package com.gentics.portalnode.ws;

import com.gentics.api.lib.etc.ObjectTransformer;
import com.gentics.lib.etc.StringUtils;
import com.gentics.lib.log.NodeLogger;
import com.gentics.lib.util.FileWatchDog;
import com.gentics.portalnode.auth.AbstractAuthenticationManager;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.axis.encoding.Base64;
import org.apache.xalan.templates.Constants;

/* loaded from: input_file:WEB-INF/lib/portalnode-lib-4.6.1.jar:com/gentics/portalnode/ws/WebServiceAuthenticationFilter.class */
public class WebServiceAuthenticationFilter implements Filter {
    private FileWatchDog configurationFileWatcher;
    private FileWatchDog usersPropertiesWatcher;
    private boolean useDefaultConfiguration = false;
    private static final String CONFIGURATION_PATH = "${com.gentics.portalnode.confpath}/webservices/configuration.properties";
    private static final String USERS_PROPERTIES_PATH = "${com.gentics.portalnode.confpath}/users.properties";
    private static final Properties DEFAULT_USERS_PROPERTIES = new Properties();
    private static final Pattern BASIC_AUTH_PATTERN = Pattern.compile("Basic ([a-zA-Z0-9+/=]+)", 2);
    private static final Properties DEFAULT_PROPERTIES = new Properties();

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    protected void setupConfigurationFile() {
        if (this.configurationFileWatcher == null && !this.useDefaultConfiguration) {
            File file = new File(StringUtils.resolveSystemProperties(CONFIGURATION_PATH));
            if (file.exists()) {
                this.configurationFileWatcher = new FileWatchDog(file, -1);
            } else {
                try {
                    file.getParentFile().mkdir();
                    file.createNewFile();
                    DEFAULT_PROPERTIES.store(new FileOutputStream(file), "default settings for Gentics Portal.Node webservices");
                    this.configurationFileWatcher = new FileWatchDog(file, -1);
                } catch (IOException e) {
                    NodeLogger.getNodeLogger(getClass()).error("Error while creating file {" + file.getAbsolutePath() + "}. Using default configuration (no access).", e);
                    this.useDefaultConfiguration = true;
                }
            }
        }
        if (this.usersPropertiesWatcher == null) {
            this.usersPropertiesWatcher = new FileWatchDog(new File(StringUtils.resolveSystemProperties(USERS_PROPERTIES_PATH)));
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!(servletRequest instanceof HttpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        setupConfigurationFile();
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        Properties properties = DEFAULT_PROPERTIES;
        if (!this.useDefaultConfiguration) {
            try {
                properties = this.configurationFileWatcher.getFileAsProperties();
            } catch (Exception e) {
                NodeLogger.getNodeLogger(getClass()).error("Error while reading configuration from file " + this.configurationFileWatcher.getWatchedFile().getAbsolutePath() + ". Falling back to default configuration (no access allowed).", e);
            }
        }
        Properties fileAsProperties = this.usersPropertiesWatcher.getFileAsProperties(DEFAULT_USERS_PROPERTIES);
        String property = properties.getProperty("authenticationType", "BASIC");
        if (!"BASIC".equalsIgnoreCase(property)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        Map userCredentials = getUserCredentials(property, httpServletRequest);
        String webServiceName = getWebServiceName(httpServletRequest);
        if (!isProtected(webServiceName, properties) || (authenticateUser(userCredentials, fileAsProperties) && checkAccessPermission(properties, fileAsProperties, webServiceName, ObjectTransformer.getString(userCredentials.get(AbstractAuthenticationManager.LOGIN_ATTRIBUTE), "")))) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else if (!ObjectTransformer.isEmpty(userCredentials.get(AbstractAuthenticationManager.LOGIN_ATTRIBUTE))) {
            httpServletResponse.setStatus(403);
        } else {
            httpServletResponse.setStatus(401);
            httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"Gentics Portal.Node WebServices\"");
        }
    }

    public void destroy() {
    }

    protected static final Map getUserCredentials(String str, HttpServletRequest httpServletRequest) {
        String str2;
        HashMap hashMap = new HashMap();
        if ("BASIC".equalsIgnoreCase(str)) {
            String header = httpServletRequest.getHeader("Authorization");
            if (StringUtils.isEmpty(header)) {
                return hashMap;
            }
            Matcher matcher = BASIC_AUTH_PATTERN.matcher(header);
            if (matcher.matches()) {
                String str3 = new String(Base64.decode(matcher.group(1)));
                int indexOf = str3.indexOf(58);
                String str4 = null;
                if (indexOf != -1) {
                    str2 = str3.substring(0, indexOf);
                    str4 = str3.substring(indexOf + 1);
                } else {
                    str2 = str3;
                }
                hashMap.put(AbstractAuthenticationManager.LOGIN_ATTRIBUTE, str2);
                hashMap.put("password", str4);
            }
        }
        return hashMap;
    }

    protected static final boolean authenticateUser(Map map, Properties properties) {
        String string = ObjectTransformer.getString(map.get(AbstractAuthenticationManager.LOGIN_ATTRIBUTE), null);
        return !StringUtils.isEmpty(string) && StringUtils.isEqual(ObjectTransformer.getString(map.get("password"), null), properties.getProperty(new StringBuilder().append("user.").append(string).append(".password").toString()));
    }

    protected static final String[] getUserRoles(String str, Properties properties) {
        return StringUtils.isEmpty(str) ? new String[0] : splitString(ObjectTransformer.getString(properties.getProperty("user." + str + ".role"), ""));
    }

    protected static final String getWebServiceName(HttpServletRequest httpServletRequest) {
        String pathInfo = httpServletRequest.getPathInfo();
        if (pathInfo == null) {
            pathInfo = "/";
        }
        if (!pathInfo.startsWith("/")) {
            pathInfo = "/" + pathInfo;
        }
        if (pathInfo.endsWith("/")) {
            pathInfo = pathInfo.substring(0, pathInfo.length() - 1);
        }
        return "webservice" + pathInfo.replaceAll("/", Constants.ATTRVAL_THIS);
    }

    protected static final boolean isProtected(String str, Properties properties) {
        return ObjectTransformer.getBoolean(properties.getProperty(str + ".protected"), ObjectTransformer.getBoolean((Object) properties.getProperty("defaultProtected"), true));
    }

    protected static final boolean checkAccessPermission(Properties properties, Properties properties2, String str, String str2) {
        for (String str3 : splitString(properties.getProperty(str + ".users", ""))) {
            if (str3.equals(str2)) {
                return true;
            }
        }
        String[] userRoles = getUserRoles(str2, properties2);
        String[] splitString = splitString(properties.getProperty(str + ".role", ""));
        if (splitString.length == 0) {
            return false;
        }
        for (String str4 : userRoles) {
            for (String str5 : splitString) {
                if (str4.equals(str5)) {
                    return true;
                }
            }
        }
        return false;
    }

    protected static final String[] splitString(String str) {
        return StringUtils.isEmpty(str) ? new String[0] : str.split("\\s*,\\s*");
    }

    static {
        DEFAULT_PROPERTIES.setProperty("defaultProtected", "true");
    }
}
