package org.jboss.security.negotiation.spnego;

import java.io.IOException;
import java.security.Principal;
import org.apache.catalina.Session;
import org.apache.catalina.authenticator.AuthenticatorBase;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/jboss/security/negotiation/spnego/SPNEGOAuthenticator.class */
public class SPNEGOAuthenticator extends AuthenticatorBase {
    private static final Logger log = Logger.getLogger(SPNEGOAuthenticator.class);
    private static final String SPNEGO = "SPNEGO";
    private static final String SPNEGO_CONTEXT = "SPNEGO_CONTEXT";

    protected boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException {
        log.trace("Authenticating user");
        Principal userPrincipal = request.getUserPrincipal();
        if (userPrincipal != null) {
            if (!log.isTraceEnabled()) {
                return true;
            }
            log.trace("Already authenticated '" + userPrincipal.getName() + "'");
            return true;
        }
        log.info("Header - " + request.getHeader("Authorization"));
        String header = request.getHeader("Authorization");
        if (header == null) {
            log.debug("No Authorization Header, sending 401");
            response.setHeader("WWW-Authenticate", "Negotiate");
            response.sendError(401);
            return false;
        }
        if (!header.startsWith("Negotiate ")) {
            throw new IOException("Invalid 'Authorization' header.");
        }
        Session sessionInternal = request.getSessionInternal();
        SPNEGOContext sPNEGOContext = (SPNEGOContext) sessionInternal.getNote(SPNEGO_CONTEXT);
        if (sPNEGOContext == null) {
            log.debug("Creating new SPNEGOContext");
            sPNEGOContext = new SPNEGOContext();
            sessionInternal.setNote(SPNEGO_CONTEXT, sPNEGOContext);
        }
        String id = sessionInternal.getId();
        try {
            sPNEGOContext.associate();
            sPNEGOContext.setRequestHeader(header.substring(10));
            Principal authenticate = this.context.getRealm().authenticate(id, (String) null);
            if (log.isDebugEnabled()) {
                log.debug("authenticated principal = " + authenticate);
            }
            String responseHeader = sPNEGOContext.getResponseHeader();
            if (responseHeader != null) {
                response.setHeader("WWW-Authenticate", "Negotiate " + responseHeader);
            }
            if (authenticate == null) {
                response.sendError(401);
            } else {
                register(request, response, authenticate, SPNEGO, id, null);
            }
            return authenticate != null;
        } finally {
            sPNEGOContext.clear();
        }
    }
}
