package org.jboss.security.negotiation;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.Principal;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.authenticator.FormAuthenticator;
import org.apache.catalina.connector.Request;
import org.apache.catalina.deploy.LoginConfig;
import org.codehaus.jackson.util.MinimalPrettyPrinter;
import org.jboss.com.sun.corba.se.impl.util.Utility;
import org.jboss.logging.Logger;
import org.jboss.security.negotiation.common.MessageTrace;
import org.jboss.security.negotiation.common.NegotiationContext;
import org.picketbox.commons.cipher.Base64;

/* loaded from: input_file:jboss-as-7.1.1.Final/modules/org/jboss/security/negotiation/main/jboss-negotiation-common-2.2.0.SP1.jar:org/jboss/security/negotiation/NegotiationAuthenticator.class */
public class NegotiationAuthenticator extends FormAuthenticator {
    private static final Logger log = Logger.getLogger((Class<?>) NegotiationAuthenticator.class);
    private static final String NEGOTIATE = "Negotiate";
    private static final String NEGOTIATION_CONTEXT = "NEGOTIATION_CONTEXT";
    private static final String FORM_METHOD = "FORM";

    protected String getNegotiateScheme() {
        return "Negotiate";
    }

    @Override // org.apache.catalina.authenticator.FormAuthenticator, org.apache.catalina.authenticator.AuthenticatorBase
    public boolean authenticate(Request request, HttpServletResponse httpServletResponse, LoginConfig loginConfig) throws IOException {
        boolean isDebugEnabled = log.isDebugEnabled();
        log.trace("Authenticating user");
        Principal userPrincipal = request.getUserPrincipal();
        if (userPrincipal != null) {
            if (!log.isTraceEnabled()) {
                return true;
            }
            log.trace("Already authenticated '" + userPrincipal.getName() + "'");
            return true;
        }
        String contextPath = request.getContextPath();
        String decodedRequestURI = request.getDecodedRequestURI();
        if (decodedRequestURI.startsWith(contextPath) && decodedRequestURI.endsWith("/j_security_check")) {
            Realm realm = this.context.getRealm();
            String parameter = request.getParameter(org.apache.catalina.authenticator.Constants.FORM_USERNAME);
            String parameter2 = request.getParameter(org.apache.catalina.authenticator.Constants.FORM_PASSWORD);
            Principal authenticate = realm.authenticate(parameter, parameter2);
            if (authenticate == null) {
                try {
                    this.context.getServletContext().getRequestDispatcher(loginConfig.getErrorPage()).forward(request.getRequest(), httpServletResponse);
                    return false;
                } catch (ServletException e) {
                    IOException iOException = new IOException("Unable to forward to error page.");
                    iOException.initCause(e);
                    throw iOException;
                }
            }
            Session sessionInternal = request.getSessionInternal();
            String savedRequestURL = savedRequestURL(sessionInternal);
            sessionInternal.setNote(org.apache.catalina.authenticator.Constants.FORM_PRINCIPAL_NOTE, authenticate);
            sessionInternal.setNote(org.apache.catalina.authenticator.Constants.SESS_USERNAME_NOTE, parameter);
            sessionInternal.setNote(org.apache.catalina.authenticator.Constants.SESS_PASSWORD_NOTE, parameter2);
            register(request, httpServletResponse, authenticate, "FORM", parameter, parameter2);
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(savedRequestURL));
            return false;
        }
        String negotiateScheme = getNegotiateScheme();
        if (isDebugEnabled) {
            log.debug("Header - " + request.getHeader("Authorization"));
        }
        String header = request.getHeader("Authorization");
        if (header == null) {
            log.debug("No Authorization Header, initiating negotiation");
            initiateNegotiation(request, httpServletResponse, loginConfig);
            return false;
        }
        if (!header.startsWith(negotiateScheme + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR)) {
            throw new IOException("Invalid 'Authorization' header.");
        }
        String substring = header.substring(negotiateScheme.length() + 1);
        byte[] decode = Base64.decode(substring);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode);
        MessageTrace.logRequestBase64(substring);
        MessageTrace.logRequestHex(decode);
        Session sessionInternal2 = request.getSessionInternal();
        NegotiationContext negotiationContext = (NegotiationContext) sessionInternal2.getNote(NEGOTIATION_CONTEXT);
        if (negotiationContext == null) {
            log.debug("Creating new NegotiationContext");
            negotiationContext = new NegotiationContext();
            sessionInternal2.setNote(NEGOTIATION_CONTEXT, negotiationContext);
        }
        String username = negotiationContext.getUsername();
        if (username == null || username.length() == 0) {
            username = sessionInternal2.getId() + Utility.STUB_PREFIX + String.valueOf(System.currentTimeMillis());
        }
        try {
            try {
                negotiationContext.associate();
                MessageFactory newInstance = MessageFactory.newInstance();
                if (!newInstance.accepts(byteArrayInputStream)) {
                    throw new IOException("Unsupported negotiation mechanism.");
                }
                negotiationContext.setRequestMessage(newInstance.createMessage(byteArrayInputStream));
                Principal authenticate2 = this.context.getRealm().authenticate(username, (String) null);
                String authenticationMethod = negotiationContext.getAuthenticationMethod();
                if (isDebugEnabled && authenticate2 != null) {
                    log.debug("authenticated principal = " + authenticate2);
                }
                NegotiationMessage responseMessage = negotiationContext.getResponseMessage();
                if (responseMessage != null) {
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    responseMessage.writeTo(byteArrayOutputStream, true);
                    String byteArrayOutputStream2 = byteArrayOutputStream.toString();
                    MessageTrace.logResponseBase64(byteArrayOutputStream2);
                    httpServletResponse.setHeader("WWW-Authenticate", negotiateScheme + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + byteArrayOutputStream2);
                }
                if (authenticate2 == null) {
                    httpServletResponse.sendError(401);
                } else {
                    register(request, httpServletResponse, authenticate2, authenticationMethod, username, null);
                }
                return authenticate2 != null;
            } catch (NegotiationException e2) {
                IOException iOException2 = new IOException("Error processing " + negotiateScheme + " header.");
                iOException2.initCause(e2);
                throw iOException2;
            }
        } finally {
            negotiationContext.clear();
        }
    }

    private void initiateNegotiation(Request request, HttpServletResponse httpServletResponse, LoginConfig loginConfig) throws IOException {
        String loginPage = loginConfig.getLoginPage();
        if (loginPage != null) {
            RequestDispatcher requestDispatcher = this.context.getServletContext().getRequestDispatcher(loginPage);
            try {
                saveRequest(request, request.getSessionInternal());
                requestDispatcher.include(request.getRequest(), httpServletResponse);
                httpServletResponse.setHeader("WWW-Authenticate", getNegotiateScheme());
                httpServletResponse.setStatus(401);
            } catch (ServletException e) {
                IOException iOException = new IOException("Unable to include loginPage");
                iOException.initCause(e);
                throw iOException;
            }
        } else {
            httpServletResponse.setHeader("WWW-Authenticate", getNegotiateScheme());
            httpServletResponse.sendError(401);
        }
        httpServletResponse.flushBuffer();
    }
}
