package org.opentripplanner.standalone;

import com.google.common.collect.Maps;
import com.google.common.io.BaseEncoding;
import java.security.Principal;
import java.util.Map;
import javax.annotation.Priority;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;

@Priority(1000)
/* loaded from: input_file:org/opentripplanner/standalone/AuthFilter.class */
public class AuthFilter implements ContainerRequestFilter {
    private final Map<String, String> passwords = Maps.newHashMap();

    public AuthFilter() {
        this.passwords.put("ROUTERS", "ultra_secret");
    }

    private static void unauthenticated(String str) {
        throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic realm=\"OpenTripPlanner\"").entity(String.format("Incorrect password for OpenTripPlanner user '%s'", str)).build());
    }

    private static void unencrypted() {
        throw new WebApplicationException(Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic realm=\"OpenTripPlanner\"").entity("OpenTripPlanner refuses to do basic auth without transport layer security (HTTPS).").build());
    }

    public void filter(ContainerRequestContext containerRequestContext) throws WebApplicationException {
        String headerString = containerRequestContext.getHeaderString("Authorization");
        if (headerString != null) {
            if (headerString.startsWith("Basic ") || headerString.startsWith("basic ")) {
                if (!containerRequestContext.getSecurityContext().isSecure()) {
                    unencrypted();
                }
                String[] split = new String(BaseEncoding.base64().decode(headerString.replaceFirst("[Bb]asic ", ""))).split(":", 2);
                if (split.length != 2) {
                    return;
                }
                String str = split[0];
                if (split[1].equals(this.passwords.get(str))) {
                    containerRequestContext.setSecurityContext(makeSecurityContext(str, str));
                } else {
                    unauthenticated(str);
                }
            }
        }
    }

    public static SecurityContext makeSecurityContext(final String str, final String... strArr) {
        return new SecurityContext() { // from class: org.opentripplanner.standalone.AuthFilter.1
            public Principal getUserPrincipal() {
                return new Principal() { // from class: org.opentripplanner.standalone.AuthFilter.1.1
                    @Override // java.security.Principal
                    public String getName() {
                        return str;
                    }
                };
            }

            public boolean isUserInRole(String str2) {
                for (String str3 : strArr) {
                    if (str3.equals(str2)) {
                        return true;
                    }
                }
                return false;
            }

            public String getAuthenticationScheme() {
                return "BASIC";
            }

            public boolean isSecure() {
                return true;
            }
        };
    }
}
