package com.atlassian.crowd.plugin.rest.auth;

import com.atlassian.crowd.embedded.api.PasswordCredential;
import com.atlassian.crowd.exception.ObjectNotFoundException;
import com.atlassian.crowd.manager.application.ApplicationManager;
import com.atlassian.crowd.manager.validation.ClientValidationException;
import com.atlassian.crowd.manager.validation.ClientValidationManager;
import com.atlassian.crowd.model.application.Application;
import com.atlassian.crowd.plugin.rest.service.util.AuthenticatedApplicationUtil;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/atlassian/crowd/plugin/rest/auth/BasicApplicationAuthenticationFilter.class */
public class BasicApplicationAuthenticationFilter implements Filter {
    private static final String APPLICATION_AUTHENTICATION_ERROR_MSG = "Application failed to authenticate";
    private static final Logger LOG = Logger.getLogger(BasicApplicationAuthenticationFilter.class);
    private final ApplicationManager applicationManager;
    private final ClientValidationManager clientValidationManager;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/atlassian/crowd/plugin/rest/auth/BasicApplicationAuthenticationFilter$Credentials.class */
    public class Credentials {
        private final String applicationName;
        private final String password;

        private Credentials(String str, String str2) {
            this.applicationName = str;
            this.password = str2;
        }

        public String getApplicationName() {
            return this.applicationName;
        }

        public String getPassword() {
            return this.password;
        }
    }

    public BasicApplicationAuthenticationFilter(ApplicationManager applicationManager, ClientValidationManager clientValidationManager) {
        this.applicationManager = applicationManager;
        this.clientValidationManager = clientValidationManager;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        Credentials basicAuthCredentials = getBasicAuthCredentials(httpServletRequest);
        if (basicAuthCredentials == null) {
            LOG.debug("No basic auth credentials found in request, responding with authentication challenge");
            respondWithChallenge(httpServletResponse);
            return;
        }
        try {
            Application findByName = this.applicationManager.findByName(basicAuthCredentials.getApplicationName());
            this.clientValidationManager.validate(findByName, httpServletRequest);
            if (isAuthenticated(httpServletRequest, basicAuthCredentials)) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Application '" + basicAuthCredentials.getApplicationName() + "' is already authenticated");
                }
                filterChain.doFilter(httpServletRequest, servletResponse);
            } else if (authenticate(findByName, basicAuthCredentials.getPassword())) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("Application '" + basicAuthCredentials.getApplicationName() + "' authenticated successfully");
                }
                AuthenticatedApplicationUtil.setAuthenticatedApplication(httpServletRequest, basicAuthCredentials.getApplicationName());
                filterChain.doFilter(httpServletRequest, servletResponse);
            } else {
                LOG.info("Application '" + basicAuthCredentials.getApplicationName() + "' failed authentication");
                respondWithChallenge(httpServletResponse);
            }
        } catch (ClientValidationException e) {
            httpServletResponse.sendError(403, e.getMessage());
        } catch (ObjectNotFoundException e2) {
            LOG.info("Application '" + basicAuthCredentials.getApplicationName() + "' failed authentication");
            respondWithChallenge(httpServletResponse);
        }
    }

    private Credentials getBasicAuthCredentials(HttpServletRequest httpServletRequest) {
        String str;
        int indexOf;
        Credentials credentials = null;
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null && header.substring(0, 5).equalsIgnoreCase("Basic") && (indexOf = (str = new String(Base64.decodeBase64(header.substring(6).getBytes()))).indexOf(":")) != -1) {
            credentials = new Credentials(str.substring(0, indexOf), str.substring(indexOf + 1));
        }
        return credentials;
    }

    private boolean isAuthenticated(HttpServletRequest httpServletRequest, Credentials credentials) {
        try {
            return AuthenticatedApplicationUtil.getAuthenticatedApplication(httpServletRequest).equals(credentials.getApplicationName());
        } catch (IllegalStateException e) {
            return false;
        }
    }

    private boolean authenticate(Application application, String str) throws ClientValidationException {
        try {
            return this.applicationManager.authenticate(application, PasswordCredential.unencrypted(str));
        } catch (ObjectNotFoundException e) {
            LOG.info("Application with name '" + application.getName() + "' does not exist");
            return false;
        }
    }

    private void respondWithChallenge(HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setStatus(401);
        httpServletResponse.setHeader("WWW-Authenticate", "BASIC realm=\"Crowd REST Service\"");
        httpServletResponse.setHeader("Content-Type", "text/plain;charset=UTF-8");
        httpServletResponse.getOutputStream().write(APPLICATION_AUTHENTICATION_ERROR_MSG.getBytes("UTF-8"));
        httpServletResponse.flushBuffer();
    }

    public void destroy() {
    }
}
