package org.apache.cxf.jaxrs.security;

import java.net.URI;
import java.util.Arrays;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.Configuration;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.interceptor.security.AuthenticationException;
import org.apache.cxf.interceptor.security.JAASLoginInterceptor;
import org.apache.cxf.interceptor.security.NamePasswordCallbackHandler;
import org.apache.cxf.jaxrs.ext.RequestHandler;
import org.apache.cxf.jaxrs.impl.HttpHeadersImpl;
import org.apache.cxf.jaxrs.model.ClassResourceInfo;
import org.apache.cxf.jaxrs.utils.HttpUtils;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;

/* loaded from: input_file:WEB-INF/lib/cxf-rt-frontend-jaxrs-2.7.13.jar:org/apache/cxf/jaxrs/security/JAASAuthenticationFilter.class */
public class JAASAuthenticationFilter implements RequestHandler {
    private static final List<MediaType> HTML_MEDIA_TYPES = Arrays.asList(MediaType.APPLICATION_XHTML_XML_TYPE, MediaType.TEXT_HTML_TYPE);
    private URI redirectURI;
    private String realmName;
    private boolean ignoreBasePath = true;
    private JAASLoginInterceptor interceptor = new JAASLoginInterceptor() { // from class: org.apache.cxf.jaxrs.security.JAASAuthenticationFilter.1
        @Override // org.apache.cxf.interceptor.security.JAASLoginInterceptor
        protected CallbackHandler getCallbackHandler(String str, String str2) {
            return JAASAuthenticationFilter.this.getCallbackHandler(str, str2);
        }
    };

    public JAASAuthenticationFilter() {
        this.interceptor.setUseDoAs(false);
    }

    public void setIgnoreBasePath(boolean z) {
        this.ignoreBasePath = z;
    }

    public void setContextName(String str) {
        this.interceptor.setContextName(str);
    }

    public void setLoginConfig(Configuration configuration) {
        this.interceptor.setLoginConfig(configuration);
    }

    public void setRoleClassifier(String str) {
        this.interceptor.setRoleClassifier(str);
    }

    public void setRoleClassifierType(String str) {
        this.interceptor.setRoleClassifierType(str);
    }

    @Deprecated
    public void setRolePrefix(String str) {
        this.interceptor.setRolePrefix(str);
    }

    public void setRedirectURI(String str) {
        this.redirectURI = URI.create(str);
    }

    public void setRealmName(String str) {
        this.realmName = str;
    }

    protected CallbackHandler getCallbackHandler(String str, String str2) {
        return new NamePasswordCallbackHandler(str, str2);
    }

    @Override // org.apache.cxf.jaxrs.ext.RequestHandler
    public Response handleRequest(Message message, ClassResourceInfo classResourceInfo) {
        try {
            this.interceptor.handleMessage(message);
            return null;
        } catch (AuthenticationException e) {
            return handleAuthenticationException(e, message);
        } catch (SecurityException e2) {
            return handleAuthenticationException(e2, message);
        }
    }

    protected Response handleAuthenticationException(SecurityException securityException, Message message) {
        URI uri;
        int lastIndexOf;
        HttpHeadersImpl httpHeadersImpl = new HttpHeadersImpl(message);
        if (this.redirectURI != null && isRedirectPossible(httpHeadersImpl)) {
            if (this.redirectURI.isAbsolute()) {
                uri = this.redirectURI;
            } else {
                String endpointAddress = HttpUtils.getEndpointAddress(message);
                Object obj = message.get(Message.BASE_PATH);
                if (this.ignoreBasePath && obj != null && !"/".equals(obj) && (lastIndexOf = endpointAddress.lastIndexOf(obj.toString())) != -1) {
                    endpointAddress = endpointAddress.substring(0, lastIndexOf);
                }
                uri = UriBuilder.fromUri(endpointAddress).path(this.redirectURI.toString()).build(new Object[0]);
            }
            return Response.status(getRedirectStatus()).header(HttpHeaders.LOCATION, uri).build();
        }
        Response.ResponseBuilder status = Response.status(Response.Status.UNAUTHORIZED);
        StringBuilder sb = new StringBuilder();
        List<String> requestHeader = httpHeadersImpl.getRequestHeader("Authorization");
        if (requestHeader.size() > 0) {
            String[] split = StringUtils.split(requestHeader.get(0), " ");
            if (split.length > 0) {
                sb.append(split[0]);
            }
        } else {
            sb.append("Basic");
        }
        if (this.realmName != null) {
            sb.append(" realm=\"").append(this.realmName).append('\"');
        }
        status.header("WWW-Authenticate", sb.toString());
        return status.build();
    }

    protected Response.Status getRedirectStatus() {
        return Response.Status.TEMPORARY_REDIRECT;
    }

    protected boolean isRedirectPossible(HttpHeaders httpHeaders) {
        return !JAXRSUtils.intersectMimeTypes(httpHeaders.getAcceptableMediaTypes(), HTML_MEDIA_TYPES, false).isEmpty();
    }
}
