package org.jboss.security.negotiation;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.Principal;
import org.apache.catalina.Session;
import org.apache.catalina.authenticator.AuthenticatorBase;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.log4j.Logger;
import org.jboss.security.negotiation.common.MessageTrace;
import org.jboss.security.negotiation.common.NegotiationContext;
import org.jboss.util.Base64;

/* loaded from: input_file:org/jboss/security/negotiation/NegotiationAuthenticator.class */
public class NegotiationAuthenticator extends AuthenticatorBase {
    private static final Logger log = Logger.getLogger(NegotiationAuthenticator.class);
    private static final String NEGOTIATE = "Negotiate";
    private static final String NEGOTIATION_CONTEXT = "NEGOTIATION_CONTEXT";

    protected String getNegotiateScheme() {
        return NEGOTIATE;
    }

    protected boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException {
        log.trace("Authenticating user");
        Principal userPrincipal = request.getUserPrincipal();
        if (userPrincipal != null) {
            if (!log.isTraceEnabled()) {
                return true;
            }
            log.trace("Already authenticated '" + userPrincipal.getName() + "'");
            return true;
        }
        String negotiateScheme = getNegotiateScheme();
        log.debug("Header - " + request.getHeader("Authorization"));
        String header = request.getHeader("Authorization");
        if (header == null) {
            log.debug("No Authorization Header, sending 401");
            response.setHeader("WWW-Authenticate", negotiateScheme);
            response.sendError(401);
            return false;
        }
        if (!header.startsWith(negotiateScheme + " ")) {
            throw new IOException("Invalid 'Authorization' header.");
        }
        String substring = header.substring(negotiateScheme.length() + 1);
        byte[] decode = Base64.decode(substring);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode);
        MessageTrace.logRequestBase64(substring);
        MessageTrace.logRequestHex(decode);
        Session sessionInternal = request.getSessionInternal();
        NegotiationContext negotiationContext = (NegotiationContext) sessionInternal.getNote(NEGOTIATION_CONTEXT);
        if (negotiationContext == null) {
            log.debug("Creating new NegotiationContext");
            negotiationContext = new NegotiationContext();
            sessionInternal.setNote(NEGOTIATION_CONTEXT, negotiationContext);
        }
        String id = sessionInternal.getId();
        try {
            try {
                negotiationContext.associate();
                MessageFactory newInstance = MessageFactory.newInstance();
                if (!newInstance.accepts(byteArrayInputStream)) {
                    throw new IOException("Unsupported negotiation mechanism.");
                }
                negotiationContext.setRequestMessage(newInstance.createMessage(byteArrayInputStream));
                Principal authenticate = this.context.getRealm().authenticate(id, (String) null);
                String authenticationMethod = negotiationContext.getAuthenticationMethod();
                if (log.isDebugEnabled() && authenticate != null) {
                    log.debug("authenticated principal = " + authenticate);
                }
                NegotiationMessage responseMessage = negotiationContext.getResponseMessage();
                if (responseMessage != null) {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    responseMessage.writeTo(byteArrayOutputStream, true);
                    String byteArrayOutputStream2 = byteArrayOutputStream.toString();
                    MessageTrace.logResponseBase64(byteArrayOutputStream2);
                    response.setHeader("WWW-Authenticate", negotiateScheme + " " + byteArrayOutputStream2);
                }
                if (authenticate == null) {
                    response.sendError(401);
                } else {
                    register(request, response, authenticate, authenticationMethod, id, null);
                }
                return authenticate != null;
            } catch (NegotiationException e) {
                IOException iOException = new IOException("Error processing " + negotiateScheme + " header.");
                iOException.initCause(e);
                throw iOException;
            }
        } finally {
            negotiationContext.clear();
        }
    }
}
