package org.geoserver.geofence.login.cxf;

import java.io.IOException;
import java.io.OutputStream;
import java.util.Arrays;
import java.util.Map;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.interceptor.AbstractInDatabindingInterceptor;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Exchange;
import org.apache.cxf.message.Message;
import org.apache.log4j.LogManager;
import org.apache.log4j.Logger;
import org.geoserver.geofence.api.AuthProvider;
import org.geoserver.geofence.api.dto.Authority;
import org.geoserver.geofence.api.dto.GrantedAuths;
import org.geoserver.geofence.login.util.GrantAll;

/* loaded from: input_file:org/geoserver/geofence/login/cxf/BasicAuthInterceptor.class */
public class BasicAuthInterceptor extends AbstractInDatabindingInterceptor {
    protected Logger LOGGER;
    private AuthProvider authProvider;
    private String realm;

    public BasicAuthInterceptor() {
        super("unmarshal");
        this.LOGGER = LogManager.getLogger(getClass());
        this.authProvider = new GrantAll();
        this.realm = "Geofence";
    }

    public void handleMessage(Message message) throws Fault {
        AuthorizationPolicy authorizationPolicy = (AuthorizationPolicy) message.get(AuthorizationPolicy.class);
        if (authorizationPolicy == null) {
            sendErrorResponse(message, 401);
            return;
        }
        try {
            GrantedAuths login = this.authProvider.login(authorizationPolicy.getUserName(), authorizationPolicy.getPassword(), "");
            if (login.getAuthorities().contains(Authority.REMOTE)) {
                message.put("grantedAuths", login);
            } else {
                sendErrorResponse(message, 403);
            }
        } catch (Exception e) {
            this.LOGGER.warn("Login failed:" + e.getMessage());
            sendErrorResponse(message, 403);
        }
    }

    private void sendErrorResponse(Message message, int i) {
        Message outMessage = getOutMessage(message);
        outMessage.put(Message.RESPONSE_CODE, Integer.valueOf(i));
        Map map = (Map) message.get(Message.PROTOCOL_HEADERS);
        if (map != null) {
            map.put("WWW-Authenticate", Arrays.asList("Basic realm=\"" + this.realm + "\""));
            map.put("Content-Length", Arrays.asList("0"));
        }
        message.getInterceptorChain().abort();
        try {
            message.getExchange().getConduit(message).prepare(outMessage);
            ((OutputStream) outMessage.getContent(OutputStream.class)).write(("Error " + i + ": ").getBytes());
            this.LOGGER.info("Sending error " + i);
            close(outMessage);
        } catch (IOException e) {
            this.LOGGER.warn(e.getMessage(), e);
        }
    }

    private Message getOutMessage(Message message) {
        Exchange exchange = message.getExchange();
        Message outMessage = exchange.getOutMessage();
        if (outMessage == null) {
            outMessage = ((Endpoint) exchange.get(Endpoint.class)).getBinding().createMessage();
            exchange.setOutMessage(outMessage);
        }
        outMessage.putAll(message);
        return outMessage;
    }

    private void close(Message message) throws IOException {
        OutputStream outputStream = (OutputStream) message.getContent(OutputStream.class);
        outputStream.flush();
        outputStream.close();
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    public void setAuthProvider(AuthProvider authProvider) {
        this.authProvider = authProvider;
    }
}
