package com.hypersocket.json;

import com.hypersocket.auth.AuthenticationService;
import com.hypersocket.auth.PasswordEncryptionService;
import com.hypersocket.local.LocalUser;
import com.hypersocket.local.LocalUserCredentials;
import com.hypersocket.local.LocalUserRepository;
import com.hypersocket.permissions.AccessDeniedException;
import com.hypersocket.realm.Realm;
import com.hypersocket.realm.RealmService;
import com.hypersocket.session.Session;
import com.hypersocket.session.SessionService;
import java.util.Arrays;
import java.util.Locale;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.collections.Transformer;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.util.encoders.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

@Component
/* loaded from: input_file:com/hypersocket/json/RestApiInterceptor.class */
public class RestApiInterceptor extends HandlerInterceptorAdapter {
    private static Logger log = LoggerFactory.getLogger(RestApiInterceptor.class);

    @Autowired
    private AuthenticationService authenticationService;

    @Autowired
    private SessionService sessionService;

    @Autowired
    private RealmService realmService;

    @Autowired
    private LocalUserRepository userRepository;

    @Autowired
    private PasswordEncryptionService encryptionService;

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        httpServletRequest.setAttribute(RestApi.API_REST, RestApi.API_REST);
        String header = httpServletRequest.getHeader(RestApi.HTTP_HEADER_AUTH);
        if (StringUtils.isNotBlank(header) && header.toLowerCase().startsWith(RestApi.HTTP_BASIC_AUTH_SCHEME)) {
            String[] split = new String(Base64.decode(header.substring(6))).split(":");
            if (split.length == 2) {
                String str = split[0];
                String str2 = split[1];
                Realm systemRealm = this.realmService.getSystemRealm();
                LocalUser userByName = this.userRepository.getUserByName(str, systemRealm);
                if (verify(userByName, str2)) {
                    httpServletRequest.setAttribute(RestApi.API_USER, userByName);
                    Session currentSession = getCurrentSession(httpServletRequest, str);
                    if (currentSession == null) {
                        currentSession = this.sessionService.openSession(httpServletRequest.getRemoteAddr(), userByName, this.authenticationService.getSchemeByResourceKey(systemRealm, RestApi.HTTP_BASIC_AUTH_SCHEME), RestApi.API_REST, MapUtils.transformedMap(httpServletRequest.getParameterMap(), new Transformer() { // from class: com.hypersocket.json.RestApiInterceptor.1
                            public Object transform(Object obj2) {
                                return obj2;
                            }
                        }, new Transformer() { // from class: com.hypersocket.json.RestApiInterceptor.2
                            public Object transform(Object obj2) {
                                return Arrays.toString((Object[]) obj2);
                            }
                        }), systemRealm);
                        this.sessionService.registerNonCookieSession(httpServletRequest.getRemoteAddr(), str, RestApi.HTTP_BASIC_AUTH_SCHEME, currentSession);
                    }
                    this.authenticationService.setCurrentSession(currentSession, systemRealm, userByName, Locale.ENGLISH);
                    return true;
                }
            }
        }
        httpServletResponse.addHeader(RestApi.HTTP_HEADER_WWW_AUTHENTICATE, String.format("Basic realm=\"%s\"", RestApi.API_REST));
        httpServletResponse.sendError(401, "Not Authorized");
        return false;
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) throws Exception {
        this.authenticationService.clearPrincipalContext();
    }

    private Session getCurrentSession(HttpServletRequest httpServletRequest, String str) {
        try {
            return this.sessionService.getNonCookieSession(httpServletRequest.getRemoteAddr(), Base64.toBase64String(str.getBytes()), RestApi.HTTP_BASIC_AUTH_SCHEME);
        } catch (AccessDeniedException e) {
            return null;
        }
    }

    private boolean verify(LocalUser localUser, String str) {
        LocalUserCredentials credentials = this.userRepository.getCredentials(localUser);
        try {
            return this.encryptionService.authenticate(str.toCharArray(), Base64.decode(credentials.getEncodedPassword()), Base64.decode(credentials.getEncodedSalt()), credentials.getEncryptionType());
        } catch (Throwable th) {
            if (!log.isDebugEnabled()) {
                return false;
            }
            log.error("Failed to verify password", th);
            return false;
        }
    }
}
