package org.wildfly.security.http.basic;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.List;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.wildfly.common.Assert;
import org.wildfly.common.array.Arrays2;
import org.wildfly.common.iteration.ByteIterator;
import org.wildfly.security.auth.callback.AvailableRealmsCallback;
import org.wildfly.security.http.HttpAuthenticationException;
import org.wildfly.security.http.HttpConstants;
import org.wildfly.security.http.HttpServerRequest;
import org.wildfly.security.http.HttpServerResponse;
import org.wildfly.security.mechanism._private.ElytronMessages;
import org.wildfly.security.mechanism.http.UsernamePasswordAuthenticationMechanism;

/* loaded from: input_file:org/wildfly/security/http/basic/BasicAuthenticationMechanism.class */
final class BasicAuthenticationMechanism extends UsernamePasswordAuthenticationMechanism {
    static final String SILENT = "silent";
    private static final String CHALLENGE_PREFIX = "Basic ";
    private static final int PREFIX_LENGTH = CHALLENGE_PREFIX.length();
    private final boolean includeCharset;
    private final String configuredRealm;
    private final boolean silent;

    /* JADX INFO: Access modifiers changed from: package-private */
    public BasicAuthenticationMechanism(CallbackHandler callbackHandler, String str, boolean z, boolean z2) {
        super((CallbackHandler) Assert.checkNotNullParam("callbackHandler", callbackHandler));
        this.includeCharset = z2;
        this.configuredRealm = str;
        this.silent = z;
    }

    @Override // org.wildfly.security.http.HttpServerAuthenticationMechanism
    public String getMechanismName() {
        return HttpConstants.BASIC_NAME;
    }

    @Override // org.wildfly.security.http.HttpServerAuthenticationMechanism
    public void evaluateRequest(HttpServerRequest httpServerRequest) throws HttpAuthenticationException {
        String firstRequestHeaderValue;
        String str = null;
        String[] strArr = null;
        AvailableRealmsCallback availableRealmsCallback = new AvailableRealmsCallback();
        try {
            this.callbackHandler.handle(new Callback[]{availableRealmsCallback});
            strArr = availableRealmsCallback.getRealmNames();
        } catch (UnsupportedCallbackException e) {
        } catch (HttpAuthenticationException e2) {
            throw e2;
        } catch (IOException e3) {
            throw ElytronMessages.httpBasic.mechCallbackHandlerFailedForUnknownReason(e3).toHttpAuthenticationException();
        }
        if (this.configuredRealm != null) {
            firstRequestHeaderValue = this.configuredRealm;
        } else if (strArr == null || strArr.length <= 0) {
            firstRequestHeaderValue = httpServerRequest.getFirstRequestHeaderValue("Host");
        } else {
            firstRequestHeaderValue = strArr[0];
            str = firstRequestHeaderValue;
        }
        if (str == null && strArr != null && strArr.length > 0) {
            for (String str2 : strArr) {
                if (firstRequestHeaderValue.equals(str2)) {
                    str = firstRequestHeaderValue;
                }
            }
            if (str == null) {
                str = strArr[0];
            }
        }
        List<String> requestHeaderValues = httpServerRequest.getRequestHeaderValues("Authorization");
        if (requestHeaderValues != null) {
            for (String str3 : requestHeaderValues) {
                if (str3.startsWith(CHALLENGE_PREFIX)) {
                    byte[] drain = ByteIterator.ofBytes(str3.substring(PREFIX_LENGTH).getBytes(StandardCharsets.UTF_8)).asUtf8String().base64Decode().drain();
                    int indexOf = Arrays2.indexOf(drain, 58);
                    if (indexOf <= 0) {
                        String str4 = firstRequestHeaderValue;
                        httpServerRequest.authenticationFailed(ElytronMessages.httpBasic.incorrectlyFormattedHeader("Authorization"), httpServerResponse -> {
                            prepareResponse(httpServerRequest, str4, httpServerResponse);
                        });
                        return;
                    }
                    ByteBuffer wrap = ByteBuffer.wrap(drain, 0, indexOf);
                    ByteBuffer wrap2 = ByteBuffer.wrap(drain, indexOf + 1, (drain.length - indexOf) - 1);
                    CharBuffer decode = StandardCharsets.UTF_8.decode(wrap);
                    CharBuffer decode2 = StandardCharsets.UTF_8.decode(wrap2);
                    char[] cArr = new char[decode2.length()];
                    decode2.get(cArr);
                    try {
                        try {
                            String charBuffer = decode.toString();
                            if (!authenticate(str, charBuffer, cArr)) {
                                ElytronMessages.httpBasic.debugf("User %s authentication failed.", charBuffer);
                                fail();
                                String str5 = firstRequestHeaderValue;
                                httpServerRequest.authenticationFailed(ElytronMessages.httpBasic.authenticationFailed(charBuffer, HttpConstants.BASIC_NAME), httpServerResponse2 -> {
                                    prepareResponse(httpServerRequest, str5, httpServerResponse2);
                                });
                                Arrays.fill(cArr, (char) 0);
                                if (decode2.hasArray()) {
                                    Arrays.fill(decode2.array(), (char) 0);
                                    return;
                                }
                                return;
                            }
                            ElytronMessages.httpBasic.tracef("User %s authenticated successfully!", charBuffer);
                            if (authorize(charBuffer)) {
                                ElytronMessages.httpBasic.debugf("User %s authorization succeeded!", charBuffer);
                                succeed();
                                httpServerRequest.authenticationComplete();
                                Arrays.fill(cArr, (char) 0);
                                if (decode2.hasArray()) {
                                    Arrays.fill(decode2.array(), (char) 0);
                                    return;
                                }
                                return;
                            }
                            ElytronMessages.httpBasic.debugf("User %s authorization failed.", charBuffer);
                            fail();
                            String str6 = firstRequestHeaderValue;
                            httpServerRequest.authenticationFailed(ElytronMessages.httpBasic.authorizationFailed(charBuffer), httpServerResponse3 -> {
                                prepareResponse(httpServerRequest, str6, httpServerResponse3);
                            });
                            Arrays.fill(cArr, (char) 0);
                            if (decode2.hasArray()) {
                                Arrays.fill(decode2.array(), (char) 0);
                                return;
                            }
                            return;
                        } catch (IOException | UnsupportedCallbackException e4) {
                            throw new HttpAuthenticationException(e4);
                        }
                    } catch (Throwable th) {
                        Arrays.fill(cArr, (char) 0);
                        if (decode2.hasArray()) {
                            Arrays.fill(decode2.array(), (char) 0);
                        }
                        throw th;
                    }
                }
            }
        }
        String str7 = firstRequestHeaderValue;
        httpServerRequest.noAuthenticationInProgress(httpServerResponse4 -> {
            prepareResponse(httpServerRequest, str7, httpServerResponse4);
        });
    }

    private void prepareResponse(HttpServerRequest httpServerRequest, String str, HttpServerResponse httpServerResponse) {
        if (this.silent && httpServerRequest.getFirstRequestHeaderValue("Authorization") == null) {
            ElytronMessages.httpBasic.tracef("BASIC authentication mechanism ignored - configuration is set to silent and request does not contain Authorization header", new Object[0]);
            return;
        }
        StringBuilder sb = new StringBuilder(CHALLENGE_PREFIX);
        sb.append("realm").append("=\"").append(str).append("\"");
        if (this.includeCharset) {
            sb.append(", ").append("charset").append("=\"UTF-8\"");
        }
        httpServerResponse.addResponseHeader("WWW-Authenticate", sb.toString());
        httpServerResponse.setStatusCode(401);
    }
}
