package org.eclipse.sensinact.northbound.ws.impl;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.Servlet;
import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletRequestWrapper;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collection;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.stream.Collectors;
import org.eclipse.jetty.server.handler.ContextHandler;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.websocket.core.server.WebSocketServerComponents;
import org.eclipse.jetty.websocket.server.JettyWebSocketServerContainer;
import org.eclipse.jetty.websocket.server.JettyWebSocketServlet;
import org.eclipse.jetty.websocket.server.JettyWebSocketServletFactory;
import org.eclipse.sensinact.northbound.query.api.IQueryHandler;
import org.eclipse.sensinact.northbound.security.api.Authenticator;
import org.eclipse.sensinact.northbound.security.api.UserInfo;
import org.eclipse.sensinact.northbound.session.SensiNactSessionManager;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.http.whiteboard.annotations.RequireHttpWhiteboard;
import org.osgi.service.http.whiteboard.propertytypes.HttpWhiteboardFilterPattern;
import org.osgi.service.http.whiteboard.propertytypes.HttpWhiteboardServletAsyncSupported;
import org.osgi.service.http.whiteboard.propertytypes.HttpWhiteboardServletPattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@HttpWhiteboardServletPattern({"/ws/sensinact"})
@Component(service = {Servlet.class, Filter.class}, configurationPid = {"sensinact.northbound.websocket"})
@HttpWhiteboardFilterPattern({"/ws/sensinact"})
@HttpWhiteboardServletAsyncSupported
@RequireHttpWhiteboard
/* loaded from: input_file:org/eclipse/sensinact/northbound/ws/impl/WebSocketJettyRegistrar.class */
public class WebSocketJettyRegistrar extends JettyWebSocketServlet implements Filter {
    static final String SENSINACT_USER_INFO = "sensinact.user.info";
    private static final Logger LOG = LoggerFactory.getLogger(WebSocketJettyRegistrar.class);
    private static final long serialVersionUID = 1;

    @Reference
    SensiNactSessionManager sessionManager;

    @Reference
    IQueryHandler queryHandler;
    private WebSocketCreator sessionPool;
    private Config config;

    @Reference(policy = ReferencePolicy.DYNAMIC)
    private final Set<Authenticator> authenticators = new CopyOnWriteArraySet();
    private final AtomicBoolean initCalled = new AtomicBoolean(false);
    private final CountDownLatch initComplete = new CountDownLatch(1);

    /* loaded from: input_file:org/eclipse/sensinact/northbound/ws/impl/WebSocketJettyRegistrar$Config.class */
    @interface Config {
        boolean allow_anonymous() default false;
    }

    @Activate
    void activate(Config config) {
        this.config = config;
        this.sessionPool = new WebSocketCreator(this.sessionManager, this.queryHandler);
    }

    @Deactivate
    void stop() {
        this.sessionPool.close();
        this.sessionManager = null;
    }

    public void init() throws ServletException {
    }

    public void service(ServletRequest servletRequest, ServletResponse servletResponse) throws ServletException, IOException {
        if (this.initCalled.getAndSet(true)) {
            try {
                this.initComplete.await();
            } catch (InterruptedException e) {
                throw new ServletException(e);
            }
        } else {
            try {
                ServletContext servletContext = getServletContext();
                WebSocketServerComponents.ensureWebSocketComponents(ServletContextHandler.getServletContextHandler(servletContext, "Jetty WebSocket init").getServer(), servletContext);
                JettyWebSocketServerContainer.ensureContainer(servletContext);
                super.init();
                this.initComplete.countDown();
            } catch (Throwable th) {
                this.initComplete.countDown();
                throw th;
            }
        }
        super.service(new HttpServletRequestWrapper((HttpServletRequest) servletRequest) { // from class: org.eclipse.sensinact.northbound.ws.impl.WebSocketJettyRegistrar.1
            public ServletContext getServletContext() {
                return ContextHandler.getCurrentContext();
            }
        }, servletResponse);
    }

    protected void configure(JettyWebSocketServletFactory jettyWebSocketServletFactory) {
        jettyWebSocketServletFactory.setCreator(this.sessionPool);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Authenticator.Scheme scheme;
        String str;
        String str2;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            if (!this.config.allow_anonymous()) {
                unauthorizedResponse(httpServletResponse);
                return;
            } else {
                httpServletRequest.setAttribute(SENSINACT_USER_INFO, UserInfo.ANONYMOUS);
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
        }
        String[] split = header.split(" ", 2);
        if (split.length != 2) {
            httpServletResponse.sendError(400);
            return;
        }
        if ("Bearer".equals(split[0])) {
            scheme = Authenticator.Scheme.TOKEN;
            str = null;
            str2 = split[1];
        } else if ("Basic".equals(split[0])) {
            scheme = Authenticator.Scheme.USER_PASSWORD;
            String[] split2 = new String(Base64.getMimeDecoder().decode(split[1]), StandardCharsets.UTF_8).split(":", 2);
            str = split2[0];
            str2 = split2[1];
        } else {
            scheme = null;
            str = null;
            str2 = null;
        }
        Authenticator.Scheme scheme2 = scheme;
        String str3 = str;
        String str4 = str2;
        Optional findFirst = Set.copyOf(this.authenticators).stream().filter(authenticator -> {
            return authenticator.getScheme() == scheme2;
        }).map(authenticator2 -> {
            return tryAuth(authenticator2, str3, str4);
        }).filter(userInfo -> {
            return userInfo != null;
        }).findFirst();
        if (findFirst.isEmpty()) {
            unauthorizedResponse(httpServletResponse);
        } else {
            httpServletRequest.setAttribute(SENSINACT_USER_INFO, findFirst.get());
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    private void unauthorizedResponse(HttpServletResponse httpServletResponse) throws IOException {
        Set copyOf = Set.copyOf(this.authenticators);
        if (copyOf.isEmpty()) {
            httpServletResponse.sendError(503);
        } else {
            httpServletResponse.setHeader("WWW-Authenticate", getAuthHeader(copyOf));
            httpServletResponse.sendError(401);
        }
    }

    private String getAuthHeader(Collection<Authenticator> collection) {
        return (String) collection.stream().map(authenticator -> {
            return String.format("%s realm=%s", authenticator.getScheme().getHttpScheme(), authenticator.getRealm());
        }).collect(Collectors.joining(", "));
    }

    private UserInfo tryAuth(Authenticator authenticator, String str, String str2) {
        UserInfo userInfo = null;
        try {
            userInfo = authenticator.authenticate(str, str2);
        } catch (Exception e) {
            LOG.warn("Failed to authenticate user {}", str, e);
        }
        return userInfo;
    }
}
