package org.drools.guvnor.server.security;

import java.io.IOException;
import java.util.StringTokenizer;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.ext.Provider;
import org.apache.commons.lang.StringUtils;
import org.apache.http.client.params.AuthPolicy;
import org.hibernate.hql.classic.ParserHelper;
import org.jboss.resteasy.annotations.interception.ServerInterceptor;
import org.jboss.resteasy.core.Headers;
import org.jboss.resteasy.core.ResourceMethod;
import org.jboss.resteasy.core.ServerResponse;
import org.jboss.resteasy.spi.Failure;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.interception.PreProcessInterceptor;
import org.jboss.resteasy.util.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Provider
@ApplicationScoped
@ServerInterceptor
/* loaded from: input_file:WEB-INF/lib/guvnor-webapp-core-5.5.1-SNAPSHOT.jar:org/drools/guvnor/server/security/BasicAuthentication.class */
public class BasicAuthentication implements PreProcessInterceptor {
    private static final Logger log = LoggerFactory.getLogger(BasicAuthentication.class);

    @Inject
    protected SecurityServiceImpl securityService;

    @Override // org.jboss.resteasy.spi.interception.PreProcessInterceptor
    public ServerResponse preProcess(HttpRequest httpRequest, ResourceMethod resourceMethod) throws Failure, WebApplicationException {
        if (httpRequest.getHttpHeaders().getRequestHeaders().containsKey("Authorization")) {
            try {
                StringTokenizer stringTokenizer = new StringTokenizer(new String(Base64.decode(StringUtils.substringAfter((String) httpRequest.getHttpHeaders().getRequestHeader("Authorization").get(0), AuthPolicy.BASIC))), ParserHelper.HQL_VARIABLE_PREFIX);
                if (this.securityService.login(stringTokenizer.nextToken(), stringTokenizer.nextToken())) {
                    return null;
                }
            } catch (IOException e) {
                throw new IllegalArgumentException("Unable to parse authorization string", e);
            }
        }
        ServerResponse serverResponse = new ServerResponse();
        serverResponse.setStatus(401);
        Headers headers = new Headers();
        headers.add("Content-Type", "text/plain");
        headers.add("WWW-Authenticate", "BASIC realm=\"users\"");
        serverResponse.setMetadata(headers);
        serverResponse.setEntity("Error 401 Unauthorized: " + httpRequest.getPreprocessedPath());
        return serverResponse;
    }
}
