package org.mule.extension.http.api.listener;

import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.mule.extension.http.api.HttpRequestAttributes;
import org.mule.extension.http.api.HttpResponseAttributes;
import org.mule.runtime.api.i18n.I18nMessageFactory;
import org.mule.runtime.api.lifecycle.InitialisationException;
import org.mule.runtime.api.message.Message;
import org.mule.runtime.api.util.Preconditions;
import org.mule.runtime.core.api.Event;
import org.mule.runtime.core.api.message.InternalMessage;
import org.mule.runtime.core.api.security.Authentication;
import org.mule.runtime.core.api.security.CryptoFailureException;
import org.mule.runtime.core.api.security.EncryptionStrategyNotFoundException;
import org.mule.runtime.core.api.security.SecurityContext;
import org.mule.runtime.core.api.security.SecurityException;
import org.mule.runtime.core.api.security.SecurityFilter;
import org.mule.runtime.core.api.security.SecurityProviderNotFoundException;
import org.mule.runtime.core.api.security.UnauthorisedException;
import org.mule.runtime.core.api.security.UnknownAuthenticationTypeException;
import org.mule.runtime.core.api.security.UnsupportedAuthenticationSchemeException;
import org.mule.runtime.core.config.i18n.CoreMessages;
import org.mule.runtime.core.model.ParameterMap;
import org.mule.runtime.core.security.AbstractAuthenticationFilter;
import org.mule.runtime.core.security.DefaultMuleAuthentication;
import org.mule.runtime.core.security.MuleCredentials;
import org.mule.runtime.module.http.api.HttpConstants;
import org.mule.runtime.module.http.internal.filter.BasicUnauthorisedException;

/* loaded from: input_file:org/mule/extension/http/api/listener/HttpBasicAuthenticationFilter.class */
public class HttpBasicAuthenticationFilter extends AbstractAuthenticationFilter {
    protected static final Log logger = LogFactory.getLog(HttpBasicAuthenticationFilter.class);
    private String realm;
    private boolean realmRequired = true;

    protected void doInitialise() throws InitialisationException {
        if (this.realm == null) {
            if (isRealmRequired()) {
                throw new InitialisationException(I18nMessageFactory.createStaticMessage("The realm must be set on this security filter"), this);
            }
            logger.warn("There is no security realm set, using default: null");
        }
    }

    public String getRealm() {
        return this.realm;
    }

    public void setRealm(String str) {
        this.realm = str;
    }

    public boolean isRealmRequired() {
        return this.realmRequired;
    }

    public void setRealmRequired(boolean z) {
        this.realmRequired = z;
    }

    protected Authentication createAuthentication(String str, String str2, Event event) {
        return new DefaultMuleAuthentication(new MuleCredentials(str, str2.toCharArray()), event);
    }

    protected Event setUnauthenticated(Event event, InternalMessage internalMessage) {
        return Event.builder(event).message(internalMessage).build();
    }

    private Message createUnauthenticatedMessage(Message message) {
        String str;
        str = "Basic realm=";
        str = this.realm != null ? str + "\"" + this.realm + "\"" : "Basic realm=";
        ParameterMap parameterMap = new ParameterMap();
        parameterMap.put("WWW-Authenticate", str);
        return Message.builder(message).nullPayload().attributes(new HttpResponseAttributes(HttpConstants.HttpStatus.UNAUTHORIZED.getStatusCode(), HttpConstants.HttpStatus.UNAUTHORIZED.getReasonPhrase(), parameterMap)).build();
    }

    public Event authenticate(Event event) throws SecurityException, UnknownAuthenticationTypeException, CryptoFailureException, SecurityProviderNotFoundException, EncryptionStrategyNotFoundException, InitialisationException {
        Preconditions.checkArgument(event.getMessage().getAttributes() instanceof HttpRequestAttributes, "Message attributes must be HttpRequestAttributes.");
        String str = event.getMessage().getAttributes().getHeaders().get("Authorization".toLowerCase());
        if (logger.isDebugEnabled()) {
            logger.debug("Authorization header: " + str);
        }
        if (str == null || !str.startsWith("Basic ")) {
            if (str != null) {
                throw new UnsupportedAuthenticationSchemeException(I18nMessageFactory.createStaticMessage("Http Basic filter doesn't know how to handle header " + str), createUnauthenticatedMessage(event.getMessage()));
            }
            Event unauthenticated = setUnauthenticated(event, (InternalMessage) createUnauthenticatedMessage(event.getMessage()));
            throw new BasicUnauthorisedException(unauthenticated, unauthenticated.getSession().getSecurityContext(), (SecurityFilter) this);
        }
        String str2 = new String(Base64.decodeBase64(str.substring(6).getBytes()));
        String str3 = "";
        String str4 = "";
        int indexOf = str2.indexOf(":");
        if (indexOf != -1) {
            str3 = str2.substring(0, indexOf);
            str4 = str2.substring(indexOf + 1);
        }
        try {
            Authentication authenticate = getSecurityManager().authenticate(createAuthentication(str3, str4, event));
            if (logger.isDebugEnabled()) {
                logger.debug("Authentication success: " + authenticate.toString());
            }
            SecurityContext createSecurityContext = getSecurityManager().createSecurityContext(authenticate);
            createSecurityContext.setAuthentication(authenticate);
            event.getSession().setSecurityContext(createSecurityContext);
            return event;
        } catch (UnauthorisedException e) {
            if (logger.isDebugEnabled()) {
                logger.debug("Authentication request for user: " + str3 + " failed: " + e.toString());
            }
            throw new BasicUnauthorisedException(CoreMessages.authFailedForUser(str3), (Throwable) e, createUnauthenticatedMessage(event.getMessage()));
        }
    }
}
