package org.ow2.bonita.facade.rest.interceptor;

import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import javax.ws.rs.ext.Provider;
import org.apache.commons.codec.binary.Base64;
import org.jboss.resteasy.annotations.interception.Precedence;
import org.jboss.resteasy.annotations.interception.ServerInterceptor;
import org.jboss.resteasy.core.Headers;
import org.jboss.resteasy.core.ResourceMethod;
import org.jboss.resteasy.core.ServerResponse;
import org.jboss.resteasy.spi.Failure;
import org.jboss.resteasy.spi.HttpRequest;
import org.jboss.resteasy.spi.interception.PreProcessInterceptor;
import org.ow2.bonita.facade.APIAccessor;
import org.ow2.bonita.facade.IdentityAPI;
import org.ow2.bonita.facade.impl.StandardAPIAccessorImpl;
import org.ow2.bonita.identity.auth.APIMethodsSecurity;
import org.ow2.bonita.identity.auth.DomainOwner;
import org.ow2.bonita.util.BonitaConstants;
import org.ow2.bonita.util.xml.XStreamUtil;

@Provider
@Precedence("SECURITY")
@ServerInterceptor
/* loaded from: input_file:org/ow2/bonita/facade/rest/interceptor/LoginPreProcessorInterceptor.class */
public class LoginPreProcessorInterceptor implements PreProcessInterceptor {
    private static Logger LOG = Logger.getLogger(LoginPreProcessorInterceptor.class.getName());
    private static String AUTHENTICATION_SCHEME = "Basic";
    private static String OPTIONS = "options";
    private static boolean optionsMapCreated = false;

    public ServerResponse preProcess(HttpRequest httpRequest, ResourceMethod resourceMethod) throws Failure, WebApplicationException {
        Map<String, String> optionsMap;
        String str;
        List list = (List) httpRequest.getDecodedFormParameters().get(OPTIONS);
        if (list == null || list.isEmpty()) {
            optionsMap = getOptionsMap(null);
        } else {
            try {
                str = URLDecoder.decode((String) list.get(0), BonitaConstants.FILE_ENCONDING);
            } catch (UnsupportedEncodingException e) {
                str = (String) list.get(0);
            }
            optionsMap = getOptionsMap(str);
        }
        if (optionsMap.get("queryList") == null) {
            optionsMap.put("queryList", "queryList");
        }
        if (optionsMap.get("domain") == null) {
            optionsMap.put("domain", BonitaConstants.DEFAULT_DOMAIN);
        }
        if (!isRESTServerSecured() || !APIMethodsSecurity.isSecuredMethod(resourceMethod.getMethod())) {
            if (!optionsMapCreated) {
                return null;
            }
            updateOptionsFormParam(httpRequest, optionsMap);
            return null;
        }
        DomainOwner.setDomain(optionsMap.get("domain"));
        String str2 = optionsMap.get(APIAccessor.PASSWORD_HASH_OPTION);
        if (str2 != null) {
            if (new StandardAPIAccessorImpl().getManagementAPI(optionsMap.get("queryList")).checkUserCredentialsWithPasswordHash(optionsMap.get("user"), str2)) {
                return null;
            }
            return getServerUnauthorizedResponse();
        }
        List requestHeader = httpRequest.getHttpHeaders().getRequestHeader("Authorization");
        if (requestHeader == null || requestHeader.isEmpty()) {
            return getServerUnauthorizedResponse();
        }
        StringTokenizer stringTokenizer = new StringTokenizer(new String(Base64.decodeBase64(((String) requestHeader.get(0)).replaceFirst(AUTHENTICATION_SCHEME + " ", "").getBytes())), IdentityAPI.MEMBERSHIP_SEPARATOR);
        String nextToken = stringTokenizer.nextToken();
        String nextToken2 = stringTokenizer.nextToken();
        optionsMap.put("user", nextToken);
        if (!new StandardAPIAccessorImpl().getManagementAPI(optionsMap.get("queryList")).checkUserCredentials(nextToken, nextToken2)) {
            return getServerUnauthorizedResponse();
        }
        updateOptionsFormParam(httpRequest, optionsMap);
        return null;
    }

    private boolean isRESTServerSecured() {
        boolean z = true;
        String property = System.getProperty(BonitaConstants.ACTIVATE_REST_AUTHENTICATION_PROPERTY);
        if (property != null && property.equalsIgnoreCase("false")) {
            z = false;
        }
        return z;
    }

    private ServerResponse getServerUnauthorizedResponse() {
        Headers headers = new Headers();
        headers.add("WWW-Authenticate", getServerResponseHeaders());
        return new ServerResponse((Object) null, Response.Status.UNAUTHORIZED.getStatusCode(), headers);
    }

    private void updateOptionsFormParam(HttpRequest httpRequest, Map<String, String> map) {
        String stringRepresentation = getStringRepresentation(map);
        httpRequest.getFormParameters().remove(OPTIONS);
        httpRequest.getFormParameters().add(OPTIONS, getStringRepresentation(map));
        httpRequest.getDecodedFormParameters().remove(OPTIONS);
        httpRequest.getDecodedFormParameters().add(OPTIONS, stringRepresentation);
    }

    private String getStringRepresentation(Map<String, String> map) {
        String xml = XStreamUtil.getDefaultXstream().toXML(map);
        try {
            xml = URLEncoder.encode(xml, BonitaConstants.FILE_ENCONDING);
        } catch (UnsupportedEncodingException e) {
            if (LOG.isLoggable(Level.WARNING)) {
                LOG.warning("Cannot encode " + xml + " using UTF-8");
            }
        }
        return xml;
    }

    private String getServerResponseHeaders() {
        return AUTHENTICATION_SCHEME + " realm=\"REST_API\"";
    }

    private Map<String, String> getOptionsMap(String str) {
        if (str == null || "".equals(str.trim())) {
            optionsMapCreated = true;
            return new HashMap();
        }
        if (str.startsWith("<")) {
            try {
                return (Map) XStreamUtil.getDefaultXstream().fromXML(str);
            } catch (Exception e) {
                optionsMapCreated = true;
                return new HashMap();
            }
        }
        optionsMapCreated = true;
        HashMap hashMap = new HashMap();
        StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
        while (stringTokenizer.hasMoreTokens()) {
            StringTokenizer stringTokenizer2 = new StringTokenizer(stringTokenizer.nextToken(), ": ");
            if (stringTokenizer2.countTokens() == 2) {
                String nextToken = stringTokenizer2.nextToken();
                String nextToken2 = stringTokenizer2.nextToken();
                if (nextToken.equalsIgnoreCase("queryList")) {
                    hashMap.put("queryList", nextToken2);
                }
                if (nextToken.equalsIgnoreCase("domain")) {
                    hashMap.put("domain", nextToken2);
                }
                if (nextToken.equalsIgnoreCase("user")) {
                    hashMap.put("user", nextToken2);
                }
            }
        }
        return hashMap;
    }
}
