package org.drools.guvnor.server.jaxrs;

import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
import org.jboss.seam.security.Credentials;
import org.jboss.seam.security.Identity;
import org.picketlink.idm.impl.api.PasswordCredential;

@Provider
@ApplicationScoped
/* loaded from: input_file:WEB-INF/lib/guvnor-webapp-core-5.4.0.CR1.jar:org/drools/guvnor/server/jaxrs/CXFAuthenticationHandler.class */
public class CXFAuthenticationHandler implements RequestHandler {

    @Inject
    private Identity identity;

    @Inject
    private Credentials credentials;

    /* JADX INFO: Access modifiers changed from: protected */
    public void inject(Identity identity, Credentials credentials) {
        this.identity = identity;
        this.credentials = credentials;
    }

    @Override // org.apache.cxf.jaxrs.ext.RequestHandler
    public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) {
        if (this.identity.isLoggedIn()) {
            return null;
        }
        AuthorizationPolicy authorizationPolicy = (AuthorizationPolicy) message.get(AuthorizationPolicy.class);
        if (authorizationPolicy != null) {
            String userName = authorizationPolicy.getUserName();
            String password = authorizationPolicy.getPassword();
            this.credentials.setUsername(userName);
            this.credentials.setCredential(new PasswordCredential(password));
        }
        this.identity.login();
        if (this.identity.isLoggedIn()) {
            return null;
        }
        throw new WebApplicationException(getErrorResponse());
    }

    private Response getErrorResponse() {
        return Response.status(Response.Status.UNAUTHORIZED).header(HttpHeaders.WWW_AUTHENTICATE, "BASIC realm=\"users\"").build();
    }
}
