package de.yourinspiration.jexpresso.basicauth;

import de.yourinspiration.jexpresso.baseauth.GrantedAuthority;
import de.yourinspiration.jexpresso.baseauth.PasswordEncoder;
import de.yourinspiration.jexpresso.baseauth.UserDetails;
import de.yourinspiration.jexpresso.baseauth.UserDetailsService;
import de.yourinspiration.jexpresso.baseauth.UserNotFoundException;
import de.yourinspiration.jexpresso.core.MiddlewareHandler;
import de.yourinspiration.jexpresso.core.Next;
import de.yourinspiration.jexpresso.core.Request;
import de.yourinspiration.jexpresso.core.Response;
import de.yourinspiration.jexpresso.http.ContentType;
import de.yourinspiration.jexpresso.http.HttpStatus;
import io.netty.handler.codec.http.HttpMethod;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import org.pmw.tinylog.Logger;

/* loaded from: input_file:de/yourinspiration/jexpresso/basicauth/BasicAuthentication.class */
public class BasicAuthentication implements MiddlewareHandler {
    public static final String USER_DETAILS_ATTR = "userDetails";
    private final UserDetailsService userDetailsService;
    private final PasswordEncoder passwordEncoder;
    private final List<SecurityRoute> securityRoutes = new ArrayList();

    public BasicAuthentication(UserDetailsService userDetailsService, PasswordEncoder passwordEncoder) {
        this.userDetailsService = userDetailsService;
        this.passwordEncoder = passwordEncoder;
    }

    public void securePath(String str, String str2, HttpMethod... httpMethodArr) {
        this.securityRoutes.add(new SecurityRoute(str, str2, httpMethodArr));
    }

    @Override // de.yourinspiration.jexpresso.core.MiddlewareHandler
    public void handle(Request request, Response response, Next next) {
        if (checkSecurityProviders(request, response)) {
            next.next();
        } else {
            next.cancel();
        }
    }

    private boolean checkSecurityProviders(Request request, Response response) {
        String uri = getUri(request);
        HttpMethod method = request.method();
        Iterator<SecurityRoute> it = this.securityRoutes.iterator();
        while (it.hasNext()) {
            if (it.next().matchesPathAndMethod(uri, method)) {
                if (checkAuthentication(request, this.userDetailsService, this.passwordEncoder)) {
                    return true;
                }
                handleUnauthenticated(response);
                return false;
            }
        }
        return true;
    }

    private String getUri(Request request) {
        return request.path().contains("?") ? request.path().substring(0, request.path().indexOf("?")) : request.path();
    }

    private void handleUnauthenticated(Response response) {
        response.status(HttpStatus.UNAUTHORIZED);
        response.set("WWW-Authenticate", "Basic realm=\"sparkle realm\"");
        response.type(ContentType.TEXT_PLAIN);
        response.send("");
    }

    private boolean checkAuthentication(Request request, UserDetailsService userDetailsService, PasswordEncoder passwordEncoder) {
        boolean z = false;
        String str = request.get("Authorization");
        if (str != null && str.startsWith("Basic")) {
            String[] split = new String(Base64.getDecoder().decode(str.substring("Basic".length()).trim()), Charset.forName("UTF-8")).split(":", 2);
            try {
                UserDetails loadUserByUsername = userDetailsService.loadUserByUsername(split[0]);
                if (loadUserByUsername != null && passwordEncoder.checkpw(split[1], loadUserByUsername.getPassword()) && hasGrantedAuthoriy(loadUserByUsername, getAuthoritiesForRoute(request.path(), request.method()))) {
                    request.attribute(USER_DETAILS_ATTR, loadUserByUsername);
                    z = true;
                }
            } catch (UserNotFoundException e) {
                Logger.debug("User not found", new Object[]{e});
            }
        }
        return z;
    }

    private String getAuthoritiesForRoute(String str, HttpMethod httpMethod) {
        for (SecurityRoute securityRoute : this.securityRoutes) {
            if (securityRoute.matchesPathAndMethod(str, httpMethod)) {
                return securityRoute.getAuthorities();
            }
        }
        return "";
    }

    private boolean hasGrantedAuthoriy(UserDetails userDetails, String str) {
        if ("".equals(str.trim())) {
            return true;
        }
        for (GrantedAuthority grantedAuthority : userDetails.getAuthorities()) {
            for (String str2 : str.split(",")) {
                if (grantedAuthority.getAuthority().equalsIgnoreCase(str2)) {
                    return true;
                }
            }
        }
        return false;
    }
}
