package com.evolveum.midpoint.model.impl.security;

import com.evolveum.midpoint.model.api.authentication.NodeAuthenticationEvaluator;
import com.evolveum.midpoint.model.impl.util.RestServiceUtil;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.task.api.TaskManager;
import java.io.IOException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import org.apache.commons.lang.StringUtils;
import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;

/* loaded from: input_file:WEB-INF/lib/model-impl-3.8.1-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/security/MidpointRestAuthenticationHandler.class */
public class MidpointRestAuthenticationHandler implements ContainerRequestFilter, ContainerResponseFilter {

    @Autowired
    private MidpointRestPasswordAuthenticator passwordAuthenticator;

    @Autowired
    private MidpointRestSecurityQuestionsAuthenticator securityQuestionAuthenticator;

    @Autowired
    @Qualifier("cacheRepositoryService")
    private RepositoryService repository;

    @Autowired
    private NodeAuthenticationEvaluator nodeAuthenticator;

    @Autowired
    private TaskManager taskManager;

    @Override // javax.ws.rs.container.ContainerResponseFilter
    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) throws IOException {
    }

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        Message currentMessage = JAXRSUtils.getCurrentMessage();
        AuthorizationPolicy authorizationPolicy = (AuthorizationPolicy) currentMessage.get(AuthorizationPolicy.class);
        if (authorizationPolicy != null) {
            this.passwordAuthenticator.handleRequest(authorizationPolicy, currentMessage, containerRequestContext);
            return;
        }
        String headerString = containerRequestContext.getHeaderString("Authorization");
        if (StringUtils.isBlank(headerString)) {
            RestServiceUtil.createAbortMessage(containerRequestContext);
            return;
        }
        String[] split = headerString.split(" ");
        String str = split[0];
        if (split.length == 1) {
            if (RestAuthenticationMethod.SECURITY_QUESTIONS.equals(str)) {
                RestServiceUtil.createSecurityQuestionAbortMessage(containerRequestContext, "{\"user\" : \"username\"}");
                return;
            } else {
                if (RestAuthenticationMethod.CLUSTER.equals(str)) {
                    if (this.nodeAuthenticator.authenticate(null, SecurityUtil.getCurrentConnectionInformation().getRemoteHostAddress(), "invalidateCache")) {
                        currentMessage.put("task", this.taskManager.createTaskInstance());
                        return;
                    } else {
                        RestServiceUtil.createAbortMessage(containerRequestContext);
                        return;
                    }
                }
                return;
            }
        }
        if (split.length != 2) {
            RestServiceUtil.createAbortMessage(containerRequestContext);
            return;
        }
        String str2 = split.length == 2 ? split[1] : null;
        if (RestAuthenticationMethod.SECURITY_QUESTIONS.equals(str)) {
            try {
                String str3 = new String(Base64Utility.decode(str2));
                AuthorizationPolicy authorizationPolicy2 = new AuthorizationPolicy();
                authorizationPolicy2.setAuthorizationType(RestAuthenticationMethod.SECURITY_QUESTIONS.getMethod());
                authorizationPolicy2.setAuthorization(str3);
                this.securityQuestionAuthenticator.handleRequest(authorizationPolicy2, currentMessage, containerRequestContext);
            } catch (Base64Exception e) {
                RestServiceUtil.createSecurityQuestionAbortMessage(containerRequestContext, "{\"user\" : \"username\"}");
            }
        }
    }
}
