package com.evolveum.midpoint.model.impl.security;

import com.evolveum.midpoint.model.api.authentication.NodeAuthenticationEvaluator;
import com.evolveum.midpoint.model.common.SystemObjectCache;
import com.evolveum.midpoint.model.impl.util.RestServiceUtil;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.SystemConfigurationTypeUtil;
import com.evolveum.midpoint.security.api.HttpConnectionInformation;
import com.evolveum.midpoint.security.api.RestAuthenticationMethod;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ContainerResponseContext;
import javax.ws.rs.container.ContainerResponseFilter;
import org.apache.commons.lang.StringUtils;
import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.jaxrs.utils.JAXRSUtils;
import org.apache.cxf.message.Message;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/evolveum/midpoint/model/impl/security/MidpointRestAuthenticationHandler.class */
public class MidpointRestAuthenticationHandler implements ContainerRequestFilter, ContainerResponseFilter {
    private static final Trace LOGGER = TraceManager.getTrace(MidpointRestAuthenticationHandler.class);

    @Autowired
    private MidpointRestPasswordAuthenticator passwordAuthenticator;

    @Autowired
    private MidpointRestSecurityQuestionsAuthenticator securityQuestionAuthenticator;

    @Autowired
    private NodeAuthenticationEvaluator nodeAuthenticator;

    @Autowired
    private TaskManager taskManager;

    @Autowired
    private SystemObjectCache systemObjectCache;

    public void filter(ContainerRequestContext containerRequestContext, ContainerResponseContext containerResponseContext) {
    }

    public void filter(ContainerRequestContext containerRequestContext) {
        boolean z = false;
        try {
            z = SystemConfigurationTypeUtil.isExperimentalCodeEnabled(this.systemObjectCache.getSystemConfiguration(new OperationResult("Load System Config")).asObjectable());
        } catch (SchemaException e) {
            LOGGER.error("Couldn't load system configuration", e);
        }
        if (z) {
            return;
        }
        Message currentMessage = JAXRSUtils.getCurrentMessage();
        AuthorizationPolicy authorizationPolicy = (AuthorizationPolicy) currentMessage.get(AuthorizationPolicy.class);
        if (authorizationPolicy != null) {
            this.passwordAuthenticator.handleRequest(authorizationPolicy, currentMessage, containerRequestContext);
            return;
        }
        String headerString = containerRequestContext.getHeaderString("Authorization");
        if (StringUtils.isBlank(headerString)) {
            RestServiceUtil.createAbortMessage(containerRequestContext);
            return;
        }
        String[] split = headerString.split(" ");
        String str = split[0];
        if (split.length == 1 && RestAuthenticationMethod.SECURITY_QUESTIONS.getMethod().equals(str)) {
            RestServiceUtil.createSecurityQuestionAbortMessage(containerRequestContext, "{\"user\" : \"username\"}");
            return;
        }
        if (split.length != 2) {
            RestServiceUtil.createAbortMessage(containerRequestContext);
            return;
        }
        String str2 = split[1];
        if (RestAuthenticationMethod.SECURITY_QUESTIONS.getMethod().equals(str)) {
            try {
                String str3 = new String(Base64Utility.decode(str2));
                AuthorizationPolicy authorizationPolicy2 = new AuthorizationPolicy();
                authorizationPolicy2.setAuthorizationType(RestAuthenticationMethod.SECURITY_QUESTIONS.getMethod());
                authorizationPolicy2.setAuthorization(str3);
                this.securityQuestionAuthenticator.handleRequest(authorizationPolicy2, currentMessage, containerRequestContext);
                return;
            } catch (Base64Exception e2) {
                RestServiceUtil.createSecurityQuestionAbortMessage(containerRequestContext, "{\"user\" : \"username\"}");
                return;
            }
        }
        if (RestAuthenticationMethod.CLUSTER.getMethod().equals(str)) {
            HttpConnectionInformation currentConnectionInformation = SecurityUtil.getCurrentConnectionInformation();
            try {
                if (this.nodeAuthenticator.authenticate((String) null, currentConnectionInformation != null ? currentConnectionInformation.getRemoteHostAddress() : null, new String(Base64Utility.decode(str2)), "?")) {
                    currentMessage.put(RestServiceUtil.MESSAGE_PROPERTY_TASK_NAME, this.taskManager.createTaskInstance());
                } else {
                    RestServiceUtil.createAbortMessage(containerRequestContext);
                }
            } catch (Base64Exception e3) {
                LoggingUtils.logUnexpectedException(LOGGER, "Couldn't decode base64-encoded credentials", e3, new Object[0]);
                RestServiceUtil.createAbortMessage(containerRequestContext);
            }
        }
    }
}
