package pl.psnc.dl.wf4ever.auth;

import com.sun.jersey.api.container.MappableContainerException;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.UriInfo;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.log4j.Logger;
import pl.psnc.dl.wf4ever.connection.DigitalLibraryFactory;
import pl.psnc.dl.wf4ever.db.AccessToken;
import pl.psnc.dl.wf4ever.db.UserProfile;
import pl.psnc.dl.wf4ever.db.dao.AccessTokenDAO;
import pl.psnc.dl.wf4ever.dl.DigitalLibraryException;
import pl.psnc.dl.wf4ever.dl.NotFoundException;
import pl.psnc.dl.wf4ever.dl.UserMetadata;
import pl.psnc.dl.wf4ever.exceptions.AuthenticationException;
import pl.psnc.dl.wf4ever.model.Builder;

/* loaded from: input_file:WEB-INF/classes/pl/psnc/dl/wf4ever/auth/SecurityFilter.class */
public class SecurityFilter implements ContainerRequestFilter {
    private static final Logger LOGGER = Logger.getLogger(SecurityFilter.class);
    public static final String REALM = "ROSRS";

    @Context
    private UriInfo uriInfo;

    @Context
    private HttpServletRequest httpRequest;

    @Override // com.sun.jersey.spi.container.ContainerRequestFilter
    public ContainerRequest filter(ContainerRequest containerRequest) {
        try {
            UserMetadata authenticate = authenticate(containerRequest);
            if (authenticate == null) {
                throw new NotFoundException("User profile not found");
            }
            this.httpRequest.setAttribute("Builder", new Builder(authenticate));
            return containerRequest;
        } catch (DigitalLibraryException e) {
            throw new MappableContainerException(new AuthenticationException("Incorrect login/password\r\n", REALM));
        }
    }

    private UserMetadata authenticate(ContainerRequest containerRequest) {
        LOGGER.info("Request to: " + this.uriInfo.getAbsolutePath() + " | method:  " + containerRequest.getMethod());
        String headerValue = containerRequest.getHeaderValue("Authorization");
        if (headerValue == null) {
            return UserProfile.PUBLIC;
        }
        try {
            if (headerValue.startsWith("Bearer ")) {
                return getBearerCredentials(headerValue.substring("Bearer ".length()));
            }
            throw new MappableContainerException(new AuthenticationException("Only HTTP Basic and OAuth 2.0 Bearer authentications are supported\r\n", REALM));
        } catch (IllegalArgumentException e) {
            throw new MappableContainerException(new AuthenticationException(e.getMessage(), REALM));
        }
    }

    public UserMetadata getBearerCredentials(String str) {
        if (DigestUtils.md5Hex(str).equalsIgnoreCase(DigitalLibraryFactory.getAdminTokenHash())) {
            return UserProfile.ADMIN;
        }
        AccessTokenDAO accessTokenDAO = new AccessTokenDAO();
        AccessToken findByValue = accessTokenDAO.findByValue(str);
        if (findByValue == null) {
            throw new MappableContainerException(new AuthenticationException("Incorrect access token\r\n", REALM));
        }
        findByValue.setLastUsed(new Date());
        accessTokenDAO.save(findByValue);
        return findByValue.getUser();
    }

    public boolean isSecure() {
        return "https".equals(this.uriInfo.getRequestUri().getScheme());
    }
}
