package org.wildfly.security.http.impl;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.List;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.wildfly.common.Assert;
import org.wildfly.security._private.ElytronMessages;
import org.wildfly.security.auth.callback.AuthenticationCompleteCallback;
import org.wildfly.security.auth.callback.PasswordVerifyCallback;
import org.wildfly.security.auth.callback.SecurityIdentityCallback;
import org.wildfly.security.http.HttpAuthenticationException;
import org.wildfly.security.http.HttpConstants;
import org.wildfly.security.http.HttpServerAuthenticationMechanism;
import org.wildfly.security.http.HttpServerExchange;
import org.wildfly.security.http.util.HttpMechanismInformation;
import org.wildfly.security.util.ByteIterator;
import org.wildfly.security.util._private.Arrays2;

/* loaded from: input_file:org/wildfly/security/http/impl/BasicAuthenticationMechanism.class */
class BasicAuthenticationMechanism implements HttpServerAuthenticationMechanism {
    private static final String BASIC_PREFIX = "Basic ";
    private static final int PREFIX_LENGTH = BASIC_PREFIX.length();
    private final CallbackHandler callbackHandler;
    private final String challengeValue;

    /* JADX INFO: Access modifiers changed from: package-private */
    public BasicAuthenticationMechanism(CallbackHandler callbackHandler, String str, boolean z) {
        Assert.checkNotNullParam("callbackHandler", callbackHandler);
        Assert.checkNotNullParam(HttpConstants.REALM, str);
        this.callbackHandler = callbackHandler;
        StringBuilder sb = new StringBuilder(BASIC_PREFIX);
        sb.append(HttpConstants.REALM).append("=\"").append(str).append("\"");
        if (z) {
            sb.append(", ").append(HttpConstants.CHARSET).append("=\"UTF-8\"");
        }
        this.challengeValue = sb.toString();
    }

    @Override // org.wildfly.security.http.HttpServerAuthenticationMechanism
    public String getMechanismName() {
        return HttpMechanismInformation.Names.BASIC;
    }

    @Override // org.wildfly.security.http.HttpServerAuthenticationMechanism
    public boolean evaluateRequest(HttpServerExchange httpServerExchange) throws HttpAuthenticationException {
        List<String> requestHeaderValues = httpServerExchange.getRequestHeaderValues(HttpConstants.AUTHORIZATION);
        if (requestHeaderValues == null) {
            return false;
        }
        for (String str : requestHeaderValues) {
            if (str.startsWith(BASIC_PREFIX)) {
                byte[] drain = ByteIterator.ofBytes(str.substring(PREFIX_LENGTH).getBytes(StandardCharsets.UTF_8)).base64Decode().drain();
                int indexOf = Arrays2.indexOf(drain, 58);
                if (indexOf <= 0 || indexOf == drain.length - 1) {
                    throw ElytronMessages.log.incorrectlyFormattedHeader(HttpConstants.AUTHORIZATION);
                }
                ByteBuffer wrap = ByteBuffer.wrap(drain, 0, indexOf);
                ByteBuffer wrap2 = ByteBuffer.wrap(drain, indexOf + 1, (drain.length - indexOf) - 1);
                CharBuffer decode = StandardCharsets.UTF_8.decode(wrap);
                CharBuffer decode2 = StandardCharsets.UTF_8.decode(wrap2);
                char[] cArr = new char[decode2.length()];
                decode2.get(cArr);
                try {
                    try {
                        String charBuffer = decode.toString();
                        if (authenticate(charBuffer, decode2.array())) {
                            SecurityIdentityCallback securityIdentityCallback = new SecurityIdentityCallback();
                            this.callbackHandler.handle(new Callback[]{AuthenticationCompleteCallback.SUCCEEDED, securityIdentityCallback});
                            httpServerExchange.authenticationComplete(securityIdentityCallback.getSecurityIdentity());
                        } else {
                            this.callbackHandler.handle(new Callback[]{AuthenticationCompleteCallback.FAILED});
                            httpServerExchange.authenticationFailed(ElytronMessages.log.authenticationFailed(charBuffer, HttpMechanismInformation.Names.BASIC));
                        }
                    } catch (IOException | UnsupportedCallbackException e) {
                        throw new HttpAuthenticationException(e);
                    }
                } finally {
                    Arrays.fill(cArr, (char) 0);
                    if (decode2.hasArray()) {
                        Arrays.fill(decode2.array(), (char) 0);
                    }
                }
            }
        }
        return false;
    }

    private boolean authenticate(String str, char[] cArr) throws HttpAuthenticationException {
        Callback nameCallback = new NameCallback("Remote Authentication Name", str);
        nameCallback.setName(str);
        PasswordVerifyCallback passwordVerifyCallback = new PasswordVerifyCallback(cArr);
        try {
            try {
                this.callbackHandler.handle(new Callback[]{nameCallback, passwordVerifyCallback});
                boolean isVerified = passwordVerifyCallback.isVerified();
                passwordVerifyCallback.clearPassword();
                return isVerified;
            } catch (IOException e) {
                throw new HttpAuthenticationException(e);
            } catch (UnsupportedCallbackException e2) {
                passwordVerifyCallback.clearPassword();
                return false;
            }
        } catch (Throwable th) {
            passwordVerifyCallback.clearPassword();
            throw th;
        }
    }

    @Override // org.wildfly.security.http.HttpServerAuthenticationMechanism
    public boolean prepareResponse(HttpServerExchange httpServerExchange) {
        httpServerExchange.addResponseHeader(HttpConstants.WWW_AUTHENTICATE, this.challengeValue);
        httpServerExchange.setResponseCode(HttpConstants.UNAUTHORIZED);
        return true;
    }
}
