package org.restcomm.connect.http.security;

import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.apache.log4j.Logger;
import org.restcomm.connect.dao.DaoManager;
import org.restcomm.connect.dao.entities.Account;
import org.restcomm.connect.identity.UserIdentityContext;

@Provider
/* loaded from: input_file:org/restcomm/connect/http/security/SecurityFilter.class */
public class SecurityFilter implements ContainerRequestFilter {
    private final Logger logger = Logger.getLogger(SecurityFilter.class);
    private static final String PATTERN_FOR_RECORDING_FILE_PATH = ".*Accounts/.*/Recordings/RE.*[.mp4|.wav]";

    @Context
    private HttpServletRequest servletRequest;

    public ContainerRequest filter(ContainerRequest containerRequest) {
        UserIdentityContext userIdentityContext = new UserIdentityContext(this.servletRequest, ((DaoManager) this.servletRequest.getServletContext().getAttribute(DaoManager.class.getName())).getAccountsDao());
        this.logger.info("cr.getPath(): " + containerRequest.getPath());
        if (!containerRequest.getPath().matches(PATTERN_FOR_RECORDING_FILE_PATH)) {
            checkAuthenticatedAccount(userIdentityContext);
            filterClosedAccounts(userIdentityContext);
        }
        containerRequest.setSecurityContext(new RCSecContext(new AccountPrincipal(userIdentityContext), containerRequest.getAuthenticationScheme()));
        return containerRequest;
    }

    protected void checkAuthenticatedAccount(UserIdentityContext userIdentityContext) {
        if (userIdentityContext.getEffectiveAccount() == null) {
            throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic realm=\"Restcomm realm\"").build());
        }
    }

    protected void filterClosedAccounts(UserIdentityContext userIdentityContext) {
        if (userIdentityContext.getEffectiveAccount() != null && !userIdentityContext.getEffectiveAccount().getStatus().equals(Account.Status.ACTIVE)) {
            throw new WebApplicationException(Response.status(Response.Status.FORBIDDEN).entity("Provided Account is not active").build());
        }
    }
}
