package org.jboss.as.domain.http.server.security;

import io.undertow.io.IoCallback;
import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.DigestAlgorithm;
import io.undertow.security.impl.BasicAuthenticationMechanism;
import io.undertow.security.impl.DigestAuthenticationMechanism;
import io.undertow.security.impl.SimpleNonceManager;
import io.undertow.server.HttpHandler;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.FlexBase64;
import io.undertow.util.HeaderMap;
import io.undertow.util.Headers;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Deque;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:org/jboss/as/domain/http/server/security/LogoutHandler.class */
public class LogoutHandler implements HttpHandler {
    public static final String PATH = "/logout";
    public static final String CONTEXT = "org.jboss.as.console.logout.context";
    private static final String EXIT = "org.jboss.as.console.logout.exit";
    private static final String HIT_ESCAPE = "HIT THE ESCAPE KEY";
    private static final String BASIC = "BASIC";
    private static final String DIGEST = "DIGEST";
    private static final String MECHANISM = "mechanism";
    private final DigestAuthenticationMechanism digestMechanism;
    private final DigestAuthenticationMechanism fakeRealmdigestMechanism;
    private final BasicAuthenticationMechanism basicMechanism;
    private final BasicAuthenticationMechanism fakeRealmBasicMechanism;

    public LogoutHandler(String str) {
        List singletonList = Collections.singletonList(DigestAlgorithm.MD5);
        List emptyList = Collections.emptyList();
        this.digestMechanism = new DigestAuthenticationMechanism(singletonList, emptyList, str, "/management", new SimpleNonceManager());
        this.fakeRealmdigestMechanism = new DigestAuthenticationMechanism(singletonList, emptyList, HIT_ESCAPE, "/management", new SimpleNonceManager());
        this.basicMechanism = new BasicAuthenticationMechanism(str);
        this.fakeRealmBasicMechanism = new BasicAuthenticationMechanism(HIT_ESCAPE);
    }

    public void handleRequest(HttpServerExchange httpServerExchange) throws Exception {
        HeaderMap requestHeaders = httpServerExchange.getRequestHeaders();
        HeaderMap responseHeaders = httpServerExchange.getResponseHeaders();
        String first = responseHeaders.getFirst(Headers.REFERER);
        String requestScheme = httpServerExchange.getRequestScheme();
        String str = null;
        if (first != null) {
            try {
                URI uri = new URI(first);
                requestScheme = uri.getScheme();
                str = uri.getHost() + portPortion(requestScheme, uri.getPort());
            } catch (URISyntaxException e) {
            }
        }
        if (str == null) {
            str = requestHeaders.getFirst(Headers.HOST);
            if (str == null) {
                httpServerExchange.setStatusCode(500);
                return;
            }
        }
        String first2 = requestHeaders.getFirst(Headers.USER_AGENT);
        boolean z = first2 != null && first2.contains("Opera");
        boolean z2 = (z || first2 == null || (!first2.contains("MSIE") && !first2.contains("Trident"))) ? false : true;
        String queryString = httpServerExchange.getQueryString();
        boolean z3 = queryString != null && queryString.contains(EXIT);
        if (z2) {
            responseHeaders.add(Headers.LOCATION, requestScheme + "://" + str + "/");
            httpServerExchange.setStatusCode(307);
            return;
        }
        String first3 = requestHeaders.getFirst(Headers.AUTHORIZATION);
        boolean z4 = true;
        Map queryParameters = httpServerExchange.getQueryParameters();
        if (queryParameters.containsKey(MECHANISM)) {
            z4 = !BASIC.equals(((Deque) queryParameters.get(MECHANISM)).getFirst());
        }
        if (first3 != null && first3.length() > BASIC.length() && BASIC.equalsIgnoreCase(first3.substring(0, BASIC.length()))) {
            z4 = false;
            ByteBuffer decode = FlexBase64.decode(first3.substring(6));
            first3 = new String(decode.array(), decode.arrayOffset(), decode.limit(), StandardCharsets.UTF_8);
        }
        if (first3 != null && first3.contains("enter-login-here")) {
            responseHeaders.add(Headers.LOCATION, requestScheme + "://" + str + "/");
            httpServerExchange.setStatusCode(307);
        } else if (!z3) {
            responseHeaders.add(Headers.LOCATION, requestScheme + "://enter-login-here:blah@" + str + "/logout?" + EXIT + "&" + MECHANISM + "=" + (z4 ? DIGEST : BASIC));
            httpServerExchange.setStatusCode(307);
        } else {
            mechanism(z, z4).sendChallenge(httpServerExchange, (SecurityContext) null);
            httpServerExchange.setStatusCode(401);
            httpServerExchange.getResponseSender().send("<html><script type='text/javascript'>window.location=\"" + requestScheme + "://" + str + "/\";</script></html>", IoCallback.END_EXCHANGE);
        }
    }

    private AuthenticationMechanism mechanism(boolean z, boolean z2) {
        return z2 ? z ? this.fakeRealmdigestMechanism : this.digestMechanism : z ? this.fakeRealmBasicMechanism : this.basicMechanism;
    }

    private String portPortion(String str, int i) {
        return i != -1 ? ("http".equals(str) && i == 80) ? "" : ("https".equals(str) && i == 443) ? "" : ":" + String.valueOf(i) : "";
    }
}
