package org.omnifaces.eleos.config.servlet.sam;

import jakarta.security.auth.message.AuthException;
import jakarta.security.auth.message.AuthStatus;
import jakarta.security.auth.message.MessageInfo;
import jakarta.security.auth.message.MessagePolicy;
import jakarta.security.auth.message.callback.CallerPrincipalCallback;
import jakarta.security.auth.message.callback.PasswordValidationCallback;
import jakarta.security.auth.message.module.ServerAuthModule;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.security.Principal;
import java.util.Base64;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.omnifaces.eleos.config.helper.HttpServletConstants;

/* loaded from: input_file:org/omnifaces/eleos/config/servlet/sam/BasicServerAuthModule.class */
public class BasicServerAuthModule implements ServerAuthModule {
    private CallbackHandler handler;
    private String realm;

    @Override // jakarta.security.auth.message.module.ServerAuthModule
    public Class<?>[] getSupportedMessageTypes() {
        return new Class[]{HttpServletRequest.class, HttpServletResponse.class};
    }

    @Override // jakarta.security.auth.message.module.ServerAuthModule
    public void initialize(MessagePolicy messagePolicy, MessagePolicy messagePolicy2, CallbackHandler callbackHandler, Map map) throws AuthException {
        this.handler = callbackHandler;
        this.realm = (String) map.get("realmName");
    }

    @Override // jakarta.security.auth.message.ServerAuth
    public AuthStatus validateRequest(MessageInfo messageInfo, Subject subject, Subject subject2) throws AuthException {
        try {
            HttpServletRequest httpServletRequest = (HttpServletRequest) messageInfo.getRequestMessage();
            HttpServletResponse httpServletResponse = (HttpServletResponse) messageInfo.getResponseMessage();
            String[] credentials = getCredentials(httpServletRequest);
            if (credentials != null) {
                PasswordValidationCallback passwordValidationCallback = new PasswordValidationCallback(subject, credentials[0], credentials[1].toCharArray());
                this.handler.handle(new Callback[]{passwordValidationCallback});
                if (passwordValidationCallback.getResult()) {
                    return AuthStatus.SUCCESS;
                }
            }
            if (!isProtectedResource(messageInfo)) {
                this.handler.handle(new Callback[]{new CallerPrincipalCallback(subject, (Principal) null)});
                return AuthStatus.SUCCESS;
            }
            httpServletResponse.setHeader("WWW-Authenticate", String.format("Basic realm=\"%s\"", this.realm));
            httpServletResponse.sendError(HttpServletResponse.SC_UNAUTHORIZED);
            return AuthStatus.SEND_FAILURE;
        } catch (IOException | UnsupportedCallbackException e) {
            throw ((AuthException) new AuthException().initCause(e));
        }
    }

    @Override // jakarta.security.auth.message.ServerAuth
    public AuthStatus secureResponse(MessageInfo messageInfo, Subject subject) throws AuthException {
        return AuthStatus.SEND_SUCCESS;
    }

    @Override // jakarta.security.auth.message.ServerAuth
    public void cleanSubject(MessageInfo messageInfo, Subject subject) throws AuthException {
    }

    private String[] getCredentials(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.startsWith("Basic ")) {
            return null;
        }
        return new String(Base64.getDecoder().decode(header.substring(6))).split(":");
    }

    public static boolean isProtectedResource(MessageInfo messageInfo) {
        return Boolean.valueOf((String) messageInfo.getMap().get(HttpServletConstants.IS_MANDATORY)).booleanValue();
    }
}
