package web.war.basic;

import java.lang.annotation.Annotation;
import java.util.Base64;
import java.util.Map;
import java.util.Set;
import java.util.logging.Logger;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Default;
import javax.enterprise.inject.Instance;
import javax.enterprise.inject.spi.CDI;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.message.callback.CallerPrincipalCallback;
import javax.security.auth.message.callback.GroupPrincipalCallback;
import javax.security.enterprise.AuthenticationException;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.CallerPrincipal;
import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import javax.security.enterprise.credential.BasicAuthenticationCredential;
import javax.security.enterprise.identitystore.CredentialValidationResult;
import javax.security.enterprise.identitystore.IdentityStoreHandler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@Default
@ApplicationScoped
/* loaded from: input_file:web/war/basic/BasicHttpAuthenticationMechanism.class */
public class BasicHttpAuthenticationMechanism implements HttpAuthenticationMechanism {
    private final String realmName = "App BAMech";
    private static Logger log = Logger.getLogger(BasicHttpAuthenticationMechanism.class.getName());

    public AuthenticationStatus validateRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) throws AuthenticationException {
        AuthenticationStatus handleAuthorizationHeader;
        log.info("validateRequest");
        AuthenticationStatus authenticationStatus = AuthenticationStatus.SEND_FAILURE;
        Subject clientSubject = httpMessageContext.getClientSubject();
        Map<String, String> map = httpMessageContext.getMessageInfo().getMap();
        CallbackHandler handler = httpMessageContext.getHandler();
        HttpServletRequest request = httpMessageContext.getRequest();
        HttpServletResponse response = httpMessageContext.getResponse();
        String header = request.getHeader("Authorization");
        if (httpMessageContext.isAuthenticationRequest()) {
            handleAuthorizationHeader = header == null ? setChallengeAuthorizationHeader(response) : handleAuthorizationHeader(header, response, map, clientSubject, handler);
        } else if (header != null) {
            handleAuthorizationHeader = handleAuthorizationHeader(header, response, map, clientSubject, handler);
        } else if (httpMessageContext.isProtected()) {
            handleAuthorizationHeader = setChallengeAuthorizationHeader(response);
        } else {
            log.info("Both isAuthenticationRequest and isProtected returns false. returing NOT_DONE,");
            handleAuthorizationHeader = AuthenticationStatus.NOT_DONE;
        }
        return handleAuthorizationHeader;
    }

    public AuthenticationStatus secureResponse(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) throws AuthenticationException {
        log.info("secureResponse");
        return AuthenticationStatus.SUCCESS;
    }

    public void cleanSubject(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) {
    }

    private AuthenticationStatus setChallengeAuthorizationHeader(HttpServletResponse httpServletResponse) {
        httpServletResponse.setHeader("WWW-Authenticate", "Basic realm=\"App BAMech\"");
        httpServletResponse.setStatus(401);
        return AuthenticationStatus.SEND_CONTINUE;
    }

    private AuthenticationStatus handleAuthorizationHeader(String str, HttpServletResponse httpServletResponse, Map<String, String> map, Subject subject, CallbackHandler callbackHandler) throws AuthenticationException {
        AuthenticationStatus authenticationStatus = AuthenticationStatus.SEND_FAILURE;
        int i = 403;
        if (str.startsWith("Basic ")) {
            String substring = str.substring(6);
            if (isAuthorizationHeaderValid(decodeCookieString(substring))) {
                CredentialValidationResult validateUserAndPassword = validateUserAndPassword(new BasicAuthenticationCredential(substring));
                if (validateUserAndPassword.getStatus() == CredentialValidationResult.Status.VALID) {
                    handleCallbacks(subject, validateUserAndPassword.getCallerPrincipal(), getGroups(validateUserAndPassword), callbackHandler);
                    map.put("javax.servlet.http.authType", "JASPI_AUTH");
                    i = 200;
                    authenticationStatus = AuthenticationStatus.SUCCESS;
                } else if (validateUserAndPassword.getStatus() == CredentialValidationResult.Status.NOT_VALIDATED) {
                    authenticationStatus = AuthenticationStatus.NOT_DONE;
                }
            }
        }
        httpServletResponse.setStatus(i);
        return authenticationStatus;
    }

    private String decodeCookieString(String str) {
        try {
            return new String(Base64.getDecoder().decode(str));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private boolean isAuthorizationHeaderValid(String str) {
        int indexOf;
        return !(str == null || str.isEmpty() || (indexOf = str.indexOf(58)) <= 0 || indexOf == str.length() - 1);
    }

    private CredentialValidationResult validateUserAndPassword(BasicAuthenticationCredential basicAuthenticationCredential) {
        CredentialValidationResult credentialValidationResult = CredentialValidationResult.NOT_VALIDATED_RESULT;
        IdentityStoreHandler identityStoreHandler = getIdentityStoreHandler();
        if (identityStoreHandler != null) {
            credentialValidationResult = identityStoreHandler.validate(basicAuthenticationCredential);
        }
        return credentialValidationResult;
    }

    private IdentityStoreHandler getIdentityStoreHandler() {
        IdentityStoreHandler identityStoreHandler = null;
        Instance select = CDI.current().select(IdentityStoreHandler.class, new Annotation[0]);
        if (!select.isUnsatisfied() && !select.isAmbiguous()) {
            identityStoreHandler = (IdentityStoreHandler) select.get();
        }
        return identityStoreHandler;
    }

    private void handleCallbacks(Subject subject, CallerPrincipal callerPrincipal, String[] strArr, CallbackHandler callbackHandler) throws AuthenticationException {
        try {
            callbackHandler.handle(new Callback[]{new CallerPrincipalCallback(subject, callerPrincipal), new GroupPrincipalCallback(subject, strArr)});
        } catch (Exception e) {
            e.printStackTrace();
            throw new AuthenticationException(e.toString());
        }
    }

    protected String[] getGroups(CredentialValidationResult credentialValidationResult) {
        String[] strArr = null;
        Set callerGroups = credentialValidationResult.getCallerGroups();
        if (callerGroups != null && !callerGroups.isEmpty()) {
            strArr = (String[]) callerGroups.toArray(new String[callerGroups.size()]);
        }
        return strArr;
    }
}
