package org.akaza.openclinica.web.filter;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.StringTokenizer;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.sql.DataSource;
import org.akaza.openclinica.bean.login.UserAccountBean;
import org.akaza.openclinica.controller.helper.SetUpUserInterceptor;
import org.akaza.openclinica.dao.login.UserAccountDAO;
import org.apache.batik.util.XMLConstants;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.httpclient.auth.AuthPolicy;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:WEB-INF/lib/OpenClinica-core-3.16.2.jar:org/akaza/openclinica/web/filter/ApiSecurityFilter.class */
public class ApiSecurityFilter extends OncePerRequestFilter {
    private String realm = "Protected";

    @Autowired
    private DataSource dataSource;

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        System.out.println("Oh look at you triggering API calls i see !!!!!!");
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(header);
            if (stringTokenizer.hasMoreTokens() && stringTokenizer.nextToken().equalsIgnoreCase(AuthPolicy.BASIC)) {
                try {
                    String str = new String(Base64.decodeBase64(stringTokenizer.nextToken().getBytes()), "UTF-8");
                    int indexOf = str.indexOf(":");
                    if (indexOf == -1) {
                        unauthorized(httpServletResponse, "Invalid authentication token");
                        return;
                    }
                    String trim = str.substring(0, indexOf).trim();
                    str.substring(indexOf + 1).trim();
                    UserAccountBean userAccountBean = (UserAccountBean) new UserAccountDAO(this.dataSource).findByApiKey(trim);
                    if (trim.equals("") || userAccountBean.getId() == 0) {
                        unauthorized(httpServletResponse, "Bad credentials");
                        return;
                    }
                    httpServletRequest.getSession().setAttribute(SetUpUserInterceptor.USER_BEAN_NAME, userAccountBean);
                } catch (UnsupportedEncodingException e) {
                    throw new Error("Couldn't retrieve authentication", e);
                }
            }
        } else {
            unauthorized(httpServletResponse);
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private void unauthorized(HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"" + this.realm + XMLConstants.XML_DOUBLE_QUOTE);
        httpServletResponse.sendError(401, str);
    }

    private void unauthorized(HttpServletResponse httpServletResponse) throws IOException {
        unauthorized(httpServletResponse, "Unauthorized");
    }
}
