package net.krotscheck.kangaroo.authz.oauth2.authn.authn;

import com.google.common.base.Strings;
import java.nio.charset.Charset;
import java.util.Base64;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Priority;
import javax.inject.Provider;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.container.ContainerRequestContext;
import net.krotscheck.kangaroo.authz.common.database.entity.Client;
import net.krotscheck.kangaroo.authz.oauth2.authn.O2Principal;
import net.krotscheck.kangaroo.authz.oauth2.exception.RFC6749;
import org.glassfish.jersey.server.ContainerRequest;
import org.hibernate.Session;
import org.hibernate.hql.internal.classic.ParserHelper;

@Priority(1000)
/* loaded from: input_file:net/krotscheck/kangaroo/authz/oauth2/authn/authn/O2ClientBasicAuthFilter.class */
public final class O2ClientBasicAuthFilter extends AbstractO2AuthenticationFilter {
    private static final Pattern BASIC = Pattern.compile("^Basic ([0-9a-zA-Z]+={0,2})$", 2);
    private static final Base64.Decoder DECODER = Base64.getDecoder();
    private static final Charset UTF8 = Charset.forName("UTF-8");

    public O2ClientBasicAuthFilter(Provider<ContainerRequest> provider, Provider<Session> provider2) {
        super(provider, provider2);
    }

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) {
        Optional map = Optional.ofNullable(containerRequestContext.getHeaderString("Authorization")).map((v0) -> {
            return v0.trim();
        });
        Pattern pattern = BASIC;
        pattern.getClass();
        Matcher matcher = (Matcher) map.map((v1) -> {
            return r1.matcher(v1);
        }).filter((v0) -> {
            return v0.matches();
        }).orElse(null);
        if (matcher == null) {
            return;
        }
        Map.Entry entry = (Map.Entry) Optional.ofNullable(matcher.group(1)).map(str -> {
            return new String(DECODER.decode(str), UTF8);
        }).map(Strings::nullToEmpty).filter(str2 -> {
            return str2.contains(ParserHelper.HQL_VARIABLE_PREFIX);
        }).map(str3 -> {
            return str3.split(ParserHelper.HQL_VARIABLE_PREFIX, 2);
        }).map(strArr -> {
            return convertCredentials(strArr[0], strArr[1]);
        }).filter(entry2 -> {
            return Objects.nonNull(entry2.getValue());
        }).orElseThrow(BadRequestException::new);
        setPrincipal(new O2Principal((Client) Optional.of(entry.getKey()).map(bigInteger -> {
            return (Client) getSession().find(Client.class, bigInteger);
        }).filter(client -> {
            return ((String) entry.getValue()).equals(client.getClientSecret());
        }).orElseThrow(RFC6749.AccessDeniedException::new)));
    }
}
