package org.eclipse.gyrex.http.extensible.application;

import java.io.IOException;
import java.util.StringTokenizer;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.equinox.security.auth.LoginContextFactory;
import org.eclipse.gyrex.context.IRuntimeContext;
import org.eclipse.gyrex.http.application.Application;
import org.eclipse.gyrex.http.application.ApplicationException;
import org.eclipse.gyrex.http.extensible.application.configurator.ApplicationConfiguratorHelper;
import org.eclipse.gyrex.http.extensible.application.configurator.ExtensibleApplicationConfig;
import org.eclipse.gyrex.http.extensible.internal.SecureContextExtenstionPointhandler;
import org.eclipse.gyrex.security.context.GyrexSecurityContext;
import org.eclipse.gyrex.server.security.GyrexApplicationLoginCallbackHandler;
import org.eclipse.gyrex.server.security.internal.jetty.JettyUserIdentity;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.server.Request;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/gyrex/http/extensible/application/ExtensibleApplication.class */
public class ExtensibleApplication extends Application {
    private static final Logger LOG = LoggerFactory.getLogger(ExtensibleApplication.class);
    protected final ExtensibleApplicationConfig configuration;

    /* JADX INFO: Access modifiers changed from: protected */
    public ExtensibleApplication(String str, IRuntimeContext iRuntimeContext, ExtensibleApplicationConfig extensibleApplicationConfig) {
        super(str, iRuntimeContext);
        this.configuration = extensibleApplicationConfig;
    }

    protected void doInit() throws IllegalStateException, Exception {
        super.doInit();
        this.configuration.updateConfig(getApplicationContext().getInitProperties());
        ApplicationConfiguratorHelper.configureApplication(this.configuration, getContext(), getApplicationContext());
    }

    public void handleRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ApplicationException {
        super.handleRequest(httpServletRequest, httpServletResponse);
    }

    protected boolean handleSecurity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!this.configuration.isHandleSecurity()) {
            return true;
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            if (httpServletRequest.getMethod().equals("OPTIONS")) {
                prepareAccessControl(httpServletRequest, httpServletResponse);
                return false;
            }
            LOG.debug("[handleSecurity] No authorization header set, denying access");
            prepareUnauthorized(httpServletRequest, httpServletResponse);
            return false;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(header);
        String nextToken = stringTokenizer.nextToken();
        if (!"BASIC".equals(nextToken.toUpperCase())) {
            LOG.debug("[handleSecurity] Authentication scheme must be BASIC but was {}", nextToken);
            prepareUnauthorized(httpServletRequest, httpServletResponse);
            return false;
        }
        try {
            Subject subject = LoginContextFactory.createContext(this.configuration.getLoginConfigurationName(), this.configuration.getLoginConfigFilePath(), new GyrexApplicationLoginCallbackHandler(stringTokenizer.nextToken())).getSubject();
            GyrexSecurityContext secureContextForExtenstionId = SecureContextExtenstionPointhandler.getSecureContextForExtenstionId(this.configuration.getSecurityContextId());
            secureContextForExtenstionId.setSubject(subject);
            Request request = (Request) httpServletRequest;
            request.setAuthentication(new JettyUserIdentity(secureContextForExtenstionId));
            request.getSession().setAttribute(GyrexSecurityContext.SECURITY_CONTEXT_ATTR, secureContextForExtenstionId);
            httpServletRequest.setAttribute(GyrexSecurityContext.SECURITY_CONTEXT_ATTR, secureContextForExtenstionId);
            getContext().setLocal(GyrexSecurityContext.class, secureContextForExtenstionId);
            return true;
        } catch (LoginException e) {
            LOG.error("[handleSecurity] Access denied for this resource", e);
            prepareUnauthorized(httpServletRequest, httpServletResponse);
            return false;
        }
    }

    private void prepareAccessControl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader("Origin");
        if (header != null && header.length() > 0) {
            httpServletResponse.addHeader("Access-Control-Allow-0rigin", header);
        }
        String header2 = httpServletRequest.getHeader("Access-Control-Request-Headers");
        if (header2 != null && header2.length() > 0) {
            httpServletResponse.setHeader("Access-Control-Allow-Headers", header2);
        }
        String header3 = httpServletRequest.getHeader("Access-Control-Request-Method");
        if (header3 != null && header3.length() > 0) {
            httpServletResponse.setHeader("Access-Control-Request-Method", header3);
        }
        httpServletResponse.setStatus(200);
    }

    private void prepareUnauthorized(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader("X-Requested-With");
        if (header == null || !header.equals("XMLHttpRequest")) {
            httpServletResponse.setHeader(HttpHeader.WWW_AUTHENTICATE.asString(), "Basic realm=\"" + this.configuration.getSecurityRealm() + "\"");
        }
        httpServletResponse.setStatus(401);
    }
}
