package net.openesb.rest.api.resources;

import java.util.HashMap;
import javax.inject.Inject;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.xml.bind.DatatypeConverter;
import net.openesb.rest.api.annotation.RequiresAuthentication;
import net.openesb.rest.api.security.Session;
import net.openesb.rest.api.security.SessionManager;
import net.openesb.security.AuthenticationException;
import net.openesb.security.SecurityProvider;
import net.openesb.security.UsernamePasswordToken;

@Path("authentication")
/* loaded from: input_file:net/openesb/rest/api/resources/AuthenticationResource.class */
public class AuthenticationResource extends AbstractResource {

    @Inject
    private SecurityProvider securityProvider;

    @Inject
    private SessionManager sessionManager;

    @POST
    @Path("_login")
    public Response login(@Context ContainerRequestContext containerRequestContext) {
        String authorizationHeader = getAuthorizationHeader(containerRequestContext);
        if (authorizationHeader == null) {
            return Response.status(Response.Status.BAD_REQUEST).build();
        }
        String[] decode = decode(authorizationHeader);
        if (decode == null || decode.length != 2) {
            return Response.status(Response.Status.UNAUTHORIZED).build();
        }
        try {
            this.securityProvider.login(new UsernamePasswordToken(decode[0], decode[1]));
            return Response.ok().entity(this.sessionManager.create(new HashMap()).getId()).build();
        } catch (AuthenticationException e) {
            return Response.status(Response.Status.UNAUTHORIZED).build();
        }
    }

    @POST
    @Path("_logout")
    @RequiresAuthentication
    public Response logout(@Context Session session) {
        session.setExpired(true);
        return Response.ok().build();
    }

    private String getAuthorizationHeader(ContainerRequestContext containerRequestContext) {
        String headerString = containerRequestContext.getHeaderString("authorization");
        if (headerString != null) {
            return headerString;
        }
        containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
        return null;
    }

    public static String[] decode(String str) {
        byte[] bArr = null;
        try {
            bArr = DatatypeConverter.parseBase64Binary(str.replaceFirst("[B|b]asic ", ""));
        } catch (Exception e) {
        }
        if (bArr == null || bArr.length == 0) {
            return null;
        }
        return new String(bArr).split(":", 2);
    }
}
