package brooklyn.rest.security;

import brooklyn.config.BrooklynServiceAttributes;
import brooklyn.management.ManagementContext;
import brooklyn.rest.security.provider.DelegatingSecurityProvider;
import com.sun.jersey.core.util.Base64;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:brooklyn/rest/security/BrooklynPropertiesSecurityFilter.class */
public class BrooklynPropertiesSecurityFilter implements Filter {
    public static final String AUTHENTICATED_USER_SESSION_ATTRIBUTE = "brooklyn.user";
    private static final Logger log = LoggerFactory.getLogger(BrooklynPropertiesSecurityFilter.class);
    protected ManagementContext mgmt;
    protected DelegatingSecurityProvider provider;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (this.provider == null) {
            log.warn("No security provider available: disallowing web access to brooklyn");
            ((HttpServletResponse) servletResponse).sendError(503);
        } else if (authenticate((HttpServletRequest) servletRequest) && !handleLogout((HttpServletRequest) servletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            ((HttpServletResponse) servletResponse).setHeader("WWW-Authenticate", "Basic realm=\"brooklyn\"");
            ((HttpServletResponse) servletResponse).sendError(401);
        }
    }

    protected boolean authenticate(HttpServletRequest httpServletRequest) {
        if (this.provider.isAuthenticated(httpServletRequest.getSession())) {
            return true;
        }
        String str = null;
        String str2 = null;
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null) {
            String base64Decode = Base64.base64Decode(header.substring(6));
            str = base64Decode.substring(0, base64Decode.indexOf(":"));
            str2 = base64Decode.substring(base64Decode.indexOf(":") + 1);
        }
        if (!this.provider.authenticate(httpServletRequest.getSession(), str, str2)) {
            return false;
        }
        log.debug("Web API authenticated " + httpServletRequest.getSession() + " for user " + str);
        if (str == null) {
            return true;
        }
        httpServletRequest.getSession().setAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE, str);
        return true;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.mgmt = (ManagementContext) filterConfig.getServletContext().getAttribute(BrooklynServiceAttributes.BROOKLYN_MANAGEMENT_CONTEXT);
        this.provider = new DelegatingSecurityProvider(this.mgmt);
    }

    public void destroy() {
    }

    protected boolean handleLogout(HttpServletRequest httpServletRequest) {
        if (!"/logout".equals(httpServletRequest.getRequestURI()) && !"/v1/logout".equals(httpServletRequest.getRequestURI())) {
            return false;
        }
        log.info("Web API logging out " + httpServletRequest.getSession() + " for user " + httpServletRequest.getSession().getAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE));
        this.provider.logout(httpServletRequest.getSession());
        httpServletRequest.getSession().removeAttribute(AUTHENTICATED_USER_SESSION_ATTRIBUTE);
        httpServletRequest.getSession().invalidate();
        return true;
    }
}
