package io.undertow.security.impl;

import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.PasswordCredential;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.FlexBase64;
import io.undertow.util.Headers;
import io.undertow.util.StatusCodes;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.util.List;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:io/undertow/security/impl/BasicAuthenticationMechanism.class */
public class BasicAuthenticationMechanism implements AuthenticationMechanism {
    private final String name;
    private final String challenge;
    private static final String COLON = ":";
    private static final Charset UTF_8 = Charset.forName("UTF-8");
    private static final String BASIC_PREFIX = Headers.BASIC + " ";
    private static final int PREFIX_LENGTH = BASIC_PREFIX.length();

    public BasicAuthenticationMechanism(String str) {
        this(str, HttpServletRequest.BASIC_AUTH);
    }

    public BasicAuthenticationMechanism(String str, String str2) {
        this.challenge = BASIC_PREFIX + "realm=\"" + str + "\"";
        this.name = str2;
    }

    @Override // io.undertow.security.api.AuthenticationMechanism
    public String getName() {
        return this.name;
    }

    @Override // io.undertow.security.api.AuthenticationMechanism
    public AuthenticationMechanism.AuthenticationMechanismOutcome authenticate(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        int indexOf;
        List<String> list = httpServerExchange.getRequestHeaders().get(Headers.AUTHORIZATION);
        if (list != null) {
            for (String str : list) {
                if (str.startsWith(BASIC_PREFIX)) {
                    String str2 = null;
                    try {
                        ByteBuffer decode = FlexBase64.decode(str.substring(PREFIX_LENGTH));
                        str2 = new String(decode.array(), decode.arrayOffset(), decode.limit(), UTF_8);
                    } catch (IOException e) {
                    }
                    return (str2 == null || (indexOf = str2.indexOf(COLON)) <= -1) ? AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED : runBasic(securityContext, str2.substring(0, indexOf), str2.substring(indexOf + 1).toCharArray());
                }
            }
        }
        return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_ATTEMPTED;
    }

    /* JADX WARN: Finally extract failed */
    public AuthenticationMechanism.AuthenticationMechanismOutcome runBasic(SecurityContext securityContext, String str, char[] cArr) {
        AuthenticationMechanism.AuthenticationMechanismOutcome authenticationMechanismOutcome = null;
        try {
            Account verify = securityContext.getIdentityManager().verify(str, new PasswordCredential(cArr));
            if (verify != null) {
                securityContext.authenticationComplete(verify, getName(), false);
                authenticationMechanismOutcome = AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
            }
            AuthenticationMechanism.AuthenticationMechanismOutcome authenticationMechanismOutcome2 = authenticationMechanismOutcome != null ? authenticationMechanismOutcome : AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
            for (int i = 0; i < cArr.length; i++) {
                cArr[i] = 0;
            }
            return authenticationMechanismOutcome2;
        } catch (Throwable th) {
            for (int i2 = 0; i2 < cArr.length; i2++) {
                cArr[i2] = 0;
            }
            throw th;
        }
    }

    @Override // io.undertow.security.api.AuthenticationMechanism
    public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        httpServerExchange.getResponseHeaders().add(Headers.WWW_AUTHENTICATE, this.challenge);
        return new AuthenticationMechanism.ChallengeResult(true, StatusCodes.CODE_401);
    }
}
