package org.codehaus.redback.rest.services.interceptors;

import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Response;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.message.Message;
import org.codehaus.plexus.redback.authentication.AuthenticationException;
import org.codehaus.plexus.redback.authentication.AuthenticationResult;
import org.codehaus.plexus.redback.authorization.RedbackAuthorization;
import org.codehaus.plexus.redback.policy.AccountLockedException;
import org.codehaus.plexus.redback.policy.MustChangePasswordException;
import org.codehaus.plexus.redback.users.UserManager;
import org.codehaus.plexus.redback.users.UserNotFoundException;
import org.codehaus.redback.integration.filter.authentication.HttpAuthenticationException;
import org.codehaus.redback.integration.filter.authentication.basic.HttpBasicAuthentication;
import org.codehaus.redback.rest.services.RedbackAuthenticationThreadLocal;
import org.codehaus.redback.rest.services.RedbackRequestInformation;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Service("authenticationInterceptor#rest")
/* loaded from: input_file:org/codehaus/redback/rest/services/interceptors/AuthenticationInterceptor.class */
public class AuthenticationInterceptor extends AbstractInterceptor implements RequestHandler {

    @Inject
    @Named("userManager#configurable")
    private UserManager userManager;

    @Inject
    @Named("httpAuthenticator#basic")
    private HttpBasicAuthentication httpAuthenticator;
    private Logger log = LoggerFactory.getLogger(getClass());

    public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) {
        RedbackAuthorization redbackAuthorization = getRedbackAuthorization(message);
        if (redbackAuthorization == null) {
            this.log.warn("http path {} doesn't contain any informations regarding permissions ", message.get("org.apache.cxf.request.uri"));
            return Response.status(Response.Status.FORBIDDEN).build();
        }
        if (redbackAuthorization.noRestriction()) {
            return null;
        }
        HttpServletRequest httpServletRequest = getHttpServletRequest(message);
        try {
            AuthenticationResult authenticationResult = this.httpAuthenticator.getAuthenticationResult(httpServletRequest, getHttpServletResponse(message));
            if (authenticationResult == null || !authenticationResult.isAuthenticated()) {
                throw new HttpAuthenticationException("You are not authenticated.");
            }
            RedbackAuthenticationThreadLocal.set(new RedbackRequestInformation(this.userManager.findUser((String) authenticationResult.getPrincipal()), httpServletRequest.getRemoteAddr()));
            message.put(AuthenticationResult.class, authenticationResult);
            return null;
        } catch (AuthenticationException e) {
            this.log.debug("failed to authenticate for path {}", message.get("org.apache.cxf.request.uri"));
            return Response.status(Response.Status.FORBIDDEN).build();
        } catch (UserNotFoundException e2) {
            this.log.debug("UserNotFoundException for path {}", message.get("org.apache.cxf.request.uri"));
            return Response.status(Response.Status.FORBIDDEN).build();
        } catch (AccountLockedException e3) {
            this.log.debug("account locked for path {}", message.get("org.apache.cxf.request.uri"));
            return Response.status(Response.Status.FORBIDDEN).build();
        } catch (MustChangePasswordException e4) {
            this.log.debug("must change password for path {}", message.get("org.apache.cxf.request.uri"));
            return Response.status(Response.Status.FORBIDDEN).build();
        }
    }
}
