package org.tango.web.server.filters;

import java.io.IOException;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.apache.http.cookie.ClientCookie;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.tango.client.ez.proxy.NoSuchCommandException;
import org.tango.client.ez.proxy.TangoProxyException;
import org.tango.rest.response.Responses;
import org.tango.utils.TangoUtil;
import org.tango.web.server.AccessControl;

/* loaded from: input_file:org/tango/web/server/filters/AccessControlFilter.class */
public class AccessControlFilter implements ContainerRequestFilter {
    private static final Logger LOG = LoggerFactory.getLogger(AccessControlFilter.class);

    @Override // javax.ws.rs.container.ContainerRequestFilter
    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) ResteasyProviderFactory.getContextData(HttpServletRequest.class);
        String remoteUser = httpServletRequest.getRemoteUser();
        if (remoteUser == null) {
            containerRequestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).entity("Anonymous access is restricted. Provide username and password.").build());
            return;
        }
        AccessControl accessControl = (AccessControl) ((ServletContext) ResteasyProviderFactory.getContextData(ServletContext.class)).getAttribute(AccessControl.TANGO_ACCESS);
        if (accessControl == null) {
            return;
        }
        try {
            MultivaluedMap<String, String> pathParameters = containerRequestContext.getUriInfo().getPathParameters();
            String str = pathParameters.getFirst(ClientCookie.DOMAIN_ATTR) + TangoUtil.DEVICE_SEPARATOR + pathParameters.getFirst("family") + TangoUtil.DEVICE_SEPARATOR + pathParameters.getFirst("member");
            String parameter = httpServletRequest.getParameter("_method");
            if (parameter == null) {
                parameter = containerRequestContext.getMethod();
            }
            String str2 = parameter;
            boolean z = -1;
            switch (str2.hashCode()) {
                case 70454:
                    if (str2.equals("GET")) {
                        z = false;
                        break;
                    }
                    break;
                case 79599:
                    if (str2.equals("PUT")) {
                        z = true;
                        break;
                    }
                    break;
                case 2461856:
                    if (str2.equals("POST")) {
                        z = 2;
                        break;
                    }
                    break;
                case 2012838315:
                    if (str2.equals("DELETE")) {
                        z = 3;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    if (!accessControl.checkUserCanRead(remoteUser, httpServletRequest.getRemoteAddr(), str)) {
                        String format = String.format("User %s does not have read access to %s", remoteUser, str);
                        containerRequestContext.abortWith(Response.status(Response.Status.METHOD_NOT_ALLOWED).entity(format).build());
                        LOG.info(format);
                        break;
                    }
                    break;
                case true:
                case true:
                case true:
                    if (!accessControl.checkUserCanWrite(remoteUser, httpServletRequest.getRemoteAddr(), str)) {
                        String format2 = String.format("User %s does not have write access to %s", remoteUser, str);
                        containerRequestContext.abortWith(Response.status(Response.Status.METHOD_NOT_ALLOWED).entity(format2).build());
                        LOG.info(format2);
                        break;
                    }
                    break;
                default:
                    containerRequestContext.abortWith(Response.status(Response.Status.METHOD_NOT_ALLOWED).build());
                    LOG.info("Method is not allowed: " + parameter);
                    break;
            }
        } catch (NoSuchCommandException | TangoProxyException e) {
            containerRequestContext.abortWith(Response.ok(Responses.createFailureResult(e)).build());
        }
    }
}
