package fr.in2p3.cc.storage.treqs2.service.filter;

import fr.in2p3.cc.storage.treqs2.core.TreqsProperties;
import fr.in2p3.cc.storage.treqs2.service.JAAS.HTTPBasicCallbackHandler;
import java.io.IOException;
import java.security.Principal;
import javax.annotation.Priority;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;

@Priority(1000)
/* loaded from: input_file:fr/in2p3/cc/storage/treqs2/service/filter/AuthFilter.class */
public class AuthFilter implements ContainerRequestFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(AuthFilter.class);

    /* loaded from: input_file:fr/in2p3/cc/storage/treqs2/service/filter/AuthFilter$DefaultSecurityContext.class */
    private class DefaultSecurityContext implements SecurityContext {
        private SecurityContext m_initialContext;
        private Principal m_authenticatedUser;

        public DefaultSecurityContext(SecurityContext securityContext, Principal principal) {
            this.m_authenticatedUser = principal;
            this.m_initialContext = securityContext;
        }

        public Principal getUserPrincipal() {
            return this.m_authenticatedUser;
        }

        public boolean isUserInRole(String str) {
            return this.m_initialContext.isUserInRole(str);
        }

        public boolean isSecure() {
            return this.m_initialContext.isSecure();
        }

        public String getAuthenticationScheme() {
            return this.m_initialContext.getAuthenticationScheme();
        }
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        String method = containerRequestContext.getMethod();
        String path = containerRequestContext.getUriInfo().getPath(true);
        if (method.equals("GET") && "application.wadl".equals(path)) {
            return;
        }
        if (method.equals("GET") && "info/ping".equals(path)) {
            return;
        }
        String headerString = containerRequestContext.getHeaderString("Authorization");
        LOGGER.debug("Trying to authenticate: " + headerString);
        try {
            try {
                LoginContext loginContext = new LoginContext(TreqsProperties.getProperties().getProperty("treqs.jaas.configuration.entry.name", "treqs2"), new HTTPBasicCallbackHandler(headerString));
                loginContext.login();
                Principal next = loginContext.getSubject().getPrincipals().iterator().next();
                containerRequestContext.setSecurityContext(new DefaultSecurityContext(containerRequestContext.getSecurityContext(), next));
                LOGGER.debug(headerString + "was authenticated as " + next.getName());
                MDC.remove("id");
            } catch (Exception e) {
                MDC.put("id", headerString);
                LOGGER.error("Authentication error: " + e.getMessage());
                throw new IOException(e);
            } catch (FailedLoginException e2) {
                MDC.put("id", headerString);
                LOGGER.info("Authentication failed: " + e2.getMessage());
                throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic realm=\"TReqS\"").header("WWW-Authenticate", "Negotiate").build());
            }
        } catch (Throwable th) {
            MDC.remove("id");
            throw th;
        }
    }
}
