package eu.smesec.cysec.platform.core.auth.strategies;

import eu.smesec.cysec.platform.bridge.execptions.CacheException;
import eu.smesec.cysec.platform.core.cache.CacheAbstractionLayer;
import eu.smesec.cysec.platform.core.config.Config;
import eu.smesec.cysec.platform.core.utils.Validator;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.logging.Level;
import java.util.regex.Matcher;
import javax.servlet.ServletContext;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.ClientErrorException;
import javax.ws.rs.core.MultivaluedMap;
import org.glassfish.jersey.internal.util.Base64;

/* loaded from: input_file:WEB-INF/classes/eu/smesec/cysec/platform/core/auth/strategies/AdminAuthStrategy.class */
public class AdminAuthStrategy extends AbstractAuthStrategy {
    public static final String ADMIN_PREFIX = "cysec_admin_prefix";
    public static final String ADMIN_NAMES = "cysec_admin_users";
    public static final String ADMIN_PWS = "cysec_admin_passwords";
    private final List<String> headers;

    public AdminAuthStrategy(CacheAbstractionLayer cacheAbstractionLayer, Config config, ServletContext servletContext) {
        super(cacheAbstractionLayer, config, servletContext, false);
        this.headers = Collections.singletonList(BasicAuthStrategy.AUTHORIZATION_PROPERTY);
    }

    @Override // eu.smesec.cysec.platform.core.auth.strategies.AbstractAuthStrategy
    public List<String> getHeaderNames() {
        return this.headers;
    }

    @Override // eu.smesec.cysec.platform.core.auth.strategies.AbstractAuthStrategy
    public boolean authenticate(MultivaluedMap<String, String> multivaluedMap, Method method) throws CacheException, ClientErrorException {
        this.logger.info("Checking Admin auth");
        String substring = this.context.getContextPath().substring(1);
        String first = multivaluedMap.getFirst(BasicAuthStrategy.AUTHORIZATION_PROPERTY);
        if (first != null && !first.isEmpty()) {
            Matcher matcher = BasicAuthStrategy.regexBasic.matcher(first);
            if (matcher.matches()) {
                String decodeAsString = Base64.decodeAsString(matcher.group(1));
                Matcher matcher2 = BasicAuthStrategy.regexAuth.matcher(decodeAsString);
                if (!matcher2.matches()) {
                    this.logger.log(Level.WARNING, "invalid auth format: " + decodeAsString);
                    throw new BadRequestException("invalid auth format: " + decodeAsString);
                }
                String stringValue = this.config.getStringValue(substring, ADMIN_PREFIX);
                String group = matcher2.group(1);
                if (!stringValue.equalsIgnoreCase(group)) {
                    this.logger.log(Level.INFO, "company " + group + " is not a server admin prefix");
                    return false;
                }
                String group2 = matcher2.group(2);
                if (!Validator.validateWord(group2)) {
                    throw new BadRequestException("Username pattern does not match");
                }
                String group3 = matcher2.group(3);
                if (group3 == null || group3.isEmpty()) {
                    throw new BadRequestException("Password is null or empty");
                }
                List asList = Arrays.asList(this.config.getStringValue(substring, ADMIN_NAMES).split(" "));
                List asList2 = Arrays.asList(this.config.getStringValue(substring, ADMIN_PWS).split(" "));
                if (asList.size() != asList2.size()) {
                    this.logger.log(Level.WARNING, "number of server admin names and number of server passwords is not equals");
                }
                int indexOf = asList.indexOf(group2);
                if (indexOf < 0) {
                    this.logger.log(Level.WARNING, "server admin name " + group2 + " is not in admin list");
                    return false;
                }
                if (indexOf >= asList2.size() || !((String) asList2.get(indexOf)).equalsIgnoreCase(group3)) {
                    this.logger.log(Level.WARNING, "server admin password " + group3 + " does not match");
                    return false;
                }
                this.logger.log(Level.INFO, "server admin " + group2 + " successfully logged in");
                return true;
            }
        }
        this.logger.log(Level.WARNING, "invalid auth header");
        throw new BadRequestException("invalid auth header");
    }
}
