package org.apache.brooklyn.rest.filter;

import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.ws.rs.core.Response;
import org.apache.brooklyn.api.mgmt.ManagementContext;
import org.apache.brooklyn.rest.BrooklynWebConfig;
import org.apache.brooklyn.rest.security.provider.DelegatingSecurityProvider;
import org.apache.brooklyn.rest.security.provider.SecurityProvider;
import org.apache.brooklyn.util.collections.MutableSet;
import org.apache.brooklyn.util.text.StringEscapes;
import org.apache.commons.codec.binary.Base64;
import org.eclipse.jetty.http.HttpHeader;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.session.SessionHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterHelper.class */
public class BrooklynSecurityProviderFilterHelper {
    public static final String AUTHENTICATED_USER_SESSION_ATTRIBUTE = "brooklyn.user";
    public static Set<SessionHandler> SESSION_MANAGER_CACHE = MutableSet.of();
    private static final Logger log = LoggerFactory.getLogger(BrooklynSecurityProviderFilterHelper.class);
    public static final String BASIC_REALM_NAME = "brooklyn";
    public static final String BASIC_REALM_HEADER_VALUE = "BASIC realm=" + StringEscapes.JavaStringEscapes.wrapJavaString(BASIC_REALM_NAME);

    /* loaded from: input_file:org/apache/brooklyn/rest/filter/BrooklynSecurityProviderFilterHelper$Responder.class */
    public interface Responder {
        void error(String str, boolean z) throws SecurityProvider.SecurityProviderDeniedAuthentication;
    }

    public HttpSession getSession(HttpServletRequest httpServletRequest, ManagementContext managementContext, boolean z) {
        String requestedSessionId = httpServletRequest.getRequestedSessionId();
        log.trace("SESSION for {}, wants session {}", httpServletRequest.getRequestURI(), requestedSessionId);
        if (httpServletRequest instanceof Request) {
            SessionHandler sessionHandler = ((Request) httpServletRequest).getSessionHandler();
            log.trace("SESSION MANAGER found for {}: {} (added={})", new Object[]{httpServletRequest.getRequestURI(), sessionHandler, Boolean.valueOf(SESSION_MANAGER_CACHE.add(sessionHandler))});
        } else {
            log.trace("SESSION MANAGER NOT found for {}: {}", httpServletRequest.getRequestURI(), httpServletRequest);
        }
        if (requestedSessionId != null) {
            for (SessionHandler sessionHandler2 : SESSION_MANAGER_CACHE) {
                HttpSession httpSession = sessionHandler2.getHttpSession(requestedSessionId);
                if (httpSession != null) {
                    log.trace("SESSION found for {}: {} (valid={})", new Object[]{httpServletRequest.getRequestURI(), httpSession, Boolean.valueOf(sessionHandler2.isValid(httpSession))});
                    return httpSession;
                }
            }
        }
        if (!z) {
            return null;
        }
        HttpSession session = httpServletRequest.getSession(true);
        log.trace("SESSION creating for {}: {}", httpServletRequest.getRequestURI(), session);
        return session;
    }

    public void run(HttpServletRequest httpServletRequest, ManagementContext managementContext) throws SecurityProvider.SecurityProviderDeniedAuthentication {
        SecurityProvider provider = getProvider(managementContext);
        HttpSession session = getSession(httpServletRequest, managementContext, false);
        if (provider.isAuthenticated(session)) {
            return;
        }
        String str = null;
        String str2 = null;
        if (provider.requiresUserPass()) {
            String header = httpServletRequest.getHeader("Authorization");
            if (header == null) {
                throw abort("Authorization required", provider.requiresUserPass());
            }
            String str3 = new String(Base64.decodeBase64(header.substring(6)));
            int indexOf = str3.indexOf(":");
            if (indexOf < 0) {
                throw abort("Invalid authorization string", provider.requiresUserPass());
            }
            str = str3.substring(0, indexOf);
            str2 = str3.substring(indexOf + 1);
        }
        if (session == null) {
            session = getSession(httpServletRequest, managementContext, true);
        }
        session.setAttribute(BrooklynWebConfig.REMOTE_ADDRESS_SESSION_ATTRIBUTE, httpServletRequest.getRemoteAddr());
        if (!provider.authenticate(session, str, str2)) {
            throw abort("Authentication failed", provider.requiresUserPass());
        }
        if (str != null) {
            session.setAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE, str);
        }
    }

    private SecurityProvider.SecurityProviderDeniedAuthentication abort(String str, boolean z) throws SecurityProvider.SecurityProviderDeniedAuthentication {
        Response.ResponseBuilder status = Response.status(Response.Status.UNAUTHORIZED);
        if (z) {
            status.header(HttpHeader.WWW_AUTHENTICATE.asString(), BASIC_REALM_HEADER_VALUE);
        }
        status.header(HttpHeader.CONTENT_TYPE.asString(), "text/plain");
        status.entity(str);
        throw new SecurityProvider.SecurityProviderDeniedAuthentication(status.build());
    }

    protected SecurityProvider getProvider(ManagementContext managementContext) {
        return new DelegatingSecurityProvider(managementContext);
    }
}
