package io.gravitee.policy.basicauth;

import io.gravitee.gateway.api.ExecutionContext;
import io.gravitee.gateway.api.Request;
import io.gravitee.gateway.api.Response;
import io.gravitee.gateway.api.handler.Handler;
import io.gravitee.policy.api.PolicyChain;
import io.gravitee.policy.api.PolicyResult;
import io.gravitee.policy.api.annotations.OnRequest;
import io.gravitee.policy.basicauth.configuration.BasicAuthenticationPolicyConfiguration;
import io.gravitee.resource.api.ResourceManager;
import io.gravitee.resource.authprovider.api.Authentication;
import io.gravitee.resource.authprovider.api.AuthenticationProviderResource;
import java.util.Base64;
import java.util.Iterator;
import java.util.Map;

/* loaded from: input_file:io/gravitee/policy/basicauth/BasicAuthenticationPolicy.class */
public class BasicAuthenticationPolicy {
    private final BasicAuthenticationPolicyConfiguration basicAuthenticationPolicyConfiguration;
    private static final String BASIC_AUTHENTICATION_VALUE = "BASIC ";
    static final String DEFAULT_REALM_NAME = "gravitee.io";

    public BasicAuthenticationPolicy(BasicAuthenticationPolicyConfiguration basicAuthenticationPolicyConfiguration) {
        this.basicAuthenticationPolicyConfiguration = basicAuthenticationPolicyConfiguration;
    }

    @OnRequest
    public void onRequest(Request request, Response response, ExecutionContext executionContext, PolicyChain policyChain) {
        String str;
        String first = request.headers().getFirst("Authorization");
        if (first == null || first.trim().isEmpty()) {
            sendAuthenticationFailure(response, policyChain);
            return;
        }
        if (!first.toUpperCase().startsWith(BASIC_AUTHENTICATION_VALUE)) {
            sendAuthenticationFailure(response, policyChain);
            return;
        }
        if (this.basicAuthenticationPolicyConfiguration.getAuthenticationProviders() == null || this.basicAuthenticationPolicyConfiguration.getAuthenticationProviders().isEmpty()) {
            sendAuthenticationFailure(response, policyChain, "No authentication provider has been provided");
            return;
        }
        String str2 = new String(Base64.getDecoder().decode(first.substring(6)));
        String str3 = null;
        int indexOf = str2.indexOf(58);
        if (indexOf > 0) {
            str = str2.substring(0, indexOf);
            str3 = str2.substring(indexOf + 1);
        } else {
            str = str2;
        }
        doAuthenticate(str, str3, this.basicAuthenticationPolicyConfiguration.getAuthenticationProviders().iterator(), executionContext, str4 -> {
            if (str4 == null) {
                sendAuthenticationFailure(response, policyChain);
            } else {
                request.metrics().setUser(str4);
                policyChain.doNext(request, response);
            }
        });
    }

    private void doAuthenticate(final String str, final String str2, final Iterator<String> it, final ExecutionContext executionContext, final Handler<String> handler) {
        if (it.hasNext()) {
            ((AuthenticationProviderResource) ((ResourceManager) executionContext.getComponent(ResourceManager.class)).getResource(it.next(), AuthenticationProviderResource.class)).authenticate(str, str2, executionContext, new Handler<Authentication>() { // from class: io.gravitee.policy.basicauth.BasicAuthenticationPolicy.1
                public void handle(Authentication authentication) {
                    if (authentication == null) {
                        BasicAuthenticationPolicy.this.doAuthenticate(str, str2, it, executionContext, handler);
                        return;
                    }
                    executionContext.setAttribute("gravitee.attribute.user", authentication.getUsername());
                    if (authentication.getAttributes() != null) {
                        Map attributes = authentication.getAttributes();
                        ExecutionContext executionContext2 = executionContext;
                        attributes.forEach((str3, obj) -> {
                            executionContext2.setAttribute("gravitee.attribute.user." + str3, obj);
                        });
                    }
                    handler.handle(authentication.getUsername());
                }
            });
        } else {
            handler.handle((Object) null);
        }
    }

    private void sendAuthenticationFailure(Response response, PolicyChain policyChain) {
        sendAuthenticationFailure(response, policyChain, "Unauthorized");
    }

    private void sendAuthenticationFailure(Response response, PolicyChain policyChain, String str) {
        String realm = this.basicAuthenticationPolicyConfiguration.getRealm();
        if (realm == null || realm.trim().isEmpty()) {
            realm = DEFAULT_REALM_NAME;
        }
        response.headers().set("WWW-Authenticate", "Basic realm=\"" + realm + "\"");
        policyChain.failWith(PolicyResult.failure(401, str));
    }
}
