package org.eclipse.sensinact.northbound.rest.impl;

import jakarta.annotation.Priority;
import jakarta.ws.rs.container.ContainerRequestContext;
import jakarta.ws.rs.container.ContainerRequestFilter;
import jakarta.ws.rs.core.Application;
import jakarta.ws.rs.core.Context;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.SecurityContext;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.Base64;
import java.util.Collection;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.eclipse.sensinact.core.security.UserInfo;
import org.eclipse.sensinact.northbound.security.api.Authenticator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Priority(1000)
/* loaded from: input_file:org/eclipse/sensinact/northbound/rest/impl/AuthenticationFilter.class */
public class AuthenticationFilter implements ContainerRequestFilter {
    private static final Logger LOG = LoggerFactory.getLogger(AuthenticationFilter.class);

    @Context
    Application application;

    /* loaded from: input_file:org/eclipse/sensinact/northbound/rest/impl/AuthenticationFilter$UserInfoPrincipal.class */
    public static class UserInfoPrincipal implements Principal {
        private final UserInfo info;

        public UserInfoPrincipal(UserInfo userInfo) {
            this.info = userInfo;
        }

        @Override // java.security.Principal
        public String getName() {
            return this.info.getUserId();
        }

        public UserInfo getUserInfo() {
            return this.info;
        }
    }

    /* loaded from: input_file:org/eclipse/sensinact/northbound/rest/impl/AuthenticationFilter$UserInfoSecurityContext.class */
    private static class UserInfoSecurityContext implements SecurityContext {
        private final String scheme;
        private final UserInfoPrincipal principal;

        public UserInfoSecurityContext(String str, UserInfo userInfo) {
            this.scheme = str;
            this.principal = new UserInfoPrincipal(userInfo);
        }

        public Principal getUserPrincipal() {
            return this.principal;
        }

        public boolean isUserInRole(String str) {
            return false;
        }

        public boolean isSecure() {
            return true;
        }

        public String getAuthenticationScheme() {
            return this.scheme;
        }
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        Authenticator.Scheme scheme;
        String str;
        String str2;
        String headerString = containerRequestContext.getHeaderString("Authorization");
        if (headerString == null) {
            if (((Boolean) this.application.getProperties().getOrDefault("raw.anonymous.access", Boolean.FALSE)).booleanValue()) {
                return;
            }
            containerRequestContext.abortWith(unauthorizedResponse());
            return;
        }
        String[] split = headerString.split(" ", 2);
        if (split.length != 2) {
            containerRequestContext.abortWith(Response.status(Response.Status.BAD_REQUEST).build());
        }
        if ("Bearer".equals(split[0])) {
            scheme = Authenticator.Scheme.TOKEN;
            str = null;
            str2 = split[1];
        } else if ("Basic".equals(split[0])) {
            scheme = Authenticator.Scheme.USER_PASSWORD;
            String[] split2 = new String(Base64.getMimeDecoder().decode(split[1]), StandardCharsets.UTF_8).split(":", 2);
            str = split2[0];
            str2 = split2[1];
        } else {
            scheme = null;
            str = null;
            str2 = null;
        }
        Authenticator.Scheme scheme2 = scheme;
        String str3 = str;
        String str4 = str2;
        Optional findFirst = getAuthenticators().stream().filter(authenticator -> {
            return authenticator.getScheme() == scheme2;
        }).map(authenticator2 -> {
            return tryAuth(authenticator2, str3, str4);
        }).filter(userInfo -> {
            return userInfo != null;
        }).findFirst();
        if (findFirst.isEmpty()) {
            containerRequestContext.abortWith(unauthorizedResponse());
        } else {
            containerRequestContext.setSecurityContext(new UserInfoSecurityContext(Authenticator.Scheme.TOKEN.getHttpScheme(), (UserInfo) findFirst.get()));
        }
    }

    private Response unauthorizedResponse() {
        Collection<Authenticator> authenticators = getAuthenticators();
        return authenticators.isEmpty() ? Response.status(Response.Status.SERVICE_UNAVAILABLE).build() : Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", getAuthHeader(authenticators)).build();
    }

    private String getAuthHeader(Collection<Authenticator> collection) {
        return (String) collection.stream().map(authenticator -> {
            return String.format("%s realm=%s", authenticator.getScheme().getHttpScheme(), authenticator.getRealm());
        }).collect(Collectors.joining(", "));
    }

    private Collection<Authenticator> getAuthenticators() {
        return (Collection) this.application.getProperties().getOrDefault("authentication.providers", Set.of());
    }

    private UserInfo tryAuth(Authenticator authenticator, String str, String str2) {
        UserInfo userInfo = null;
        try {
            userInfo = authenticator.authenticate(str, str2);
        } catch (Exception e) {
            LOG.warn("Failed to authenticate user {}", str, e);
        }
        return userInfo;
    }
}
