/**
 * Copyright (c) 2008-2011 Sonatype, Inc.
 * All rights reserved. Includes the third-party code listed at http://www.sonatype.com/products/nexus/attributions.
 *
 * This program is free software: you can redistribute it and/or modify it only under the terms of the GNU Affero General
 * Public License Version 3 as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License Version 3
 * for more details.
 *
 * You should have received a copy of the GNU Affero General Public License Version 3 along with this program.  If not, see
 * http://www.gnu.org/licenses.
 *
 * Sonatype Nexus (TM) Open Source Version is available from Sonatype, Inc. Sonatype and Sonatype Nexus are trademarks of
 * Sonatype, Inc. Apache Maven is a trademark of the Apache Foundation. M2Eclipse is a trademark of the Eclipse Foundation.
 * All other trademarks are the property of their respective owners.
 */
package org.sonatype.nexus.security.filter.authc;

import org.apache.shiro.authc.AuthenticationToken;
import org.codehaus.plexus.component.repository.exception.ComponentLookupException;

public class NexusSecureHttpAuthenticationFilter
    extends NexusHttpAuthenticationFilter
{
    private PasswordDecryptor passwordDecryptor;

    protected PasswordDecryptor getPasswordDecryptor()
    {
        if ( passwordDecryptor == null && getPlexusContainer().hasComponent( PasswordDecryptor.class ) )
        {
            try
            {
                passwordDecryptor = getPlexusContainer().lookup( PasswordDecryptor.class );
            }
            catch ( ComponentLookupException e )
            {
                // ignore it? There is none set
            }
        }

        return passwordDecryptor;
    }

    protected String decryptPasswordIfNeeded( String password )
    {
        PasswordDecryptor pd = getPasswordDecryptor();

        if ( pd != null && pd.isEncryptedPassword( password ) )
        {
            return pd.getDecryptedPassword( password );
        }
        else
        {
            return password;
        }
    }

    @Override
    protected AuthenticationToken createToken( String username, String password, boolean rememberMe, String address )
    {
        return super.createToken( username, decryptPasswordIfNeeded( password ), rememberMe, address );
    }
}