package org.kantega.respiro.security;

import java.io.IOException;
import java.security.Principal;
import java.util.Base64;
import java.util.Optional;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:org/kantega/respiro/security/BasicAuthenticationFilter.class */
public class BasicAuthenticationFilter implements Filter {
    private final String securityRealm;
    private final PasswordChecker passwordChecker;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/kantega/respiro/security/BasicAuthenticationFilter$UsernameAndPassword.class */
    public static class UsernameAndPassword {
        final String username;
        final String password;

        public UsernameAndPassword(String str, String str2) {
            this.password = str2;
            this.username = str;
        }
    }

    public BasicAuthenticationFilter(String str, PasswordChecker passwordChecker) {
        this.securityRealm = str;
        this.passwordChecker = passwordChecker;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        final Optional<UsernameAndPassword> findCredentials = findCredentials(httpServletRequest.getHeader("Authorization"));
        if (Boolean.TRUE.equals(httpServletRequest.getAttribute("skipBasicAuth"))) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (findCredentials.isPresent()) {
            final AuthenticationResult checkPassword = this.passwordChecker.checkPassword(findCredentials.get().username, findCredentials.get().password);
            if (checkPassword.isAuthenticated()) {
                filterChain.doFilter(new HttpServletRequestWrapper(httpServletRequest) { // from class: org.kantega.respiro.security.BasicAuthenticationFilter.1
                    public String getRemoteUser() {
                        return ((UsernameAndPassword) findCredentials.get()).username;
                    }

                    public boolean isUserInRole(String str) {
                        return checkPassword.getRoles().contains(str);
                    }

                    public Principal getUserPrincipal() {
                        return this::getRemoteUser;
                    }
                }, servletResponse);
                return;
            }
        }
        httpServletResponse.setStatus(401);
        httpServletResponse.setHeader("WWW-Authenticate", String.format("Basic realm=\"%s\"", this.securityRealm));
    }

    private Optional<UsernameAndPassword> findCredentials(String str) {
        if (str != null && str.startsWith("Basic ")) {
            String str2 = new String(Base64.getDecoder().decode(str.substring("Basic ".length()).getBytes()));
            if (str2.contains(":")) {
                String[] split = str2.split(":");
                if (split.length == 2) {
                    String trim = split[0].trim();
                    String trim2 = split[1].trim();
                    if (!trim.isEmpty() && !trim2.isEmpty()) {
                        return Optional.of(new UsernameAndPassword(trim, trim2));
                    }
                }
            }
        }
        return Optional.empty();
    }

    public void destroy() {
    }
}
