package io.muserver.rest;

import io.muserver.Mutils;
import java.io.IOException;
import java.security.Principal;
import java.util.Base64;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;

/* loaded from: input_file:io/muserver/rest/BasicAuthSecurityFilter.class */
public class BasicAuthSecurityFilter implements ContainerRequestFilter {
    private Response.ResponseBuilder authResponse;
    private final UserPassAuthenticator authenticator;
    private final Authorizer authorizer;

    public BasicAuthSecurityFilter(String str, UserPassAuthenticator userPassAuthenticator, Authorizer authorizer) {
        Mutils.notNull("authenticator", userPassAuthenticator);
        Mutils.notNull("authorizer", authorizer);
        Mutils.notNull("authRealm", str);
        if (str.contains("\"")) {
            throw new IllegalArgumentException("authRealm cannot contain a double quote");
        }
        this.authenticator = userPassAuthenticator;
        this.authorizer = authorizer;
        this.authResponse = Response.status(401).entity("401 Unauthorized").type(MediaType.TEXT_PLAIN_TYPE).header("WWW-Authenticate", "Basic realm=\"" + str + "\"");
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        MuSecurityContext muSecurityContext;
        String headerString = containerRequestContext.getHeaderString("Authorization");
        if (headerString == null || !headerString.startsWith("Basic ")) {
            containerRequestContext.abortWith(this.authResponse.build());
            return;
        }
        String[] split = new String(Base64.getDecoder().decode(headerString.substring("Basic ".length())), "UTF-8").split(":", 2);
        if (split.length != 2) {
            containerRequestContext.abortWith(Response.status(400).entity("An invalid Authorization header was used").build());
            return;
        }
        Principal authenticate = this.authenticator.authenticate(split[0], split[1]);
        boolean equalsIgnoreCase = "https".equalsIgnoreCase(containerRequestContext.getUriInfo().getRequestUri().getScheme());
        if (authenticate == null) {
            muSecurityContext = equalsIgnoreCase ? MuSecurityContext.notLoggedInHttpsContext : MuSecurityContext.notLoggedInHttpContext;
        } else {
            muSecurityContext = new MuSecurityContext(authenticate, this.authorizer, equalsIgnoreCase, "BASIC");
        }
        containerRequestContext.setSecurityContext(muSecurityContext);
    }

    static {
        MuRuntimeDelegate.ensureSet();
    }
}
