package io.apiman.gateway.vertx.api;

import io.apiman.gateway.vertx.config.VertxEngineConfig;
import io.netty.handler.codec.http.HttpResponseStatus;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.vertx.java.core.http.HttpHeaders;
import org.vertx.java.core.http.HttpServerRequest;
import org.vertx.java.core.http.HttpServerResponse;
import org.vertx.java.core.http.RouteMatcher;
import org.vertx.java.core.logging.Logger;

/* loaded from: input_file:io/apiman/gateway/vertx/api/AuthenticatingRouteMatcher.class */
public class AuthenticatingRouteMatcher extends RouteMatcher {
    private Map<String, String> fileBasicAuthData;
    private Logger logger;
    private VertxEngineConfig config;

    public AuthenticatingRouteMatcher(VertxEngineConfig vertxEngineConfig, Logger logger) {
        this.config = vertxEngineConfig;
        this.fileBasicAuthData = vertxEngineConfig.loadFileBasicAuth();
        this.logger = logger;
    }

    public void handle(HttpServerRequest httpServerRequest) {
        if (!this.config.isAuthenticationEnabled().booleanValue() || authenticate(httpServerRequest)) {
            super.handle(httpServerRequest);
        } else {
            notAuthorised(httpServerRequest.response());
        }
    }

    private boolean authenticate(HttpServerRequest httpServerRequest) {
        String str = httpServerRequest.headers().get(HttpHeaders.AUTHORIZATION);
        if (str == null) {
            return false;
        }
        String[] splitByWholeSeparator = StringUtils.splitByWholeSeparator(str, "Basic ");
        if (splitByWholeSeparator.length == 1) {
            return basicAuth(httpServerRequest, splitByWholeSeparator[0]);
        }
        return false;
    }

    private boolean basicAuth(HttpServerRequest httpServerRequest, String str) {
        String[] split = StringUtils.split(StringUtils.trim(new String(Base64.decodeBase64(str))), ":");
        if (split.length != 2) {
            return false;
        }
        if (this.fileBasicAuthData.containsKey(split[0])) {
            String str2 = new String(Base64.decodeBase64(this.fileBasicAuthData.get(split[0])));
            try {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
                messageDigest.update(split[1].getBytes());
                if (str2.equals(new String(messageDigest.digest()))) {
                    return true;
                }
            } catch (NoSuchAlgorithmException e) {
                this.logger.error(e.getMessage(), e.getCause());
            }
        }
        httpServerRequest.response().headers().add("WWW-Authenticate", "Basic realm=\"" + this.config.getRealm() + "\"");
        return false;
    }

    private void notAuthorised(HttpServerResponse httpServerResponse) {
        httpServerResponse.setStatusCode(HttpResponseStatus.UNAUTHORIZED.code());
        httpServerResponse.setStatusMessage(HttpResponseStatus.UNAUTHORIZED.reasonPhrase());
        httpServerResponse.end();
    }
}
