package com.huawei.bigdata.om.web.security;

import com.google.common.collect.ImmutableSet;
import com.huawei.bigdata.om.common.utils.StringHelper;
import com.huawei.bigdata.om.web.auditlog.constant.AuditLogConstant;
import com.huawei.bigdata.om.web.auditlog.request.AuditLogDataRequest;
import com.huawei.bigdata.om.web.auditlog.util.AuditLogUtils;
import com.huawei.bigdata.om.web.constant.Resource;
import com.huawei.bigdata.om.web.util.WebUtils;
import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.Set;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

/* loaded from: input_file:com/huawei/bigdata/om/web/security/FIBasicAuthenticationFilter.class */
public class FIBasicAuthenticationFilter extends BasicAuthenticationFilter implements FIAuthenticationFilter {
    private static final int BASICPREFIXLENGTH = 6;
    private static final Logger LOGGER = LoggerFactory.getLogger(FIBasicAuthenticationFilter.class);
    private static Set<String> headersToCheck = ImmutableSet.copyOf(Arrays.asList("X-Forwarded-For", "Proxy-Client-IP", "WL-Proxy-Client-IP", "HTTP_CLIENT_IP", "HTTP_X_FORWARDED_FOR"));
    private static final String USER_NAME_FORMAT_RULE = "^[0-9a-zA-Z\\_\\- ]+$";
    private static final Pattern PATTERN_USERNAME = Pattern.compile(USER_NAME_FORMAT_RULE);

    public FIBasicAuthenticationFilter(AuthenticationManager authenticationManager, FIEntryPoint fIEntryPoint) {
        super(authenticationManager, fIEntryPoint);
    }

    @Override // com.huawei.bigdata.om.web.security.FIAuthenticationFilter
    public boolean isApply(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        LOGGER.debug("Get Basic Authentication header is {}.", StringHelper.replaceBlank(header));
        return header != null && header.startsWith("Basic ");
    }

    protected void onSuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException {
        AuditLogDataRequest auditLogDataRecordRequestByKey = AuditLogUtils.getAuditLogDataRecordRequestByKey(AuditLogConstant.OPKEY.SECURITY_USER_LOGINED);
        auditLogDataRecordRequestByKey.setOpUser(authentication.getName());
        auditLogDataRecordRequestByKey.setUserIp(getRemoteAddress(httpServletRequest));
        AuditLogUtils.updateOperatationLogByLogin(AuditLogUtils.recordOperationLogByLogin(auditLogDataRecordRequestByKey), authentication.getName(), "0", auditLogDataRecordRequestByKey);
    }

    protected void onUnsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException {
        String str = "";
        try {
            str = getUsernameFromAuth(httpServletRequest.getHeader("Authorization"), getCredentialsCharset(httpServletRequest));
        } catch (Exception e) {
            LOGGER.warn("Error occurred during decoding authorization header.", e.getMessage());
        }
        if (!checkUserName(str)) {
            str = "invalid user";
        }
        AuditLogDataRequest auditLogDataRecordRequestByKey = AuditLogUtils.getAuditLogDataRecordRequestByKey(AuditLogConstant.OPKEY.SECURITY_USER_LOGINED);
        auditLogDataRecordRequestByKey.setOpUser(str);
        auditLogDataRecordRequestByKey.setUserIp(getRemoteAddress(httpServletRequest));
        String recordOperationLogByLogin = AuditLogUtils.recordOperationLogByLogin(auditLogDataRecordRequestByKey);
        auditLogDataRecordRequestByKey.setFailReasonEn(Resource.USERDETAIL_NULL_INTER_ERROR);
        AuditLogUtils.updateOperatationLogByLogin(recordOperationLogByLogin, str, "1", auditLogDataRecordRequestByKey);
    }

    private String getUsernameFromAuth(String str, String str2) throws IOException {
        try {
            String str3 = new String(Base64.decode(str.substring(6).getBytes("UTF-8")), str2);
            int indexOf = str3.indexOf(":");
            if (indexOf == -1) {
                throw new BadCredentialsException("Invalid basic authentication token");
            }
            return str3.substring(0, indexOf);
        } catch (IllegalArgumentException e) {
            throw new BadCredentialsException("Failed to decode basic authentication token");
        }
    }

    public String getRemoteAddress(HttpServletRequest httpServletRequest) {
        String str = null;
        Iterator<String> it = headersToCheck.iterator();
        while (it.hasNext()) {
            str = httpServletRequest.getHeader(it.next());
            if (!isRemoteAddressUnknown(str)) {
                break;
            }
        }
        if (isRemoteAddressUnknown(str)) {
            str = httpServletRequest.getRemoteAddr();
        }
        if (containsMultipleRemoteAddresses(str) && StringUtils.isNotEmpty(str)) {
            str = str.substring(0, str.indexOf(","));
        }
        if (!WebUtils.checkIp(str)) {
            str = "invalid ip";
        }
        return str;
    }

    private boolean isRemoteAddressUnknown(String str) {
        return str == null || str.length() == 0 || "unknown".equalsIgnoreCase(str);
    }

    private boolean containsMultipleRemoteAddresses(String str) {
        return str != null && str.indexOf(",") > 0;
    }

    public static boolean checkUserName(String str) {
        if (StringUtils.isEmpty(str)) {
            return false;
        }
        return PATTERN_USERNAME.matcher(str).matches();
    }
}
