package org.lockss.spring.auth;

import java.security.AccessControlException;
import java.util.Arrays;
import java.util.Base64;
import org.lockss.account.UserAccount;
import org.lockss.app.LockssDaemon;
import org.lockss.config.CurrentConfig;
import org.lockss.log.L4JLogger;

/* loaded from: input_file:org/lockss/spring/auth/AuthUtil.class */
public class AuthUtil {
    private static final String BASIC_AUTH_TYPE = "basic";
    private static final String NONE_AUTH_TYPE = "none";
    private static final String PREFIX = "org.lockss.restAuth.";
    private static final String PARAM_AUTH_TYPE = "org.lockss.restAuth.authenticationType";
    private static final String DEFAULT_AUTH_TYPE = "none";
    private static final String invalidAutheticationType = "Invalid Authentication Type (must be BASIC or NONE).";
    private static final L4JLogger log = L4JLogger.getLogger();

    public static String[] decodeBasicAuthorizationHeader(String str) {
        log.debug2("header = {}", str);
        byte[] decode = Base64.getDecoder().decode(str.replaceFirst("[B|b]asic ", ""));
        if (decode == null || decode.length == 0) {
            return null;
        }
        String[] split = new String(decode).split(":", 2);
        log.debug2("result = [{}, ****]", split[0]);
        return split;
    }

    public static void checkAuthorization(String str, String... strArr) {
        log.debug2("userName = {}", str);
        log.debug2("permissibleRoles = {}", Arrays.toString(strArr));
        if (!isAuthenticationOn()) {
            log.debug2("Authorized (like everybody else).");
            return;
        }
        try {
            UserAccount user = LockssDaemon.getLockssDaemon().getAccountManager().getUser(str);
            log.trace("userAccount.getRoleSet() = {}", user.getRoleSet());
            if (user.isUserInRole(Roles.ROLE_USER_ADMIN)) {
                log.debug2("Authorized as administrator.");
                return;
            }
            if (strArr == null || strArr.length == 0) {
                log.debug2("Unauthorized like any non-administrator");
                throw new AccessControlException("Unauthorized like any non-administrator");
            }
            for (String str2 : strArr) {
                log.trace("permissibleRole = {}", str2);
                if (Roles.ROLE_ANY.equals(str2)) {
                    log.debug2("Authorized like everybody else.");
                    return;
                } else {
                    if (user.isUserInRole(str2)) {
                        log.debug2("Authorized because user is in role.");
                        return;
                    }
                }
            }
            String str3 = "Unauthorized because user '" + str + "'does not have any of the permissible roles";
            log.debug2(str3);
            throw new AccessControlException(str3);
        } catch (Exception e) {
            log.error("userName = {}", str);
            log.error("LockssDaemon.getLockssDaemon().getAccountManager().getUser(" + str + ")", e);
            throw new AccessControlException("Unable to get user '" + str + "'");
        }
    }

    public static boolean isAuthenticationOn() {
        log.debug2("Invoked.");
        String param = CurrentConfig.getParam(PARAM_AUTH_TYPE, "none");
        log.trace("authenticationType = {}", param);
        if ("none".equalsIgnoreCase(param)) {
            log.debug2("Authentication is OFF.");
            return false;
        }
        if (BASIC_AUTH_TYPE.equalsIgnoreCase(param)) {
            log.debug2("Authentication is ON.");
            return true;
        }
        log.error(invalidAutheticationType);
        log.error("authenticationType = {}", param);
        throw new AccessControlException(param + ": " + invalidAutheticationType);
    }
}
