package org.jfrog.access.server.rest.filter;

import java.io.IOException;
import java.util.Base64;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import javax.ws.rs.core.Context;
import org.apache.commons.io.Charsets;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.jfrog.access.server.exception.AccessException;
import org.jfrog.access.server.rest.HttpRequestContext;
import org.jfrog.access.server.rest.exception.UnauthorizedRestException;
import org.jfrog.access.server.service.auth.AuthenticationService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/access-server-rest-2.0.1.jar:org/jfrog/access/server/rest/filter/AuthFilter.class */
public class AuthFilter implements ContainerRequestFilter, ContainerResponseFilter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) AuthFilter.class);
    private static final String BASIC = "Basic ";
    private static final String BEARER = "Bearer ";

    @Autowired
    private AuthenticationService authenticationService;

    @Context
    private HttpRequestContext httpRequestContext;

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) {
        if (containerRequestContext.getUriInfo().getAbsolutePath().getPath().contains("/api/secured/")) {
            return;
        }
        this.authenticationService.logout();
        String first = containerRequestContext.getHeaders().getFirst("Authorization");
        if (StringUtils.isNotBlank(first)) {
            if (first.startsWith(BASIC)) {
                authenticateBasic(containerRequestContext, first);
            } else {
                if (!first.startsWith(BEARER)) {
                    int indexOf = first.indexOf(" ");
                    throw new UnauthorizedRestException("Unsupported authentication method", first.substring(0, indexOf > 0 ? indexOf : first.length()));
                }
                authenticateBearer(containerRequestContext, first);
            }
            containerRequestContext.setProperty(AuthenticationService.REQUEST_PROP_USERNAME, this.authenticationService.getLoggedInPrincipal().getName());
        }
    }

    private void authenticateBasic(ContainerRequestContext containerRequestContext, String str) {
        log.trace("Handling basic authentication");
        try {
            String[] split = decodeCredsFromBasicAuthHeader(str).split(":");
            if (split.length != 2 || StringUtils.isBlank(split[0]) || StringUtils.isBlank(split[1])) {
                throw new IllegalArgumentException("Both username and password are required");
            }
            this.authenticationService.login(this.authenticationService.authenticate(split[0], split[1], this.httpRequestContext.getRemoteAddress()));
        } catch (AccessException e) {
            log.debug("Basic authentication failed.", (Throwable) e);
            throw e;
        } catch (Exception e2) {
            log.debug("Basic authentication failed.", (Throwable) e2);
            throw new UnauthorizedRestException("Basic authentication failed", "invalid credentials");
        }
    }

    private String decodeCredsFromBasicAuthHeader(String str) {
        try {
            return IOUtils.toString(Base64.getDecoder().decode(str.substring(BASIC.length())), Charsets.UTF_8.name());
        } catch (IOException e) {
            throw new IllegalArgumentException("Failed to decode basic authentication header", e);
        }
    }

    private void authenticateBearer(ContainerRequestContext containerRequestContext, String str) {
        log.trace("Handling bearer authentication");
        try {
            this.authenticationService.login(this.authenticationService.authenticate(str.substring(BEARER.length()), null));
        } catch (Exception e) {
            log.debug("Bearer authentication failed", (Throwable) e);
            throw new UnauthorizedRestException("Bearer authentication failed", "invalid token");
        }
    }

    @Override // javax.ws.rs.container.ContainerResponseFilter
    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) {
        log.debug("Logging out current principal: {}", this.authenticationService.getLoggedInPrincipal());
        this.authenticationService.logout();
    }
}
