package com.sun.jersey.samples.contacts.server.auth;

import com.sun.jersey.api.container.MappableContainerException;
import com.sun.jersey.samples.contacts.models.User;
import com.sun.jersey.samples.contacts.server.Database;
import com.sun.jersey.spi.container.ContainerRequest;
import com.sun.jersey.spi.container.ContainerRequestFilter;
import java.security.Principal;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.SecurityContext;
import javax.ws.rs.core.UriInfo;

/* loaded from: input_file:com/sun/jersey/samples/contacts/server/auth/SecurityFilter.class */
public class SecurityFilter implements ContainerRequestFilter {
    private static final String REALM = "Contacts Service";

    @Context
    UriInfo uriInfo;

    /* loaded from: input_file:com/sun/jersey/samples/contacts/server/auth/SecurityFilter$Authorizer.class */
    public class Authorizer implements SecurityContext {
        private Principal principal;

        public Authorizer(final User user) {
            this.principal = new Principal() { // from class: com.sun.jersey.samples.contacts.server.auth.SecurityFilter.Authorizer.1
                @Override // java.security.Principal
                public String getName() {
                    return user.getUsername();
                }
            };
        }

        public Principal getUserPrincipal() {
            return this.principal;
        }

        public boolean isUserInRole(String str) {
            if (Database.ADMIN_USERNAME.equals(str)) {
                return Database.ADMIN_USERNAME.equals(this.principal.getName());
            }
            if (!"user".equals(str)) {
                return false;
            }
            if (Database.ADMIN_USERNAME.equals(this.principal.getName())) {
                return true;
            }
            String str2 = (String) SecurityFilter.this.uriInfo.getPathParameters().getFirst("username");
            return str2 != null && this.principal.getName().endsWith(str2);
        }

        public boolean isSecure() {
            return "https".equals(SecurityFilter.this.uriInfo.getRequestUri().getScheme());
        }

        public String getAuthenticationScheme() {
            return "BASIC";
        }
    }

    public ContainerRequest filter(ContainerRequest containerRequest) {
        containerRequest.setSecurityContext(new Authorizer(authenticate(containerRequest)));
        return containerRequest;
    }

    private User authenticate(ContainerRequest containerRequest) {
        User user;
        String headerValue = containerRequest.getHeaderValue("Authorization");
        if (headerValue == null) {
            throw new MappableContainerException(new AuthenticationException("Authentication credentials are required\r\n", REALM));
        }
        if (!headerValue.startsWith("Basic ")) {
            throw new MappableContainerException(new AuthenticationException("Only HTTP Basic authentication is supported\r\n", REALM));
        }
        String[] split = new String(Base64.base64Decode(headerValue.substring("Basic ".length()))).split(":");
        if (split.length < 2) {
            throw new MappableContainerException(new AuthenticationException("Invalid syntax for username and password\r\n", REALM));
        }
        String str = split[0];
        String str2 = split[1];
        if (str == null || str2 == null) {
            throw new MappableContainerException(new AuthenticationException("Missing username or password\r\n", REALM));
        }
        synchronized (Database.users) {
            user = Database.users.get(str);
            if (user == null) {
                throw new MappableContainerException(new AuthenticationException("Invalid username or password\r\n", REALM));
            }
            if (!str2.trim().equals(user.getPassword().trim())) {
                throw new MappableContainerException(new AuthenticationException("Invalid username or password\r\n", REALM));
            }
        }
        return user;
    }
}
