package net.shibboleth.idp.authn.impl;

import com.google.common.base.Charsets;
import java.util.Enumeration;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.idp.authn.AbstractExtractionAction;
import net.shibboleth.idp.authn.context.AuthenticationContext;
import net.shibboleth.idp.authn.context.UsernamePasswordContext;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.codec.Base64Support;
import net.shibboleth.utilities.java.support.codec.DecodingException;
import net.shibboleth.utilities.java.support.collection.Pair;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.profile.action.ActionSupport;
import org.opensaml.profile.context.ProfileRequestContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/shibboleth/idp/authn/impl/ExtractUsernamePasswordFromBasicAuth.class */
public class ExtractUsernamePasswordFromBasicAuth extends AbstractExtractionAction {

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(ExtractUsernamePasswordFromBasicAuth.class);

    protected void doExecute(@Nonnull ProfileRequestContext profileRequestContext, @Nonnull AuthenticationContext authenticationContext) {
        UsernamePasswordContext subcontext = authenticationContext.getSubcontext(UsernamePasswordContext.class, true);
        subcontext.setUsername((String) null);
        subcontext.setPassword((String) null);
        HttpServletRequest httpServletRequest = getHttpServletRequest();
        if (httpServletRequest == null) {
            this.log.debug("{} Profile action does not contain an HttpServletRequest", getLogPrefix());
            ActionSupport.buildEvent(profileRequestContext, "NoCredentials");
            return;
        }
        String extractCredentials = extractCredentials(httpServletRequest);
        if (extractCredentials == null) {
            ActionSupport.buildEvent(profileRequestContext, "NoCredentials");
            return;
        }
        Pair<String, String> decodeCredentials = decodeCredentials(extractCredentials);
        if (decodeCredentials == null) {
            ActionSupport.buildEvent(profileRequestContext, "InvalidCredentials");
        } else {
            subcontext.setUsername(applyTransforms((String) decodeCredentials.getFirst())).setPassword((String) decodeCredentials.getSecond());
        }
    }

    @Nullable
    protected String extractCredentials(@Nonnull HttpServletRequest httpServletRequest) {
        Enumeration headers = httpServletRequest.getHeaders("Authorization");
        while (headers.hasMoreElements()) {
            String[] split = ((String) headers.nextElement()).split(" ");
            if (split.length == 2 && "BASIC".equalsIgnoreCase(StringSupport.trimOrNull(split[0]))) {
                return StringSupport.trimOrNull(split[1]);
            }
        }
        this.log.debug("{} No appropriate Authorization header found", getLogPrefix());
        return null;
    }

    @Nullable
    protected Pair<String, String> decodeCredentials(@NotEmpty @Nonnull String str) {
        String substring;
        String substring2;
        String str2 = null;
        try {
            str2 = new String(Base64Support.decode(str), Charsets.US_ASCII);
        } catch (DecodingException e) {
            this.log.warn("{} Credentials could not be base64 decoded: {}", getLogPrefix(), e.getMessage());
        }
        if (str2 != null && str2.contains(":") && (substring = str2.substring(0, str2.indexOf(58))) != null && str2.length() > substring.length() + 1 && (substring2 = str2.substring(str2.indexOf(58) + 1)) != null) {
            return new Pair<>(substring, substring2);
        }
        this.log.debug("{} Request did not contain a well-formed Basic authorization header value", getLogPrefix());
        return null;
    }
}
