package weblogic.security.jaspic.servlet;

import java.io.IOException;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.security.auth.message.MessageInfo;
import javax.security.auth.message.MessagePolicy;
import javax.security.auth.message.module.ServerAuthModule;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.glassfish.tyrus.spi.UpgradeResponse;
import weblogic.diagnostics.descriptor.WLDFRESTNotificationBean;
import weblogic.security.SubjectUtils;
import weblogic.utils.StringUtils;
import weblogic.utils.encoders.BASE64Decoder;

/* loaded from: input_file:weblogic/security/jaspic/servlet/BasicServerAuthModule.class */
public class BasicServerAuthModule implements ServerAuthModule {
    private static final String KEY_MUST_AUTHENTICATE = "javax.security.auth.message.MessagePolicy.isMandatory";
    private static final String KEY_CURRENT_USER = "com.oracle.weblogic.servlet.current_subject";
    private MessagePolicy requestPolicy;
    private MessagePolicy responsePolicy;
    private CallbackHandler callbackHandler;
    private ServerAuthSupport serverAuthSupport;

    @Override // javax.security.auth.message.module.ServerAuthModule
    public void initialize(MessagePolicy messagePolicy, MessagePolicy messagePolicy2, CallbackHandler callbackHandler, Map map) {
        this.requestPolicy = messagePolicy;
        this.responsePolicy = messagePolicy2;
        this.callbackHandler = callbackHandler;
        this.serverAuthSupport = (ServerAuthSupport) map.get(ServerAuthSupport.OPTION_SERVER_AUTH_SUPPORT);
    }

    @Override // javax.security.auth.message.ServerAuth
    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        try {
            AuthStatus doValidation = doValidation(splitAuthHeader((HttpServletRequest) messageInfo.getRequestMessage()), messageInfo, subject);
            if (doValidation == AuthStatus.SEND_CONTINUE) {
                sendChallenge((HttpServletResponse) messageInfo.getResponseMessage());
            }
            messageInfo.getMap().put("javax.servlet.http.registerSession", "true");
            return doValidation;
        } catch (IOException e) {
            throw new AuthException("Unable to parse authentication header");
        } catch (UnsupportedCallbackException e2) {
            throw new AuthException(e2.getMessage());
        }
    }

    @Override // javax.security.auth.message.ServerAuth
    public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
        try {
            return secureResponse((HttpServletResponse) messageInfo.getResponseMessage());
        } catch (IOException e) {
            throw new AuthException(e.toString());
        }
    }

    private AuthStatus secureResponse(HttpServletResponse httpServletResponse) throws AuthException, IOException {
        return AuthStatus.SEND_SUCCESS;
    }

    private AuthStatus toResponseAuthStatus(int i) {
        switch (i) {
            case 200:
                return AuthStatus.SEND_SUCCESS;
            case 401:
                return AuthStatus.SEND_CONTINUE;
            default:
                return AuthStatus.SEND_FAILURE;
        }
    }

    @Override // javax.security.auth.message.module.ServerAuthModule
    public Class[] getSupportedMessageTypes() {
        return new Class[]{HttpServletRequest.class, HttpServletResponse.class};
    }

    @Override // javax.security.auth.message.ServerAuth
    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
    }

    private static AuthStatus useCurrentSubjectOrFail(MessageInfo messageInfo, Subject subject) {
        if (!haveCurrentSubject(messageInfo)) {
            return mustAuthenticate(messageInfo) ? AuthStatus.SEND_CONTINUE : AuthStatus.SUCCESS;
        }
        updateSubject(subject, messageInfo);
        return AuthStatus.SUCCESS;
    }

    private static void updateSubject(Subject subject, MessageInfo messageInfo) {
        SubjectUtils.setFrom(subject, (Subject) messageInfo.getMap().get(KEY_CURRENT_USER));
    }

    private static boolean haveCurrentSubject(MessageInfo messageInfo) {
        return messageInfo.getMap().containsKey(KEY_CURRENT_USER);
    }

    private static boolean mustAuthenticate(MessageInfo messageInfo) {
        return getBooleanValue(messageInfo.getMap(), KEY_MUST_AUTHENTICATE);
    }

    private static boolean getBooleanValue(Map map, String str) {
        Object obj = map.get(str);
        return (obj instanceof String) && Boolean.parseBoolean((String) obj);
    }

    private static String[] splitAuthHeader(HttpServletRequest httpServletRequest) throws IOException {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            return null;
        }
        String[] split = StringUtils.split(header, ' ');
        if (split[0].equals(WLDFRESTNotificationBean.BASIC_HTTP_AUTH)) {
            return StringUtils.split(new String(new BASE64Decoder().decodeBuffer(split[1])), ':');
        }
        return null;
    }

    private void sendChallenge(HttpServletResponse httpServletResponse) throws AuthException {
        try {
            httpServletResponse.setHeader(UpgradeResponse.WWW_AUTHENTICATE, this.serverAuthSupport.getRealmBanner());
            httpServletResponse.sendError(401, this.serverAuthSupport.getErrorPage(401));
        } catch (IOException e) {
            throw new AuthException(e.toString());
        }
    }

    private AuthStatus doValidation(String[] strArr, MessageInfo messageInfo, Subject subject) throws UnsupportedCallbackException, IOException {
        if (strArr == null) {
            return useCurrentSubjectOrFail(messageInfo, subject);
        }
        ServletPasswordValidationCallback servletPasswordValidationCallback = new ServletPasswordValidationCallback(subject, strArr[0], strArr[1].toCharArray(), (HttpServletRequest) messageInfo.getRequestMessage(), (HttpServletResponse) messageInfo.getResponseMessage());
        this.callbackHandler.handle(new Callback[]{servletPasswordValidationCallback});
        return servletPasswordValidationCallback.getResult() ? AuthStatus.SUCCESS : mustAuthenticate(messageInfo) ? useCurrentSubjectOrFail(messageInfo, subject) : enforceCredentials() ? AuthStatus.SEND_CONTINUE : AuthStatus.SUCCESS;
    }

    protected boolean enforceCredentials() {
        return getServerAuthSupport().isEnforceBasicAuth();
    }

    protected ServerAuthSupport getServerAuthSupport() {
        return this.serverAuthSupport;
    }
}
