package io.fabric8.jolokia;

import io.fabric8.utils.Base64Encoder;
import java.io.IOException;
import java.net.URL;
import java.security.Principal;
import java.util.Arrays;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AccountException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jolokia.config.ConfigKey;
import org.osgi.framework.Bundle;
import org.osgi.framework.FrameworkUtil;
import org.osgi.service.http.HttpContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/fabric8/jolokia/JolokiaSecureHttpContext.class */
final class JolokiaSecureHttpContext implements HttpContext {
    private static final Logger LOGGER = LoggerFactory.getLogger(JolokiaSecureHttpContext.class);
    private static final String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
    private static final String HEADER_AUTHORIZATION = "Authorization";
    private static final String AUTHENTICATION_SCHEME_BASIC = "Basic";
    private final String realm;
    private final String[] roles;

    /* JADX INFO: Access modifiers changed from: package-private */
    public JolokiaSecureHttpContext(String str, String[] strArr) {
        this.realm = str;
        this.roles = strArr;
    }

    public URL getResource(String str) {
        return null;
    }

    public String getMimeType(String str) {
        return null;
    }

    public boolean handleSecurity(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return authenticate(httpServletRequest, httpServletResponse);
    }

    private Subject doAuthenticate(final String str, final String str2) {
        try {
            Subject subject = new Subject();
            new LoginContext(this.realm, subject, new CallbackHandler() { // from class: io.fabric8.jolokia.JolokiaSecureHttpContext.1
                @Override // javax.security.auth.callback.CallbackHandler
                public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
                    for (int i = 0; i < callbackArr.length; i++) {
                        if (callbackArr[i] instanceof NameCallback) {
                            ((NameCallback) callbackArr[i]).setName(str);
                        } else {
                            if (!(callbackArr[i] instanceof PasswordCallback)) {
                                throw new UnsupportedCallbackException(callbackArr[i]);
                            }
                            ((PasswordCallback) callbackArr[i]).setPassword(str2.toCharArray());
                        }
                    }
                }
            }).login();
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Login successful: {}", subject);
            }
            boolean z = false;
            for (String str3 : this.roles) {
                if (str3 != null && str3.length() > 0 && !z) {
                    String trim = str3.trim();
                    int indexOf = trim.indexOf(58);
                    if (indexOf > 0) {
                        trim = trim.substring(indexOf + 1);
                    }
                    Iterator<Principal> it = subject.getPrincipals().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        if (it.next().getName().equals(trim)) {
                            z = true;
                            break;
                        }
                    }
                }
            }
            if (z) {
                return subject;
            }
            throw new FailedLoginException("User does not have the required role " + Arrays.asList(this.roles));
        } catch (LoginException e) {
            LOGGER.debug("Login failed", e);
            return null;
        } catch (AccountException e2) {
            LOGGER.warn("Account failure", e2);
            return null;
        }
    }

    public boolean authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String trim;
        int indexOf;
        String header = httpServletRequest.getHeader(HEADER_AUTHORIZATION);
        if (header != null && header.length() > 0 && (indexOf = (trim = header.trim()).indexOf(32)) > 0) {
            String substring = trim.substring(0, indexOf);
            String trim2 = trim.substring(indexOf).trim();
            if (substring.equalsIgnoreCase(AUTHENTICATION_SCHEME_BASIC)) {
                try {
                    String base64Decode = base64Decode(trim2);
                    int indexOf2 = base64Decode.indexOf(58);
                    String substring2 = base64Decode.substring(0, indexOf2);
                    Subject doAuthenticate = doAuthenticate(substring2, base64Decode.substring(indexOf2 + 1));
                    if (doAuthenticate != null) {
                        httpServletRequest.setAttribute("org.osgi.service.http.authentication.type", "BASIC");
                        httpServletRequest.setAttribute("org.osgi.service.http.authentication.remote.user", substring2);
                        httpServletRequest.setAttribute(ConfigKey.JAAS_SUBJECT_REQUEST_ATTRIBUTE, doAuthenticate);
                        return true;
                    }
                } catch (Exception e) {
                }
            }
        }
        try {
            httpServletResponse.setHeader(HEADER_WWW_AUTHENTICATE, "Basic realm=\"" + this.realm + "\"");
            httpServletResponse.setStatus(401);
            httpServletResponse.setContentLength(0);
            httpServletResponse.flushBuffer();
            return false;
        } catch (IOException e2) {
            return false;
        }
    }

    private static String base64Decode(String str) {
        return Base64Encoder.decode(str);
    }

    public String getRealm() {
        return this.realm;
    }

    public String[] getRole() {
        return this.roles;
    }

    public String toString() {
        Bundle bundle = FrameworkUtil.getBundle(getClass());
        return getClass().getSimpleName() + "{" + bundle.getSymbolicName() + " - " + bundle.getBundleId() + "}";
    }
}
