package osgi.enroute.websecurity.adapter;

import aQute.lib.base64.Base64;
import aQute.lib.collections.ExtList;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.Callable;
import java.util.concurrent.CopyOnWriteArrayList;
import java.util.concurrent.atomic.AtomicReference;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import osgi.enroute.authentication.api.Authenticator;
import osgi.enroute.authorization.api.AuthorityAdmin;
import osgi.enroute.http.capabilities.RequireHttpImplementation;

@Designate(ocd = Config.class, factory = true)
@RequireHttpImplementation
@Component(property = {"osgi.http.whiteboard.filter.regex=.*"})
/* loaded from: input_file:osgi/enroute/websecurity/adapter/SecurityFilter.class */
public class SecurityFilter implements Filter {
    static final String DEFAULT_REALM = "OSGi enRoute Default";
    private static final String AUTH_PREFIX_BASIC = "Basic ";
    static Logger logger = LoggerFactory.getLogger(SecurityFilter.class);
    private CopyOnWriteArrayList<Authenticator> authenticators = new CopyOnWriteArrayList<>();
    private AtomicReference<AuthorityAdmin> authorityAdminRef = new AtomicReference<>();
    private volatile boolean reported;
    private String realm;

    @ObjectClassDefinition
    /* loaded from: input_file:osgi/enroute/websecurity/adapter/SecurityFilter$Config.class */
    @interface Config {
        @AttributeDefinition(defaultValue = {SecurityFilter.DEFAULT_REALM})
        String realm();

        int service_ranking();

        String filter();

        String pattern();

        String osgi_http_whiteboard_filter_regex();
    }

    @Activate
    void activate(Config config) {
        this.realm = config.realm();
    }

    public void doFilter(final ServletRequest servletRequest, final ServletResponse servletResponse, final FilterChain filterChain) throws IOException, ServletException {
        Callable<Void> callable = new Callable<Void>() { // from class: osgi.enroute.websecurity.adapter.SecurityFilter.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Void call() throws Exception {
                filterChain.doFilter(servletRequest, servletResponse);
                return null;
            }
        };
        if (!servletRequest.isSecure()) {
            run(null, callable);
        }
        if (servletRequest instanceof HttpServletRequest) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            String str = null;
            if (httpServletRequest.getSession() != null) {
                str = (String) httpServletRequest.getSession().getAttribute("userid");
            }
            if (str == null) {
                str = authenticate(httpServletRequest);
            }
            if (str != null) {
                if (httpServletRequest.getSession() != null) {
                    httpServletRequest.getSession().setAttribute("userid", str);
                }
                run(str, callable);
                return;
            }
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setStatus(401);
        httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"" + this.realm + "\"");
    }

    private void run(String str, Callable<Void> callable) throws ServletException, IOException {
        try {
            this.authorityAdminRef.get().call(str, callable);
        } catch (RuntimeException | ServletException | IOException e) {
            throw e;
        } catch (Exception e2) {
            throw new ServletException(e2);
        }
    }

    private String authenticate(HttpServletRequest httpServletRequest) throws ServletException, IOException {
        String authenticate;
        Map<String, Object> map = getMap(httpServletRequest);
        Iterator<Authenticator> it = this.authenticators.iterator();
        while (it.hasNext()) {
            Authenticator next = it.next();
            try {
                authenticate = next.authenticate(map, new String[]{"basic.source", "servlet.source"});
            } catch (Exception e) {
                logger.error("Authenticator failed " + next, e);
            }
            if (authenticate != null) {
                return authenticate;
            }
        }
        if (!this.authenticators.isEmpty() || this.reported) {
            return null;
        }
        logger.warn("There are no Authenticator services found ");
        this.reported = true;
        return null;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    private Map<String, Object> getMap(HttpServletRequest httpServletRequest) throws MalformedURLException {
        HashMap hashMap = new HashMap();
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null) {
            String[] split = new String(Base64.decodeBase64(header.substring(AUTH_PREFIX_BASIC.length()))).split(":");
            if (split.length == 2) {
                hashMap.put("user.source.userid", split[0]);
                hashMap.put("user.source.password", split[1].toCharArray());
            }
        }
        if (httpServletRequest instanceof HttpServletRequest) {
            Enumeration headerNames = httpServletRequest.getHeaderNames();
            while (headerNames.hasMoreElements()) {
                String str = (String) headerNames.nextElement();
                hashMap.put(str, httpServletRequest.getHeader(str));
            }
            hashMap.put("servlet.source", new URL(httpServletRequest.getRequestURL().toString()));
            hashMap.put("servlet.source.method", httpServletRequest.getMethod());
            hashMap.put("servlet.secure", Boolean.valueOf(httpServletRequest.isSecure()));
        }
        for (String str2 : httpServletRequest.getParameterMap().keySet()) {
            String[] parameterValues = httpServletRequest.getParameterValues(str2);
            if (parameterValues != null) {
                if (parameterValues.length > 1) {
                    hashMap.put(str2, new ExtList(parameterValues));
                } else {
                    hashMap.put(str2, parameterValues[0]);
                }
            }
        }
        return hashMap;
    }

    public void destroy() {
    }

    @Reference(cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC)
    void addAuthenticator(Authenticator authenticator) {
        this.authenticators.add(authenticator);
        this.reported = false;
    }

    void removeAuthenticator(Authenticator authenticator) {
        this.authenticators.remove(authenticator);
    }

    @Reference(cardinality = ReferenceCardinality.MULTIPLE, policy = ReferencePolicy.DYNAMIC)
    void setAuthorityAdmin(AuthorityAdmin authorityAdmin) {
        this.authorityAdminRef.set(authorityAdmin);
    }

    void unsetAuthorityAdmin(AuthorityAdmin authorityAdmin) {
        this.authorityAdminRef.compareAndSet(authorityAdmin, null);
    }
}
