package org.ikasan.rest.security;

import com.sun.jersey.api.core.InjectParam;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import java.security.Principal;
import java.util.Iterator;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.container.PreMatching;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;
import org.apache.commons.codec.binary.Base64;
import org.ikasan.security.service.AuthenticationService;
import org.ikasan.security.service.AuthenticationServiceException;
import org.springframework.security.config.http.PortMappingsBeanDefinitionParser;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

@PreMatching
/* loaded from: input_file:WEB-INF/lib/ikasan-rest-1.0.0.jar:org/ikasan/rest/security/SecurityFilter.class */
public class SecurityFilter implements ContainerRequestFilter {

    @Context
    UriInfo uriInfo;

    @Context
    HttpServletRequest request;

    @InjectParam
    private AuthenticationService authenticationService;

    /* loaded from: input_file:WEB-INF/lib/ikasan-rest-1.0.0.jar:org/ikasan/rest/security/SecurityFilter$Authorizer.class */
    public class Authorizer implements SecurityContext {
        private Authentication authentication;

        public Authorizer(Authentication authentication) {
            this.authentication = null;
            this.authentication = authentication;
        }

        @Override // javax.ws.rs.core.SecurityContext
        public Principal getUserPrincipal() {
            return (Principal) this.authentication.getPrincipal();
        }

        @Override // javax.ws.rs.core.SecurityContext
        public boolean isUserInRole(String str) {
            Iterator<? extends GrantedAuthority> it = this.authentication.getAuthorities().iterator();
            while (it.hasNext()) {
                if (str.equals(it.next().getAuthority())) {
                    return true;
                }
            }
            return false;
        }

        @Override // javax.ws.rs.core.SecurityContext
        public boolean isSecure() {
            return PortMappingsBeanDefinitionParser.ATT_HTTPS_PORT.equals(SecurityFilter.this.uriInfo.getRequestUri().getScheme());
        }

        @Override // javax.ws.rs.core.SecurityContext
        public String getAuthenticationScheme() {
            if (this.authentication == null) {
                return null;
            }
            return "BASIC";
        }
    }

    private Authentication authenticate(ContainerRequest containerRequest) {
        String headerValue = containerRequest.getHeaderValue("Authorization");
        if (headerValue == null || !headerValue.startsWith("Basic ")) {
            return null;
        }
        String[] split = new String(Base64.decodeBase64(headerValue.substring("Basic ".length()))).split(":");
        try {
            return this.authenticationService.login(split[0], split[1]);
        } catch (AuthenticationServiceException e) {
            return null;
        }
    }

    @Override // com.sun.jersey.spi.container.ContainerRequestFilter
    public ContainerRequest filter(ContainerRequest containerRequest) {
        Authentication authenticate = authenticate(containerRequest);
        if (authenticate != null) {
            containerRequest.setSecurityContext(new Authorizer(authenticate));
        }
        return containerRequest;
    }
}
