package com.mobi.web.security.util.impl;

import com.mobi.jaas.api.config.MobiConfiguration;
import com.mobi.jaas.api.engines.EngineManager;
import com.mobi.jaas.api.ontologies.usermanagement.Role;
import com.mobi.jaas.api.principals.UserPrincipal;
import com.mobi.web.security.util.RestSecurityUtils;
import com.mobi.web.security.util.api.SecurityHelper;
import java.security.Principal;
import java.util.Iterator;
import java.util.StringTokenizer;
import javax.security.auth.Subject;
import javax.ws.rs.container.ContainerRequestContext;
import org.apache.commons.codec.binary.Base64;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Component(immediate = true)
/* loaded from: input_file:com/mobi/web/security/util/impl/BasicAuthSecurityHelper.class */
public class BasicAuthSecurityHelper implements SecurityHelper {
    private static final String AUTHORIZATION_PROPERTY = "Authorization";
    private static final String AUTHENTICATION_SCHEME = "Basic";
    private final Logger log = LoggerFactory.getLogger(getClass().getName());

    @Reference
    EngineManager engineManager;

    @Reference
    MobiConfiguration configuration;

    @Override // com.mobi.web.security.util.api.SecurityHelper
    public boolean authenticate(ContainerRequestContext containerRequestContext, Subject subject) {
        String headerString = containerRequestContext.getHeaderString(AUTHORIZATION_PROPERTY);
        if (headerString == null) {
            this.log.debug("No authorization header.");
            return false;
        }
        StringTokenizer stringTokenizer = new StringTokenizer(new String(Base64.decodeBase64(headerString.replaceAll("Basic ", "").getBytes())), ":");
        if (stringTokenizer.countTokens() >= 2) {
            return RestSecurityUtils.authenticateUser("mobi", subject, stringTokenizer.nextToken(), stringTokenizer.nextToken(), this.configuration);
        }
        this.log.debug("Missing authorization information.");
        return false;
    }

    @Override // com.mobi.web.security.util.api.SecurityHelper
    public boolean isUserInRole(Principal principal, String str) {
        if (!(principal instanceof UserPrincipal)) {
            return false;
        }
        Iterator it = this.engineManager.getUserRoles(principal.getName()).iterator();
        while (it.hasNext()) {
            if (((Role) it.next()).getResource().stringValue().contains(str)) {
                return true;
            }
        }
        return false;
    }
}
