package io.hawt.system;

import java.io.IOException;
import java.security.Principal;
import java.util.Iterator;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AccountException;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.codec.binary.Base64;
import org.eclipse.jgit.lib.RefDatabase;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/hawtio-system-1.3.1.jar:io/hawt/system/Authenticator.class */
public class Authenticator {
    private static final transient Logger LOG = LoggerFactory.getLogger(Authenticator.class);
    public static final String HEADER_AUTHORIZATION = "Authorization";
    public static final String AUTHENTICATION_SCHEME_BASIC = "Basic";

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/hawtio-system-1.3.1.jar:io/hawt/system/Authenticator$AuthenticationCallbackHandler.class */
    public static final class AuthenticationCallbackHandler implements CallbackHandler {
        private final String username;
        private final String password;

        private AuthenticationCallbackHandler(String str, String str2) {
            this.username = str;
            this.password = str2;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (Authenticator.LOG.isTraceEnabled()) {
                    Authenticator.LOG.trace("Callback type {} -> {}", callback.getClass(), callback);
                }
                if (callback instanceof NameCallback) {
                    ((NameCallback) callback).setName(this.username);
                } else if (callback instanceof PasswordCallback) {
                    ((PasswordCallback) callback).setPassword(this.password.toCharArray());
                } else {
                    Authenticator.LOG.warn("Unsupported callback class [" + callback.getClass().getName() + "]");
                }
            }
        }
    }

    public static void extractAuthInfo(String str, ExtractAuthInfoCallback extractAuthInfoCallback) {
        String[] split = str.trim().split(" ");
        if (split.length != 2) {
            return;
        }
        String str2 = split[0];
        String str3 = split[1];
        if (str2.equalsIgnoreCase("Basic")) {
            String[] split2 = new String(Base64.decodeBase64(str3)).split(":");
            if (split2.length != 2) {
                return;
            }
            extractAuthInfoCallback.getAuthInfo(split2[0], split2[1]);
        }
    }

    public static AuthenticateResult authenticate(String str, String str2, String str3, Configuration configuration, HttpServletRequest httpServletRequest, PrivilegedCallback privilegedCallback) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || header.equals(RefDatabase.ALL)) {
            return AuthenticateResult.NO_CREDENTIALS;
        }
        final AuthInfo authInfo = new AuthInfo();
        extractAuthInfo(header, new ExtractAuthInfoCallback() { // from class: io.hawt.system.Authenticator.1
            @Override // io.hawt.system.ExtractAuthInfoCallback
            public void getAuthInfo(String str4, String str5) {
                AuthInfo.this.username = str4;
                AuthInfo.this.password = str5;
            }
        });
        if (authInfo.username == null || authInfo.username.equals("public")) {
            return AuthenticateResult.NO_CREDENTIALS;
        }
        if (!authInfo.set()) {
            return AuthenticateResult.NO_CREDENTIALS;
        }
        Subject doAuthenticate = doAuthenticate(str, str2, str3, configuration, authInfo.username, authInfo.password);
        if (doAuthenticate == null) {
            return AuthenticateResult.NOT_AUTHORIZED;
        }
        if (privilegedCallback != null) {
            try {
                privilegedCallback.execute(doAuthenticate);
            } catch (Exception e) {
                LOG.warn("Failed to execute privileged action: ", (Throwable) e);
            }
        }
        return AuthenticateResult.AUTHORIZED;
    }

    private static Subject doAuthenticate(String str, String str2, String str3, Configuration configuration, String str4, String str5) {
        try {
            if (LOG.isDebugEnabled()) {
                LOG.debug("doAuthenticate[realm={}, role={}, rolePrincipalClasses={}, configuration={}, username={}, password={}]", new Object[]{str, str2, str3, configuration, str4, "******"});
            }
            Subject subject = new Subject();
            AuthenticationCallbackHandler authenticationCallbackHandler = new AuthenticationCallbackHandler(str4, str5);
            (configuration != null ? new LoginContext(str, subject, authenticationCallbackHandler, configuration) : new LoginContext(str, subject, authenticationCallbackHandler)).login();
            if (str2 != null && str2.length() > 0 && str3 != null && str3.length() > 0) {
                boolean z = false;
                for (String str6 : str3.split(",")) {
                    String str7 = str2;
                    int indexOf = str2.indexOf(58);
                    if (indexOf > 0) {
                        str6 = str2.substring(0, indexOf);
                        str7 = str2.substring(indexOf + 1);
                    }
                    Iterator<Principal> it = subject.getPrincipals().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Principal next = it.next();
                        if (next.getClass().getName().equals(str6.trim()) && next.getName().equals(str7)) {
                            z = true;
                            break;
                        }
                    }
                    if (z) {
                        break;
                    }
                }
                if (!z) {
                    LOG.debug("User does not have the required role " + str2);
                    return null;
                }
            }
            return subject;
        } catch (LoginException e) {
            if (LOG.isTraceEnabled()) {
                LOG.trace("Login failed due " + e.getMessage(), (Throwable) e);
                return null;
            }
            LOG.debug("Login failed due " + e.getMessage());
            return null;
        } catch (AccountException e2) {
            LOG.warn("Account failure", e2);
            return null;
        }
    }
}
