package org.jahia.modules.modulemanager.rest.filters;

import java.io.IOException;
import java.security.Principal;
import javax.annotation.Priority;
import javax.jcr.RepositoryException;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.SecurityContext;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.subject.Subject;
import org.jahia.services.content.JCRSessionFactory;
import org.jahia.services.content.JCRSessionWrapper;
import org.jahia.services.usermanager.JahiaUser;
import org.jahia.services.usermanager.JahiaUserManagerService;
import org.jahia.utils.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Priority(1000)
/* loaded from: input_file:org/jahia/modules/modulemanager/rest/filters/ModuleManagerAuthenticationRequestFilter.class */
public class ModuleManagerAuthenticationRequestFilter implements ContainerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger(ModuleManagerAuthenticationRequestFilter.class);
    private static final String REQUIRED_PERMISSON = "adminTemplates";
    private static final String REQUIRED_ROLE = "toolManager";

    @Context
    HttpServletRequest httpServletRequest;

    private Subject getAuthenticatedSubject() {
        try {
            return WebUtils.getAuthenticatedSubject(this.httpServletRequest);
        } catch (AuthenticationException e) {
            throw new NotAuthorizedException(e.getMessage(), "BASIC", new Object[0]);
        }
    }

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        String str = "guest";
        if (JahiaUserManagerService.isGuest(JCRSessionFactory.getInstance().getCurrentUser())) {
            Subject authenticatedSubject = getAuthenticatedSubject();
            if (authenticatedSubject != null && authenticatedSubject.hasRole(REQUIRED_ROLE)) {
                return;
            }
        } else {
            try {
                JCRSessionWrapper currentUserSession = JCRSessionFactory.getInstance().getCurrentUserSession();
                final JahiaUser user = currentUserSession.getUser();
                str = user.getUserKey();
                if (currentUserSession.getRootNode().hasPermission(REQUIRED_PERMISSON)) {
                    containerRequestContext.setSecurityContext(new SecurityContext() { // from class: org.jahia.modules.modulemanager.rest.filters.ModuleManagerAuthenticationRequestFilter.1
                        public String getAuthenticationScheme() {
                            return ModuleManagerAuthenticationRequestFilter.this.httpServletRequest.getScheme();
                        }

                        public Principal getUserPrincipal() {
                            return user;
                        }

                        public boolean isSecure() {
                            return ModuleManagerAuthenticationRequestFilter.this.httpServletRequest.isSecure();
                        }

                        public boolean isUserInRole(String str2) {
                            return ModuleManagerAuthenticationRequestFilter.this.httpServletRequest.isUserInRole(str2);
                        }
                    });
                    return;
                }
            } catch (RepositoryException e) {
                log.error("An error occurs while accessing the resource " + this.httpServletRequest.getRequestURI(), e);
                Response.ResponseBuilder status = Response.status(Response.Status.INTERNAL_SERVER_ERROR);
                Object[] objArr = new Object[1];
                objArr[0] = e.getMessage() != null ? e.getMessage() : e;
                containerRequestContext.abortWith(status.entity(String.format("an error occured %s (see server log for more detail)", objArr)).build());
            }
        }
        log.warn("Unauthorized access to the resource {} by user {}", this.httpServletRequest.getRequestURI(), str);
        containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity(String.format("User %s is not allowed to access resource %s", str, this.httpServletRequest.getRequestURI())).build());
    }
}
