package org.overlord.apiman.dt.api.fuse6.auth;

import java.security.Principal;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.Configuration;
import javax.ws.rs.core.Response;
import org.apache.cxf.interceptor.security.AuthenticationException;
import org.apache.cxf.interceptor.security.JAASLoginInterceptor;
import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.jaxrs.impl.HttpHeadersImpl;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
import org.apache.cxf.security.SecurityContext;
import org.overlord.apiman.common.auth.AuthPrincipal;
import org.overlord.apiman.common.auth.AuthToken;
import org.overlord.apiman.common.auth.AuthTokenUtil;
import org.overlord.apiman.dt.api.fuse6.security.FuseSecurityContext;

/* loaded from: input_file:WEB-INF/classes/org/overlord/apiman/dt/api/fuse6/auth/AuthTokenRequestHandler.class */
public class AuthTokenRequestHandler implements RequestHandler {
    private boolean signatureRequired;
    private String keystorePath;
    private String keystorePassword;
    private String keyAlias;
    private String keyPassword;
    private String realm = "apiman";
    private final JAASLoginInterceptor interceptor = new JAASLoginInterceptor() { // from class: org.overlord.apiman.dt.api.fuse6.auth.AuthTokenRequestHandler.1
        protected CallbackHandler getCallbackHandler(String str, String str2) {
            return new NamePasswordCallbackHandler(str, str2);
        }
    };

    public AuthTokenRequestHandler() {
        setContextName("karaf");
        setRoleClassifier("RolePrincipal");
        setRoleClassifierType("classname");
        setRealm("apiman-dt-api");
    }

    public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) {
        AuthToken parseAuthorizationToken;
        String headerString = new HttpHeadersImpl(message).getHeaderString("Authorization");
        if (headerString == null) {
            return createAuthResponse(message);
        }
        if (headerString.toUpperCase().startsWith("BASIC")) {
            try {
                this.interceptor.handleMessage(message);
                FuseSecurityContext.set((SecurityContext) message.get(SecurityContext.class), new HttpHeadersImpl(message));
                return null;
            } catch (SecurityException e) {
                return createAuthResponse(message);
            } catch (AuthenticationException e2) {
                return createAuthResponse(message);
            }
        }
        if (headerString.toUpperCase().startsWith("AUTH-TOKEN") && (parseAuthorizationToken = parseAuthorizationToken(headerString)) != null) {
            doTokenAuth(parseAuthorizationToken, message);
            return null;
        }
        return createAuthResponse(message);
    }

    private AuthToken parseAuthorizationToken(String str) {
        try {
            return AuthTokenUtil.consumeToken(str.substring(11));
        } catch (IllegalArgumentException e) {
            return null;
        }
    }

    protected void doTokenAuth(AuthToken authToken, Message message) {
        final AuthPrincipal authPrincipal = new AuthPrincipal(authToken.getPrincipal());
        authPrincipal.addRoles(authToken.getRoles());
        FuseSecurityContext.set(new SecurityContext() { // from class: org.overlord.apiman.dt.api.fuse6.auth.AuthTokenRequestHandler.2
            public Principal getUserPrincipal() {
                return authPrincipal;
            }

            public boolean isUserInRole(String str) {
                return authPrincipal.getRoles().contains(str);
            }
        }, new HttpHeadersImpl(message));
    }

    protected Response createAuthResponse(Message message) {
        Response.ResponseBuilder status = Response.status(Response.Status.UNAUTHORIZED);
        status.header("WWW-Authenticate", String.format("BASIC realm=\"%1$s\"", getRealm()));
        return status.build();
    }

    public String getRealm() {
        return this.realm;
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    public void setContextName(String str) {
        this.interceptor.setContextName(str);
    }

    public void setLoginConfig(Configuration configuration) {
        this.interceptor.setLoginConfig(configuration);
    }

    public void setRoleClassifier(String str) {
        this.interceptor.setRoleClassifier(str);
    }

    public String getRoleClassifier() {
        return this.interceptor.getRoleClassifier();
    }

    public void setRoleClassifierType(String str) {
        this.interceptor.setRoleClassifierType(str);
    }

    public String getRoleClassifierType() {
        return this.interceptor.getRoleClassifierType();
    }
}
