package org.jboss.security.negotiation;

import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.Credential;
import io.undertow.security.idm.IdentityManager;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.ServerConnection;
import io.undertow.util.AttachmentKey;
import io.undertow.util.HeaderValues;
import io.undertow.util.Headers;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.UUID;
import org.jboss.logging.Logger;
import org.jboss.security.negotiation.common.MessageTrace;
import org.jboss.security.negotiation.common.NegotiationContext;
import org.picketbox.commons.cipher.Base64;

/* loaded from: input_file:org/jboss/security/negotiation/NegotiationMechanism.class */
public class NegotiationMechanism implements AuthenticationMechanism {
    private static final AttachmentKey<NegotiationMessage> MESSAGE_KEY = AttachmentKey.create(NegotiationMessage.class);
    private static final Logger log = Logger.getLogger(NegotiationMechanism.class);
    private static final String NEGOTIATION_PLAIN = Headers.NEGOTIATE.toString();
    private static final String NEGOTIATE_PREFIX = Headers.NEGOTIATE + " ";

    public AuthenticationMechanism.AuthenticationMechanismOutcome authenticate(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        log.trace("Authenticating user");
        HeaderValues<String> headerValues = httpServerExchange.getRequestHeaders().get(Headers.AUTHORIZATION);
        if (headerValues != null) {
            for (String str : headerValues) {
                if (str.startsWith(NEGOTIATE_PREFIX)) {
                    String substring = str.substring(NEGOTIATE_PREFIX.length());
                    byte[] decode = Base64.decode(substring);
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode);
                    MessageTrace.logRequestBase64(substring);
                    MessageTrace.logRequestHex(decode);
                    ServerConnection connection = httpServerExchange.getConnection();
                    NegotiationContext negotiationContext = (NegotiationContext) connection.getAttachment(NegotiationContext.ATTACHMENT_KEY);
                    if (negotiationContext == null) {
                        negotiationContext = new NegotiationContext();
                        connection.putAttachment(NegotiationContext.ATTACHMENT_KEY, negotiationContext);
                    }
                    try {
                        MessageFactory newInstance = MessageFactory.newInstance();
                        if (!newInstance.accepts(byteArrayInputStream)) {
                            throw new IOException("Unsupported negotiation mechanism.");
                        }
                        negotiationContext.setRequestMessage(newInstance.createMessage(byteArrayInputStream));
                        String username = negotiationContext.getUsername();
                        if (username == null || username.length() == 0) {
                            username = UUID.randomUUID().toString();
                            negotiationContext.setUsername(username);
                        }
                        IdentityManager identityManager = getIdentityManager(securityContext);
                        try {
                            negotiationContext.associate();
                            Account verify = identityManager.verify(username, (Credential) null);
                            if (verify == null) {
                                httpServerExchange.putAttachment(MESSAGE_KEY, negotiationContext.getResponseMessage());
                                negotiationContext.clear();
                                return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
                            }
                            securityContext.authenticationComplete(verify, "SPNEGO", true);
                            NegotiationMessage responseMessage = negotiationContext.getResponseMessage();
                            if (responseMessage != null) {
                                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                                try {
                                    responseMessage.writeTo(byteArrayOutputStream, true);
                                    String byteArrayOutputStream2 = byteArrayOutputStream.toString();
                                    MessageTrace.logResponseBase64(byteArrayOutputStream2);
                                    httpServerExchange.getResponseHeaders().put(Headers.WWW_AUTHENTICATE, NEGOTIATE_PREFIX + byteArrayOutputStream2);
                                } catch (IOException e) {
                                    throw new IllegalStateException(e);
                                }
                            }
                            connection.removeAttachment(NegotiationContext.ATTACHMENT_KEY);
                            AuthenticationMechanism.AuthenticationMechanismOutcome authenticationMechanismOutcome = AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
                            negotiationContext.clear();
                            return authenticationMechanismOutcome;
                        } catch (Throwable th) {
                            negotiationContext.clear();
                            throw th;
                        }
                    } catch (IOException | NegotiationException e2) {
                        log.debug(e2);
                        return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
                    }
                }
            }
        }
        return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_ATTEMPTED;
    }

    private IdentityManager getIdentityManager(SecurityContext securityContext) {
        return securityContext.getIdentityManager();
    }

    public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        String str;
        NegotiationMessage negotiationMessage = (NegotiationMessage) httpServerExchange.getAttachment(MESSAGE_KEY);
        if (negotiationMessage != null) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                negotiationMessage.writeTo(byteArrayOutputStream, true);
                String byteArrayOutputStream2 = byteArrayOutputStream.toString();
                MessageTrace.logResponseBase64(byteArrayOutputStream2);
                str = NEGOTIATE_PREFIX + byteArrayOutputStream2;
            } catch (IOException e) {
                throw new IllegalStateException(e);
            }
        } else {
            str = NEGOTIATION_PLAIN;
        }
        httpServerExchange.getResponseHeaders().put(Headers.WWW_AUTHENTICATE, str);
        httpServerExchange.setStatusCode(401);
        return new AuthenticationMechanism.ChallengeResult(true, 401);
    }
}
