package de.mhus.cherry.web.util.filter;

import de.mhus.cherry.web.api.InternalCallContext;
import de.mhus.cherry.web.api.VirtualHost;
import de.mhus.cherry.web.api.WebFilter;
import de.mhus.cherry.web.util.CherryWebUtil;
import de.mhus.lib.core.MLog;
import de.mhus.lib.core.MPassword;
import de.mhus.lib.core.MString;
import de.mhus.lib.core.config.IConfig;
import de.mhus.lib.core.util.Base64;
import de.mhus.lib.core.util.MUri;
import de.mhus.lib.errors.MException;
import java.io.IOException;
import java.util.HashMap;
import java.util.UUID;
import java.util.regex.Pattern;
import javax.servlet.ServletOutputStream;

/* loaded from: input_file:de/mhus/cherry/web/util/filter/BaseAuthFilter.class */
public class BaseAuthFilter extends MLog implements WebFilter {
    public static String NAME = "base_auth_filter";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/mhus/cherry/web/util/filter/BaseAuthFilter$Config.class */
    public class Config {
        private String realm;
        private Pattern included;
        private Pattern excluded;
        private String message;
        private HashMap<String, String> accounts = new HashMap<>();

        public Config(VirtualHost virtualHost, IConfig iConfig) {
            String string = iConfig.getString("included", (String) null);
            if (string != null) {
                this.included = Pattern.compile(string);
            }
            String string2 = iConfig.getString("excluded", (String) null);
            if (string2 != null) {
                this.excluded = Pattern.compile(string2);
            }
            this.message = iConfig.getString("message", "Access denied");
            this.realm = iConfig.getString("realm", "Access");
            for (IConfig iConfig2 : iConfig.getNode("accounts").getNodes()) {
                try {
                    this.accounts.put(iConfig2.getString("user"), iConfig2.getString("pass"));
                } catch (MException e) {
                    BaseAuthFilter.this.log().e(new Object[]{e});
                }
            }
            String string3 = iConfig.getString("accountsFile", (String) null);
            if (MString.isSet(string3)) {
                CherryWebUtil.loadAccounts(virtualHost.findFile(string3), this.accounts);
            }
        }
    }

    public void doInitialize(UUID uuid, VirtualHost virtualHost, IConfig iConfig) throws MException {
        virtualHost.getProperties().put(NAME + uuid, new Config(virtualHost, iConfig));
    }

    public boolean doFilterBegin(UUID uuid, InternalCallContext internalCallContext) throws MException {
        Config config = (Config) internalCallContext.getVirtualHost().getProperties().get(NAME + uuid);
        if (config == null) {
            send401(internalCallContext, config);
            return false;
        }
        String httpPath = internalCallContext.getHttpPath();
        if (config.included != null && !config.included.matcher(httpPath).matches()) {
            return true;
        }
        if (config.excluded != null && config.excluded.matcher(httpPath).matches()) {
            return true;
        }
        String header = internalCallContext.getHttpRequest().getHeader("Authorization");
        if (header == null) {
            send401(internalCallContext, config);
            return false;
        }
        if (!header.toUpperCase().startsWith("BASIC ")) {
            send401(internalCallContext, config);
            return false;
        }
        String[] split = new String(Base64.decode(header.substring(6))).split(":", 2);
        String str = null;
        String str2 = null;
        if (split.length > 0) {
            str = MUri.decode(split[0]);
        }
        if (split.length > 1) {
            str2 = MUri.decode(split[1]);
        }
        String str3 = config.accounts.get(str);
        if (str3 == null) {
            log().d(new Object[]{"user not found", str, internalCallContext.getHttpRequest().getRemoteAddr()});
        } else {
            if (MPassword.equals(str3, str2)) {
                if (!internalCallContext.getVirtualHost().isTraceAccess()) {
                    return true;
                }
                log().d(new Object[]{"access", internalCallContext.getVirtualHost().getName(), str, internalCallContext.getHttpMethod(), internalCallContext.getHttpPath()});
                return true;
            }
            log().d(new Object[]{"password not accepted", str, internalCallContext.getHttpRequest().getRemoteAddr()});
        }
        send401(internalCallContext, config);
        return false;
    }

    private void send401(InternalCallContext internalCallContext, Config config) throws MException {
        try {
            internalCallContext.getHttpResponse().setStatus(401);
            internalCallContext.getHttpResponse().setHeader("WWW-Authenticate", "BASIC realm=\"" + config.realm + "\", charset=\"UTF-8\"");
            internalCallContext.getHttpResponse().setContentType("text/html");
            ServletOutputStream outputStream = internalCallContext.getHttpResponse().getOutputStream();
            outputStream.write(config.message.getBytes());
            outputStream.flush();
        } catch (IOException e) {
            throw new MException(new Object[]{e});
        }
    }

    public void doFilterEnd(UUID uuid, InternalCallContext internalCallContext) throws MException {
    }
}
