package org.keycloak.protocol.saml.profile.ecp.authenticator;

import java.io.IOException;
import java.util.List;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.Response;
import org.keycloak.Config;
import org.keycloak.authentication.AuthenticationFlowContext;
import org.keycloak.authentication.AuthenticationFlowError;
import org.keycloak.authentication.Authenticator;
import org.keycloak.authentication.AuthenticatorFactory;
import org.keycloak.common.util.Base64;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.provider.ProviderConfigProperty;
import org.keycloak.services.resources.Cors;

/* loaded from: input_file:org/keycloak/protocol/saml/profile/ecp/authenticator/HttpBasicAuthenticator.class */
public class HttpBasicAuthenticator implements AuthenticatorFactory {
    public static final String PROVIDER_ID = "http-basic-authenticator";

    public String getDisplayType() {
        return "HTTP Basic Authentication";
    }

    public String getReferenceCategory() {
        return null;
    }

    public boolean isConfigurable() {
        return false;
    }

    public AuthenticationExecutionModel.Requirement[] getRequirementChoices() {
        return new AuthenticationExecutionModel.Requirement[0];
    }

    public boolean isUserSetupAllowed() {
        return false;
    }

    public String getHelpText() {
        return "Validates username and password from Authorization HTTP header";
    }

    public List<ProviderConfigProperty> getConfigProperties() {
        return null;
    }

    /* renamed from: create, reason: merged with bridge method [inline-methods] */
    public Authenticator m213create(KeycloakSession keycloakSession) {
        return new Authenticator() { // from class: org.keycloak.protocol.saml.profile.ecp.authenticator.HttpBasicAuthenticator.1
            private static final String BASIC = "Basic";
            private static final String BASIC_PREFIX = "Basic ";

            public void authenticate(AuthenticationFlowContext authenticationFlowContext) {
                RealmModel realm;
                UserModel userByUsername;
                String[] usernameAndPassword = getUsernameAndPassword(authenticationFlowContext.getHttpRequest().getHttpHeaders());
                authenticationFlowContext.attempted();
                if (usernameAndPassword == null || (userByUsername = authenticationFlowContext.getSession().users().getUserByUsername(usernameAndPassword[0], (realm = authenticationFlowContext.getRealm()))) == null) {
                    return;
                }
                if (authenticationFlowContext.getSession().users().validCredentials(authenticationFlowContext.getSession(), realm, userByUsername, new UserCredentialModel[]{UserCredentialModel.password(usernameAndPassword[1])})) {
                    authenticationFlowContext.getClientSession().setAuthenticatedUser(userByUsername);
                    authenticationFlowContext.success();
                } else {
                    authenticationFlowContext.getEvent().user(userByUsername);
                    authenticationFlowContext.getEvent().error("invalid_user_credentials");
                    authenticationFlowContext.failure(AuthenticationFlowError.INVALID_USER, Response.status(Response.Status.UNAUTHORIZED).header("WWW-Authenticate", "Basic realm=\"" + realm.getName() + "\"").build());
                }
            }

            private String[] getUsernameAndPassword(HttpHeaders httpHeaders) {
                List<String> requestHeader = httpHeaders.getRequestHeader(Cors.AUTHORIZATION_HEADER);
                if (requestHeader == null || requestHeader.size() == 0) {
                    return null;
                }
                String str = null;
                for (String str2 : requestHeader) {
                    if (str2.startsWith(BASIC_PREFIX)) {
                        String[] split = str2.trim().split("\\s+");
                        if (split == null || split.length != 2) {
                            return null;
                        }
                        str = split[1];
                    }
                }
                try {
                    return new String(Base64.decode(str)).split(":");
                } catch (IOException e) {
                    throw new RuntimeException("Failed to parse credentials.", e);
                }
            }

            public void action(AuthenticationFlowContext authenticationFlowContext) {
            }

            public boolean requiresUser() {
                return false;
            }

            public boolean configuredFor(KeycloakSession keycloakSession2, RealmModel realmModel, UserModel userModel) {
                return false;
            }

            public void setRequiredActions(KeycloakSession keycloakSession2, RealmModel realmModel, UserModel userModel) {
            }

            public void close() {
            }
        };
    }

    public void init(Config.Scope scope) {
    }

    public void postInit(KeycloakSessionFactory keycloakSessionFactory) {
    }

    public void close() {
    }

    public String getId() {
        return PROVIDER_ID;
    }
}
