package org.eclipse.ditto.services.gateway.endpoints.directives;

import akka.http.javadsl.model.StatusCodes;
import akka.http.javadsl.server.Directives;
import akka.http.javadsl.server.Route;
import akka.http.javadsl.server.directives.SecurityDirectives;
import com.typesafe.config.Config;
import java.util.Optional;
import java.util.function.Function;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/ditto/services/gateway/endpoints/directives/DevopsBasicAuthenticationDirective.class */
public class DevopsBasicAuthenticationDirective {
    private static final Logger LOGGER = LoggerFactory.getLogger(DevopsBasicAuthenticationDirective.class);
    public static final String REALM_DEVOPS = "DITTO-DEVOPS";
    private static final String USER_DEVOPS = "devops";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/ditto/services/gateway/endpoints/directives/DevopsBasicAuthenticationDirective$Authenticator.class */
    public static class Authenticator implements Function<Optional<SecurityDirectives.ProvidedCredentials>, Optional<String>> {
        private final String username;
        private final String password;

        Authenticator(String str, String str2) {
            this.username = str;
            this.password = str2;
        }

        @Override // java.util.function.Function
        public Optional<String> apply(Optional<SecurityDirectives.ProvidedCredentials> optional) {
            return optional.filter(providedCredentials -> {
                return this.username.equals(providedCredentials.identifier()) && providedCredentials.verify(this.password);
            }).map((v0) -> {
                return v0.identifier();
            });
        }
    }

    private DevopsBasicAuthenticationDirective() {
    }

    public static Route authenticateDevopsBasic(String str, Route route) {
        return Directives.extractActorSystem(actorSystem -> {
            Config config = actorSystem.settings().config();
            if (!REALM_DEVOPS.equals(str)) {
                LOGGER.warn("Did not know realm '{}'. NOT letting the inner Route pass ..", str);
                return Directives.complete(StatusCodes.UNAUTHORIZED);
            }
            if (!config.getBoolean("ditto.gateway.devops.securestatus")) {
                LOGGER.warn("DevOps resource is not secured by BasicAuth");
                return route;
            }
            String string = config.getString("secrets.devops_password");
            LOGGER.debug("Devops authentication is enabled.");
            return Directives.authenticateBasic(REALM_DEVOPS, new Authenticator("devops", string), str2 -> {
                return route;
            });
        });
    }
}
