package org.zodiac.actuate.security;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotNull;
import org.springframework.http.HttpStatus;
import org.springframework.web.filter.OncePerRequestFilter;
import org.zodiac.actuate.util.ActuatorHelper;
import org.zodiac.commons.util.Strings;
import org.zodiac.commons.util.web.HttpBasicAuthUtil;
import org.zodiac.sdk.nio.http.common.HttpMediaType;

/* loaded from: input_file:org/zodiac/actuate/security/ActuatorSecurityServletFilter.class */
public class ActuatorSecurityServletFilter extends OncePerRequestFilter {
    private String user;
    private String token;
    private ActuatorHelper actuatorHelper;

    public ActuatorSecurityServletFilter(@NotNull ActuatorHelper actuatorHelper, @NotNull String str) {
        this(actuatorHelper, ManagementEnpointsSecurityInfo.DEFAULT_ACTUATOR_SECURITY_USER, str);
    }

    public ActuatorSecurityServletFilter(@NotNull ActuatorHelper actuatorHelper, @NotNull String str, @NotNull String str2) {
        String trimToNull = Strings.trimToNull(str);
        if (null != trimToNull) {
            this.user = trimToNull;
        }
        this.token = str2;
        this.actuatorHelper = actuatorHelper;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (Strings.isNotEmpty(httpServletRequest.getHeader("X-Real-IP"))) {
            httpServletResponse.sendError(HttpStatus.NOT_FOUND.value());
            return;
        }
        String[] parseAuthorization = HttpBasicAuthUtil.parseAuthorization(httpServletRequest.getHeader("Authorization"));
        if (parseAuthorization.length == 2 && this.user.equals(parseAuthorization[0]) && parseAuthorization[1].equals(this.token)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String actuatorPath = this.actuatorHelper.getActuatorPath("/health");
        String actuatorPath2 = this.actuatorHelper.getActuatorPath("/prometheus");
        if (httpServletRequest.getRequestURI().startsWith(actuatorPath) || httpServletRequest.getRequestURI().startsWith(actuatorPath2)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        httpServletResponse.addHeader("WWW-Authenticate", "Basic Realm=\"token\"");
        httpServletResponse.addHeader("Content-Type", HttpMediaType.TEXT_HTML_UTF8);
        httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), HttpStatus.UNAUTHORIZED.getReasonPhrase());
    }
}
