package org.eclipse.kura.internal.rest.provider;

import com.eclipsesource.jaxrs.provider.security.AuthenticationHandler;
import com.eclipsesource.jaxrs.provider.security.AuthorizationHandler;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.Arrays;
import java.util.Base64;
import java.util.Map;
import java.util.StringTokenizer;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Response;
import org.eclipse.kura.configuration.ConfigurableComponent;
import org.eclipse.kura.crypto.CryptoService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/kura/internal/rest/provider/RestService.class */
public class RestService implements ConfigurableComponent, AuthenticationHandler, AuthorizationHandler {
    private static final Logger logger = LoggerFactory.getLogger(RestService.class);
    private static final Base64.Decoder BASE64_DECODER = Base64.getDecoder();
    private static final Response UNAUTHORIZED_RESPONSE = Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic realm=\"kura-rest-api\"").build();
    private Map<String, User> users;
    private CryptoService cryptoService;

    public void setCryptoService(CryptoService cryptoService) {
        this.cryptoService = cryptoService;
    }

    public void activate(Map<String, Object> map) {
        logger.info("activating...");
        updated(map);
        logger.info("activating...done");
    }

    public void deactivate() {
        logger.info("deactivating...");
        logger.info("deactivating...done");
    }

    public void updated(Map<String, Object> map) {
        logger.info("updating...");
        this.users = User.fromOptions(new RestServiceOptions(map));
        logger.info("updating...done");
    }

    public boolean isUserInRole(Principal principal, String str) {
        return ((User) principal).getRoles().contains(str);
    }

    public Principal authenticate(ContainerRequestContext containerRequestContext) {
        String headerString = containerRequestContext.getHeaderString("Authorization");
        if (headerString == null) {
            containerRequestContext.abortWith(UNAUTHORIZED_RESPONSE);
            return null;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(headerString);
        if (!"Basic".equals(stringTokenizer.nextToken())) {
            containerRequestContext.abortWith(UNAUTHORIZED_RESPONSE);
            return null;
        }
        String str = new String(BASE64_DECODER.decode(stringTokenizer.nextToken()), StandardCharsets.UTF_8);
        int indexOf = str.indexOf(58);
        String substring = str.substring(0, indexOf);
        String substring2 = str.substring(indexOf + 1);
        User user = this.users.get(substring);
        try {
            char[] password = user.getPassword().getPassword();
            if (password.length == 0 && substring2.isEmpty()) {
                return user;
            }
            if (Arrays.equals(password, this.cryptoService.encryptAes(substring2.toCharArray()))) {
                return user;
            }
            return null;
        } catch (Exception unused) {
            return null;
        }
    }

    public String getAuthenticationScheme() {
        return "BASIC";
    }
}
