length != 2) {
            invalidAuth(httpServletRequest, httpServletResponse);
            return;
        }
        final String trim = split[0].trim();
        final String trim2 = split[1].trim();
        try {
            LoginContext loginContext = new LoginContext("galasa", new CallbackHandler() { // from class: dev.galasa.framework.api.authentication.internal.BasicAuthFilter.1
                @Override // javax.security.auth.callback.CallbackHandler
                public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                    for (Callback callback : callbackArr) {
                        if (callback instanceof NameCallback) {
                            ((NameCallback) callback).setName(trim);
                        } else if (callback instanceof PasswordCallback) {
                            ((PasswordCallback) callback).setPassword(trim2.toCharArray());
                        }
                    }
                }
            });
            loginContext.login();
            Subject subject = loginContext.getSubject();
            if (subject == null) {
                invalidAuth(httpServletRequest, httpServletResponse);
                return;
            }
            String str = null;
            HashSet hashSet = new HashSet();
            for (Principal principal : subject.getPrincipals()) {
                String name = principal.getClass().getName();
                if (name.endsWith(".UserPrincipal")) {
                    str = principal.getName();
                } else if (name.endsWith(".RolePrincipal")) {
                    hashSet.add(principal.getName());
                }
            }
            if (str == null) {
                str = trim;
            }
            filterChain.doFilter(new RequestWrapper(str.toLowerCase(), hashSet, httpServletRequest), servletResponse);
        } catch (LoginException e) {
            invalidAuth(httpServletRequest, httpServletResponse);
            this.logger.info("Authentication failed for user '" + trim + "'", e);
        }
    }

    private void invalidAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(401);
        httpServletResponse.addHeader("WWW-Authenticate", "Basic realm=\"Galasa\"");
        httpServletResponse.getWriter().write("Invalid authentication");
    }

    public void destroy() {
    }
}
