package org.apache.archiva.redback.rest.services.interceptors;

import javax.inject.Inject;
import javax.inject.Named;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.apache.archiva.redback.authentication.AuthenticationException;
import org.apache.archiva.redback.authentication.AuthenticationResult;
import org.apache.archiva.redback.authorization.RedbackAuthorization;
import org.apache.archiva.redback.integration.filter.authentication.HttpAuthenticationException;
import org.apache.archiva.redback.integration.filter.authentication.basic.HttpBasicAuthentication;
import org.apache.archiva.redback.policy.AccountLockedException;
import org.apache.archiva.redback.policy.MustChangePasswordException;
import org.apache.archiva.redback.rest.services.RedbackAuthenticationThreadLocal;
import org.apache.archiva.redback.rest.services.RedbackRequestInformation;
import org.apache.archiva.redback.system.SecuritySession;
import org.apache.archiva.redback.users.UserManager;
import org.apache.archiva.redback.users.UserManagerException;
import org.apache.archiva.redback.users.UserNotFoundException;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;

@Provider
@Service("authenticationInterceptor#rest")
/* loaded from: input_file:WEB-INF/lib/redback-rest-services-2.6.1.jar:org/apache/archiva/redback/rest/services/interceptors/AuthenticationInterceptor.class */
public class AuthenticationInterceptor extends AbstractInterceptor implements ContainerRequestFilter {

    @Inject
    @Named("userManager#default")
    private UserManager userManager;

    @Inject
    @Named("httpAuthenticator#basic")
    private HttpBasicAuthentication httpAuthenticator;
    private final Logger log = LoggerFactory.getLogger(getClass());

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) {
        Message currentMessage = JAXRSUtils.getCurrentMessage();
        RedbackAuthorization redbackAuthorization = getRedbackAuthorization(currentMessage);
        if (redbackAuthorization == null) {
            this.log.warn("http path {} doesn't contain any informations regarding permissions ", currentMessage.get(Message.REQUEST_URI));
            containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
            return;
        }
        HttpServletRequest httpServletRequest = getHttpServletRequest(currentMessage);
        HttpServletResponse httpServletResponse = getHttpServletResponse(currentMessage);
        if (redbackAuthorization.noRestriction()) {
            SecuritySession securitySession = this.httpAuthenticator.getSecuritySession(httpServletRequest.getSession(true));
            if (securitySession != null) {
                RedbackAuthenticationThreadLocal.set(new RedbackRequestInformation(securitySession.getUser(), httpServletRequest.getRemoteAddr()));
                return;
            }
            try {
                AuthenticationResult authenticationResult = this.httpAuthenticator.getAuthenticationResult(httpServletRequest, httpServletResponse);
                if (authenticationResult == null || !authenticationResult.isAuthenticated()) {
                    return;
                }
                RedbackAuthenticationThreadLocal.set(new RedbackRequestInformation(authenticationResult.getUser() == null ? this.userManager.findUser(authenticationResult.getPrincipal()) : authenticationResult.getUser(), httpServletRequest.getRemoteAddr()));
                currentMessage.put((Class<Class>) AuthenticationResult.class, (Class) authenticationResult);
                return;
            } catch (Exception e) {
                return;
            }
        }
        try {
            AuthenticationResult authenticationResult2 = this.httpAuthenticator.getAuthenticationResult(httpServletRequest, httpServletResponse);
            if (authenticationResult2 == null || !authenticationResult2.isAuthenticated()) {
                throw new HttpAuthenticationException("You are not authenticated.");
            }
            RedbackAuthenticationThreadLocal.set(new RedbackRequestInformation(authenticationResult2.getUser() == null ? this.userManager.findUser(authenticationResult2.getPrincipal()) : authenticationResult2.getUser(), httpServletRequest.getRemoteAddr()));
            currentMessage.put((Class<Class>) AuthenticationResult.class, (Class) authenticationResult2);
        } catch (AuthenticationException e2) {
            this.log.debug("failed to authenticate for path {}", currentMessage.get(Message.REQUEST_URI));
            containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
        } catch (AccountLockedException e3) {
            this.log.debug("account locked for path {}", currentMessage.get(Message.REQUEST_URI));
            containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
        } catch (MustChangePasswordException e4) {
            this.log.debug("must change password for path {}", currentMessage.get(Message.REQUEST_URI));
            containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
        } catch (UserNotFoundException e5) {
            this.log.debug("UserNotFoundException for path {}", currentMessage.get(Message.REQUEST_URI));
            containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
        } catch (UserManagerException e6) {
            this.log.debug("UserManagerException: {} for path", e6.getMessage(), currentMessage.get(Message.REQUEST_URI));
            containerRequestContext.abortWith(Response.status(Response.Status.FORBIDDEN).build());
        }
    }
}
