package io.apiman.common.servlet;

import io.apiman.common.auth.AuthPrincipal;
import io.apiman.common.auth.AuthToken;
import io.apiman.common.auth.AuthTokenUtil;
import java.io.IOException;
import java.security.Principal;
import java.util.Collections;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.StringUtils;
import org.apache.http.HttpStatus;

/* loaded from: input_file:WEB-INF/lib/apiman-common-servlet-1.1.4.Final.jar:io/apiman/common/servlet/AuthenticationFilter.class */
public class AuthenticationFilter implements Filter {
    private String realm;
    private boolean signatureRequired;
    private String keystorePath;
    private String keystorePassword;
    private String keyAlias;
    private String keyPassword;

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/apiman-common-servlet-1.1.4.Final.jar:io/apiman/common/servlet/AuthenticationFilter$Creds.class */
    public static class Creds {
        public String username;
        public String password;

        public Creds(String str, String str2) {
            this.username = str;
            this.password = str2;
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("realm");
        if (initParameter == null || initParameter.trim().length() <= 0) {
            this.realm = defaultRealm();
        } else {
            this.realm = initParameter;
        }
        String initParameter2 = filterConfig.getInitParameter("signatureRequired");
        if (initParameter2 == null || initParameter2.trim().length() <= 0) {
            this.signatureRequired = defaultSignatureRequired();
        } else {
            this.signatureRequired = Boolean.parseBoolean(initParameter2);
        }
        String initParameter3 = filterConfig.getInitParameter("keystorePath");
        if (initParameter3 == null || initParameter3.trim().length() <= 0) {
            this.keystorePath = defaultKeystorePath();
        } else {
            this.keystorePath = initParameter3;
        }
        String initParameter4 = filterConfig.getInitParameter("keystorePassword");
        if (initParameter4 == null || initParameter4.trim().length() <= 0) {
            this.keystorePassword = defaultKeystorePassword();
        } else {
            this.keystorePassword = initParameter4;
        }
        String initParameter5 = filterConfig.getInitParameter("keyAlias");
        if (initParameter5 == null || initParameter5.trim().length() <= 0) {
            this.keyAlias = defaultKeyAlias();
        } else {
            this.keyAlias = initParameter5;
        }
        String initParameter6 = filterConfig.getInitParameter("keyPassword");
        if (initParameter6 == null || initParameter6.trim().length() <= 0) {
            this.keyPassword = defaultKeyPassword();
        } else {
            this.keyPassword = initParameter6;
        }
    }

    protected String defaultKeystorePassword() {
        return null;
    }

    protected String defaultKeyAlias() {
        return null;
    }

    protected String defaultKeyPassword() {
        return null;
    }

    protected String defaultKeystorePath() {
        return null;
    }

    protected boolean defaultSignatureRequired() {
        return false;
    }

    protected boolean defaultWrapRequest() {
        return false;
    }

    protected Set<String> defaultAllowedIssuers() {
        return Collections.emptySet();
    }

    protected String defaultRealm() {
        return "apiman";
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            sendAuthResponse((HttpServletResponse) servletResponse);
            return;
        }
        if (header.toUpperCase().startsWith("BASIC")) {
            Creds parseAuthorizationBasic = parseAuthorizationBasic(header);
            if (parseAuthorizationBasic == null) {
                sendAuthResponse((HttpServletResponse) servletResponse);
                return;
            } else {
                doBasicAuth(parseAuthorizationBasic, httpServletRequest, (HttpServletResponse) servletResponse, filterChain);
                return;
            }
        }
        if (header.toUpperCase().startsWith("AUTH-TOKEN")) {
            AuthToken parseAuthorizationToken = parseAuthorizationToken(header);
            if (parseAuthorizationToken == null) {
                sendAuthResponse((HttpServletResponse) servletResponse);
            } else {
                doTokenAuth(parseAuthorizationToken, httpServletRequest, (HttpServletResponse) servletResponse, filterChain);
            }
        }
    }

    protected void doBasicAuth(Creds creds, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            if (!creds.username.equals(httpServletRequest.getRemoteUser())) {
                if (httpServletRequest.getRemoteUser() != null) {
                    httpServletRequest.logout();
                    httpServletRequest.login(creds.username, creds.password);
                } else {
                    httpServletRequest.login(creds.username, creds.password);
                }
            }
            doFilterChain(httpServletRequest, httpServletResponse, filterChain, null);
        } catch (Exception e) {
            e.printStackTrace();
            sendAuthResponse(httpServletResponse);
        }
    }

    protected void doTokenAuth(AuthToken authToken, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        AuthPrincipal authPrincipal = new AuthPrincipal(authToken.getPrincipal());
        authPrincipal.addRoles(authToken.getRoles());
        doFilterChain(httpServletRequest, httpServletResponse, filterChain, authPrincipal);
    }

    protected void doFilterChain(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain, AuthPrincipal authPrincipal) throws IOException, ServletException {
        if (authPrincipal == null) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            filterChain.doFilter(wrapTheRequest(servletRequest, authPrincipal), servletResponse);
        }
    }

    private HttpServletRequest wrapTheRequest(ServletRequest servletRequest, final AuthPrincipal authPrincipal) {
        return new HttpServletRequestWrapper((HttpServletRequest) servletRequest) { // from class: io.apiman.common.servlet.AuthenticationFilter.1
            public Principal getUserPrincipal() {
                return authPrincipal;
            }

            public boolean isUserInRole(String str) {
                return authPrincipal.getRoles().contains(str);
            }

            public String getRemoteUser() {
                return authPrincipal.getName();
            }
        };
    }

    private Creds parseAuthorizationBasic(String str) {
        String newStringUtf8 = StringUtils.newStringUtf8(Base64.decodeBase64(str.substring(6)));
        int indexOf = newStringUtf8.indexOf(58);
        return indexOf > 0 ? new Creds(newStringUtf8.substring(0, indexOf), newStringUtf8.substring(indexOf + 1)) : new Creds(newStringUtf8, null);
    }

    private AuthToken parseAuthorizationToken(String str) {
        try {
            return AuthTokenUtil.consumeToken(str.substring(11));
        } catch (IllegalArgumentException e) {
            return null;
        }
    }

    private void sendAuthResponse(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setHeader("WWW-Authenticate", String.format("BASIC realm=\"%1$s\"", this.realm));
        httpServletResponse.sendError(HttpStatus.SC_UNAUTHORIZED);
    }

    public void destroy() {
    }
}
