package org.artifactory.webapp.servlet.authentication;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.artifactory.api.security.AuthorizationService;
import org.artifactory.api.security.SecurityService;
import org.artifactory.webapp.servlet.RequestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

/* loaded from: input_file:org/artifactory/webapp/servlet/authentication/ArtifactoryBasicAuthenticationFilter.class */
public class ArtifactoryBasicAuthenticationFilter implements ArtifactoryAuthenticationFilter {
    private static final Logger log = LoggerFactory.getLogger(ArtifactoryBasicAuthenticationFilter.class);
    private BasicAuthenticationFilter springBasicAuthenticationFilter;

    @Autowired
    SecurityService securityService;

    @Autowired
    private AuthorizationService authService;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.springBasicAuthenticationFilter = (BasicAuthenticationFilter) RequestUtils.getArtifactoryContext(filterConfig.getServletContext()).beanForType(BasicAuthenticationFilter.class);
        this.springBasicAuthenticationFilter.init(filterConfig);
    }

    @Override // org.artifactory.webapp.servlet.authentication.ArtifactoryAuthenticationFilter
    public boolean requiresReAuthentication(ServletRequest servletRequest, Authentication authentication) {
        if (acceptFilter(servletRequest)) {
            return !RequestUtils.extractUsernameFromRequest(servletRequest).equalsIgnoreCase(authentication.getPrincipal().toString());
        }
        return false;
    }

    @Override // org.artifactory.webapp.servlet.authentication.ArtifactoryAuthenticationFilter
    public boolean acceptFilter(ServletRequest servletRequest) {
        if ((StringUtils.isNotBlank(AuthenticationFilterUtils.getRemoteUserName(this.securityService, (HttpServletRequest) servletRequest)) || RequestUtils.pkgEndpointMatchBasicAuth((HttpServletRequest) servletRequest) || !RequestUtils.isBasicAuthHeaderPresent((HttpServletRequest) servletRequest)) ? false : true) {
            return this.authService.isAnonAccessEnabled() || !"anonymous".equals(RequestUtils.extractUsernameFromRequest(servletRequest));
        }
        return false;
    }

    @Override // org.artifactory.webapp.servlet.authentication.ArtifactoryAuthenticationFilter
    public String getCacheKey(ServletRequest servletRequest) {
        return ((HttpServletRequest) servletRequest).getHeader("Authorization");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        this.springBasicAuthenticationFilter.doFilter(servletRequest, servletResponse, filterChain);
    }

    public void destroy() {
        this.springBasicAuthenticationFilter.destroy();
    }

    @Override // org.artifactory.webapp.servlet.authentication.ArtifactoryAuthenticationFilter
    public String getLoginIdentifier(ServletRequest servletRequest) throws BadCredentialsException {
        String header = ((HttpServletRequest) servletRequest).getHeader("Authorization");
        if (header == null || !header.startsWith("Basic ")) {
            return null;
        }
        return extractAndDecodeUser(header);
    }

    private String extractAndDecodeUser(String str) throws BadCredentialsException {
        try {
            try {
                String str2 = new String(Base64.decode(str.substring(6).getBytes("UTF-8")), "UTF-8");
                int indexOf = str2.indexOf(":");
                if (indexOf == -1) {
                    throw new BadCredentialsException("Invalid basic authentication token");
                }
                return str2.substring(0, indexOf);
            } catch (IllegalArgumentException e) {
                throw new BadCredentialsException("Failed to decode basic authentication token");
            }
        } catch (UnsupportedEncodingException e2) {
            log.debug("Cause: {}", e2);
            return "";
        }
    }
}
