package org.opendaylight.aaa.authenticator;

import java.nio.charset.StandardCharsets;
import java.util.Base64;
import javax.inject.Inject;
import javax.inject.Singleton;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.ShiroException;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.subject.Subject;
import org.jolokia.osgi.security.Authenticator;
import org.opendaylight.aaa.shiro.tokenauthrealm.auth.HttpBasicAuth;
import org.osgi.service.component.annotations.Component;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Component(immediate = true)
/* loaded from: input_file:org/opendaylight/aaa/authenticator/ODLAuthenticator.class */
public class ODLAuthenticator implements Authenticator {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) ODLAuthenticator.class);

    @Inject
    public ODLAuthenticator() {
    }

    public boolean authenticate(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(HttpBasicAuth.AUTH_HEADER);
        LOG.trace("Incoming Jolokia authentication attempt: {}", header);
        if (header == null || !header.startsWith("Basic")) {
            return false;
        }
        try {
            String[] split = new String(Base64.getDecoder().decode(header.substring("Basic".length()).trim()), StandardCharsets.UTF_8).split(HttpBasicAuth.AUTH_SEP, 2);
            UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken();
            usernamePasswordToken.setUsername(split[0]);
            usernamePasswordToken.setPassword(split[1].toCharArray());
            try {
                return login(usernamePasswordToken);
            } catch (UnknownSessionException e) {
                LOG.debug("Couldn't log in {} - logging out and retrying...", usernamePasswordToken, e);
                logout();
                return login(usernamePasswordToken);
            }
        } catch (ArrayIndexOutOfBoundsException e2) {
            LOG.trace("Formatting issue with basic auth credentials: {}", header, e2);
            return false;
        }
    }

    private static void logout() {
        Subject subject = SecurityUtils.getSubject();
        try {
            subject.logout();
            Session session = subject.getSession(false);
            if (session != null) {
                session.stop();
            }
        } catch (ShiroException e) {
            LOG.debug("Couldn't log out {}", subject, e);
        }
    }

    private static boolean login(UsernamePasswordToken usernamePasswordToken) {
        Subject subject = SecurityUtils.getSubject();
        try {
            subject.login(usernamePasswordToken);
            return true;
        } catch (AuthenticationException e) {
            LOG.trace("Couldn't authenticate the subject: {}", subject, e);
            return false;
        }
    }
}
