package org.traccar.api;

import java.nio.charset.StandardCharsets;
import java.sql.SQLException;
import javax.annotation.security.PermitAll;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.traccar.Main;
import org.traccar.api.resource.SessionResource;
import org.traccar.database.StatisticsManager;
import org.traccar.helper.DataConverter;
import org.traccar.model.User;

/* loaded from: input_file:org/traccar/api/SecurityRequestFilter.class */
public class SecurityRequestFilter implements ContainerRequestFilter {
    private static final Logger LOGGER = LoggerFactory.getLogger(SecurityRequestFilter.class);
    public static final String AUTHORIZATION_HEADER = "Authorization";
    public static final String WWW_AUTHENTICATE = "WWW-Authenticate";
    public static final String BASIC_REALM = "Basic realm=\"api\"";
    public static final String X_REQUESTED_WITH = "X-Requested-With";
    public static final String XML_HTTP_REQUEST = "XMLHttpRequest";

    @Context
    private HttpServletRequest request;

    @Context
    private ResourceInfo resourceInfo;

    public static String[] decodeBasicAuth(String str) {
        byte[] parseBase64 = DataConverter.parseBase64(str.replaceFirst("[B|b]asic ", ""));
        if (parseBase64 == null || parseBase64.length <= 0) {
            return null;
        }
        return new String(parseBase64, StandardCharsets.US_ASCII).split(":", 2);
    }

    public void filter(ContainerRequestContext containerRequestContext) {
        Long l;
        if (containerRequestContext.getMethod().equals("OPTIONS")) {
            return;
        }
        UserSecurityContext userSecurityContext = null;
        try {
            String headerString = containerRequestContext.getHeaderString(AUTHORIZATION_HEADER);
            if (headerString != null) {
                try {
                    String[] decodeBasicAuth = decodeBasicAuth(headerString);
                    User login = org.traccar.Context.getPermissionsManager().login(decodeBasicAuth[0], decodeBasicAuth[1]);
                    if (login != null) {
                        ((StatisticsManager) Main.getInjector().getInstance(StatisticsManager.class)).registerRequest(login.getId());
                        userSecurityContext = new UserSecurityContext(new UserPrincipal(login.getId()));
                    }
                } catch (SQLException e) {
                    throw new WebApplicationException(e);
                }
            } else if (this.request.getSession() != null && (l = (Long) this.request.getSession().getAttribute(SessionResource.USER_ID_KEY)) != null) {
                org.traccar.Context.getPermissionsManager().checkUserEnabled(l.longValue());
                ((StatisticsManager) Main.getInjector().getInstance(StatisticsManager.class)).registerRequest(l.longValue());
                userSecurityContext = new UserSecurityContext(new UserPrincipal(l.longValue()));
            }
        } catch (SecurityException e2) {
            LOGGER.warn("Authentication error", e2);
        }
        if (userSecurityContext != null) {
            containerRequestContext.setSecurityContext(userSecurityContext);
        } else {
            if (this.resourceInfo.getResourceMethod().isAnnotationPresent(PermitAll.class)) {
                return;
            }
            Response.ResponseBuilder status = Response.status(Response.Status.UNAUTHORIZED);
            if (!XML_HTTP_REQUEST.equals(this.request.getHeader(X_REQUESTED_WITH))) {
                status.header(WWW_AUTHENTICATE, BASIC_REALM);
            }
            throw new WebApplicationException(status.build());
        }
    }
}
