package com.tinkerpop.rexster.filter;

import com.sun.jersey.core.util.Base64;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import com.tinkerpop.rexster.protocol.msg.ErrorResponseMessage;
import com.tinkerpop.rexster.protocol.msg.RexProMessage;
import com.tinkerpop.rexster.protocol.msg.SessionRequestMessage;
import com.tinkerpop.rexster.server.RexsterSettings;
import java.io.FileReader;
import java.io.IOException;
import java.security.Principal;
import java.util.HashMap;
import javax.servlet.ServletConfig;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;
import org.apache.commons.configuration.XMLConfiguration;
import org.apache.log4j.Logger;
import org.codehaus.jettison.json.JSONObject;
import org.glassfish.grizzly.filterchain.BaseFilter;
import org.glassfish.grizzly.filterchain.FilterChainContext;
import org.glassfish.grizzly.filterchain.NextAction;

/* loaded from: input_file:com/tinkerpop/rexster/filter/AbstractSecurityFilter.class */
public abstract class AbstractSecurityFilter extends BaseFilter implements ContainerRequestFilter {
    private static final Logger logger = Logger.getLogger(AbstractSecurityFilter.class);

    @Context
    protected UriInfo uriInfo;

    @Context
    protected ServletConfig servletConfig;

    @Context
    protected HttpServletRequest httpServletRequest;

    @Context
    protected HttpServletResponse httpServletResponse;
    private boolean isConfigured;

    /* loaded from: input_file:com/tinkerpop/rexster/filter/AbstractSecurityFilter$Authorizer.class */
    public class Authorizer implements SecurityContext {
        private final User user;
        private final Principal principal;

        public Authorizer(final User user) {
            this.user = user;
            this.principal = new Principal() { // from class: com.tinkerpop.rexster.filter.AbstractSecurityFilter.Authorizer.1
                @Override // java.security.Principal
                public String getName() {
                    return user.username;
                }
            };
        }

        public Principal getUserPrincipal() {
            return this.principal;
        }

        public boolean isUserInRole(String str) {
            return str.equals(this.user.role);
        }

        public boolean isSecure() {
            return "https".equals(AbstractSecurityFilter.this.uriInfo.getRequestUri().getScheme());
        }

        public String getAuthenticationScheme() {
            return "BASIC";
        }
    }

    /* loaded from: input_file:com/tinkerpop/rexster/filter/AbstractSecurityFilter$User.class */
    public class User {
        public final String username;
        public final String role;

        public User(String str, String str2) {
            this.username = str;
            this.role = str2;
        }
    }

    public AbstractSecurityFilter() {
        this.isConfigured = false;
    }

    public AbstractSecurityFilter(XMLConfiguration xMLConfiguration) {
        this.isConfigured = false;
        configure(xMLConfiguration);
        this.isConfigured = true;
    }

    public abstract boolean authenticate(String str, String str2);

    public abstract void configure(XMLConfiguration xMLConfiguration);

    public abstract String getName();

    public NextAction handleRead(FilterChainContext filterChainContext) throws IOException {
        SessionRequestMessage sessionRequestMessage = (RexProMessage) filterChainContext.getMessage();
        if ((sessionRequestMessage instanceof SessionRequestMessage) && !sessionRequestMessage.hasSession()) {
            SessionRequestMessage sessionRequestMessage2 = sessionRequestMessage;
            if (!sessionRequestMessage2.metaGetKillSession().booleanValue() && !authenticate(sessionRequestMessage2.Username, sessionRequestMessage2.Password)) {
                ErrorResponseMessage errorResponseMessage = new ErrorResponseMessage();
                errorResponseMessage.setSessionAsUUID(RexProMessage.EMPTY_SESSION);
                errorResponseMessage.Request = sessionRequestMessage2.Request;
                errorResponseMessage.ErrorMessage = "Invalid username or password.";
                errorResponseMessage.metaSetFlag(ErrorResponseMessage.AUTH_FAILURE_ERROR);
                filterChainContext.write(errorResponseMessage);
                return filterChainContext.getStopAction();
            }
        }
        return filterChainContext.getInvokeAction();
    }

    public ContainerRequest filter(ContainerRequest containerRequest) {
        containerRequest.setSecurityContext(new Authorizer(authenticateServletRequest(containerRequest)));
        return containerRequest;
    }

    private void initFromServletConfiguration() {
        if (this.isConfigured) {
            String initParameter = this.servletConfig.getInitParameter("com.tinkerpop.rexster.config");
            XMLConfiguration xMLConfiguration = new XMLConfiguration();
            try {
                xMLConfiguration.load(new FileReader(initParameter));
                configure(xMLConfiguration);
                this.isConfigured = true;
            } catch (Exception e) {
                throw new RuntimeException("Could not locate " + initParameter + " properties file.", e);
            }
        }
    }

    private User authenticateServletRequest(ContainerRequest containerRequest) {
        initFromServletConfiguration();
        String headerValue = containerRequest.getHeaderValue("Authorization");
        if (headerValue == null) {
            throw new WebApplicationException(generateErrorResponse("Authentication credentials are required."));
        }
        if (!headerValue.startsWith("Basic ")) {
            logger.info("Authentication failed: request for unsupported authentication type [" + headerValue + "]");
            throw new WebApplicationException(generateErrorResponse("Invalid authentication credentials."));
        }
        String substring = headerValue.substring("Basic ".length());
        String[] split = new String(Base64.base64Decode(substring)).split(":");
        if (split.length < 2) {
            logger.info("Authentication failed: invalid authentication string format [" + substring + "]");
            throw new WebApplicationException(generateErrorResponse("Invalid authentication credentials."));
        }
        String str = split[0];
        String str2 = split[1];
        if (str == null || str2 == null) {
            logger.info("Authentication failed: missing username or password [" + headerValue + "]");
            throw new WebApplicationException(generateErrorResponse("Invalid authentication credentials."));
        }
        if (!authenticate(str, str2)) {
            logger.info("Authentication failed: invalid username or password [" + substring + "]");
            throw new WebApplicationException(generateErrorResponse("Invalid username or password."));
        }
        User user = new User(str, "user");
        logger.debug("Authentication succeeded for [" + str + "]");
        return user;
    }

    private Response generateErrorResponse(final String str) {
        return Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic realm=\"rexster\"").type("application/json").entity(new JSONObject(new HashMap<String, String>() { // from class: com.tinkerpop.rexster.filter.AbstractSecurityFilter.1
            {
                put("message", str);
                put(RexsterSettings.COMMAND_VERSION, "2.3.0");
            }
        })).build();
    }
}
