package io.undertow.security.impl;

import io.sundr.codegen.model.Node;
import io.undertow.UndertowLogger;
import io.undertow.UndertowMessages;
import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.AuthenticationMechanismFactory;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.idm.Account;
import io.undertow.security.idm.IdentityManager;
import io.undertow.security.idm.PasswordCredential;
import io.undertow.server.HttpServerExchange;
import io.undertow.server.handlers.form.FormParserFactory;
import io.undertow.util.FlexBase64;
import io.undertow.util.HeaderValues;
import io.undertow.util.Headers;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Locale;
import java.util.Map;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:BOOT-INF/lib/undertow-core-2.0.29.Final.jar:io/undertow/security/impl/BasicAuthenticationMechanism.class */
public class BasicAuthenticationMechanism implements AuthenticationMechanism {
    public static final String SILENT = "silent";
    public static final String CHARSET = "charset";
    public static final String USER_AGENT_CHARSETS = "user-agent-charsets";
    private final String name;
    private final String challenge;
    private static final String COLON = ":";
    private final boolean silent;
    private final IdentityManager identityManager;
    private final Charset charset;
    private final Map<Pattern, Charset> userAgentCharsets;
    public static final AuthenticationMechanismFactory FACTORY = new Factory();
    private static final String BASIC_PREFIX = Headers.BASIC + " ";
    private static final String LOWERCASE_BASIC_PREFIX = BASIC_PREFIX.toLowerCase(Locale.ENGLISH);
    private static final int PREFIX_LENGTH = BASIC_PREFIX.length();

    /* loaded from: input_file:BOOT-INF/lib/undertow-core-2.0.29.Final.jar:io/undertow/security/impl/BasicAuthenticationMechanism$Factory.class */
    public static class Factory implements AuthenticationMechanismFactory {
        @Deprecated
        public Factory(IdentityManager identityManager) {
        }

        public Factory() {
        }

        @Override // io.undertow.security.api.AuthenticationMechanismFactory
        public AuthenticationMechanism create(String str, IdentityManager identityManager, FormParserFactory formParserFactory, Map<String, String> map) {
            String str2 = map.get(AuthenticationMechanismFactory.REALM);
            String str3 = map.get(BasicAuthenticationMechanism.SILENT);
            String str4 = map.get("charset");
            Charset forName = str4 == null ? StandardCharsets.UTF_8 : Charset.forName(str4);
            HashMap hashMap = new HashMap();
            String str5 = map.get(BasicAuthenticationMechanism.USER_AGENT_CHARSETS);
            if (str5 != null) {
                String[] split = str5.split(",");
                if (split.length % 2 != 0) {
                    throw UndertowMessages.MESSAGES.userAgentCharsetMustHaveEvenNumberOfItems(str5);
                }
                for (int i = 0; i < split.length; i += 2) {
                    hashMap.put(Pattern.compile(split[i]), Charset.forName(split[i + 1]));
                }
            }
            return new BasicAuthenticationMechanism(str2, str, str3 != null && str3.equals("true"), identityManager, forName, hashMap);
        }
    }

    public BasicAuthenticationMechanism(String str) {
        this(str, HttpServletRequest.BASIC_AUTH);
    }

    public BasicAuthenticationMechanism(String str, String str2) {
        this(str, str2, false);
    }

    public BasicAuthenticationMechanism(String str, String str2, boolean z) {
        this(str, str2, z, null);
    }

    public BasicAuthenticationMechanism(String str, String str2, boolean z, IdentityManager identityManager) {
        this(str, str2, z, identityManager, StandardCharsets.UTF_8, Collections.emptyMap());
    }

    public BasicAuthenticationMechanism(String str, String str2, boolean z, IdentityManager identityManager, Charset charset, Map<Pattern, Charset> map) {
        this.challenge = BASIC_PREFIX + "realm=\"" + str + Node.DQ;
        this.name = str2;
        this.silent = z;
        this.identityManager = identityManager;
        this.charset = charset;
        this.userAgentCharsets = Collections.unmodifiableMap(new LinkedHashMap(map));
    }

    private IdentityManager getIdentityManager(SecurityContext securityContext) {
        return this.identityManager != null ? this.identityManager : securityContext.getIdentityManager();
    }

    @Override // io.undertow.security.api.AuthenticationMechanism
    public AuthenticationMechanism.AuthenticationMechanismOutcome authenticate(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        int indexOf;
        AuthenticationMechanism.AuthenticationMechanismOutcome authenticationMechanismOutcome;
        String first;
        HeaderValues headerValues = httpServerExchange.getRequestHeaders().get(Headers.AUTHORIZATION);
        if (headerValues != null) {
            for (String str : headerValues) {
                if (str.toLowerCase(Locale.ENGLISH).startsWith(LOWERCASE_BASIC_PREFIX)) {
                    String str2 = null;
                    try {
                        ByteBuffer decode = FlexBase64.decode(str.substring(PREFIX_LENGTH));
                        Charset charset = this.charset;
                        if (!this.userAgentCharsets.isEmpty() && (first = httpServerExchange.getRequestHeaders().getFirst(Headers.USER_AGENT)) != null) {
                            Iterator<Map.Entry<Pattern, Charset>> it = this.userAgentCharsets.entrySet().iterator();
                            while (true) {
                                if (!it.hasNext()) {
                                    break;
                                }
                                Map.Entry<Pattern, Charset> next = it.next();
                                if (next.getKey().matcher(first).find()) {
                                    charset = next.getValue();
                                    break;
                                }
                            }
                        }
                        str2 = new String(decode.array(), decode.arrayOffset(), decode.limit(), charset);
                        UndertowLogger.SECURITY_LOGGER.debugf("Found basic auth header (decoded using charset %s) in %s", charset, httpServerExchange);
                    } catch (IOException e) {
                        UndertowLogger.SECURITY_LOGGER.debugf(e, "Failed to decode basic auth header in %s", httpServerExchange);
                    }
                    if (str2 == null || (indexOf = str2.indexOf(":")) <= -1) {
                        return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
                    }
                    String substring = str2.substring(0, indexOf);
                    char[] charArray = str2.substring(indexOf + 1).toCharArray();
                    try {
                        Account verify = getIdentityManager(securityContext).verify(substring, new PasswordCredential(charArray));
                        if (verify != null) {
                            securityContext.authenticationComplete(verify, this.name, false);
                            authenticationMechanismOutcome = AuthenticationMechanism.AuthenticationMechanismOutcome.AUTHENTICATED;
                        } else {
                            securityContext.authenticationFailed(UndertowMessages.MESSAGES.authenticationFailed(substring), this.name);
                            authenticationMechanismOutcome = AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_AUTHENTICATED;
                        }
                        return authenticationMechanismOutcome;
                    } finally {
                        clear(charArray);
                    }
                }
            }
        }
        return AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_ATTEMPTED;
    }

    @Override // io.undertow.security.api.AuthenticationMechanism
    public AuthenticationMechanism.ChallengeResult sendChallenge(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        if (this.silent && httpServerExchange.getRequestHeaders().getFirst(Headers.AUTHORIZATION) == null) {
            return AuthenticationMechanism.ChallengeResult.NOT_SENT;
        }
        httpServerExchange.getResponseHeaders().add(Headers.WWW_AUTHENTICATE, this.challenge);
        UndertowLogger.SECURITY_LOGGER.debugf("Sending basic auth challenge %s for %s", this.challenge, httpServerExchange);
        return new AuthenticationMechanism.ChallengeResult(true, 401);
    }

    private static void clear(char[] cArr) {
        for (int i = 0; i < cArr.length; i++) {
            cArr[i] = 0;
        }
    }
}
