package org.apache.geronimo.tomcat.security.authentication;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.util.Base64;
import org.apache.geronimo.tomcat.security.AuthResult;
import org.apache.geronimo.tomcat.security.Authenticator;
import org.apache.geronimo.tomcat.security.LoginService;
import org.apache.geronimo.tomcat.security.ServerAuthException;
import org.apache.geronimo.tomcat.security.TomcatAuthStatus;
import org.apache.geronimo.tomcat.security.UserIdentity;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.CharChunk;
import org.apache.tomcat.util.buf.MessageBytes;

/* loaded from: input_file:org/apache/geronimo/tomcat/security/authentication/SpnegoAuthenticator.class */
public class SpnegoAuthenticator implements Authenticator {
    private static final String SPNEGO_AUTH = "SPNEGO";
    private static final String WWW_AUTHENTICATE = "WWW-Authenticate";
    private final LoginService loginService;
    private final String realmName;
    private final UserIdentity unauthenticatedIdentity;

    public SpnegoAuthenticator(LoginService loginService, String str, UserIdentity userIdentity) {
        this.loginService = loginService;
        this.realmName = str;
        this.unauthenticatedIdentity = userIdentity;
    }

    @Override // org.apache.geronimo.tomcat.security.Authenticator
    public AuthResult validateRequest(Request request, HttpServletResponse httpServletResponse, boolean z, UserIdentity userIdentity) throws ServerAuthException {
        MessageBytes value = request.getCoyoteRequest().getMimeHeaders().getValue("authorization");
        if (value == null) {
            if (!z) {
                return new AuthResult(TomcatAuthStatus.SUCCESS, this.unauthenticatedIdentity, false);
            }
            httpServletResponse.addHeader(WWW_AUTHENTICATE, "Negotiate");
            try {
                httpServletResponse.sendError(401);
                return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null, false);
            } catch (IOException e) {
                throw new ServerAuthException(e);
            }
        }
        String str = null;
        String str2 = null;
        value.toBytes();
        ByteChunk byteChunk = value.getByteChunk();
        if (byteChunk.startsWithIgnoreCase("basic ", 0)) {
            byteChunk.setOffset(byteChunk.getOffset() + 6);
            CharChunk charChunk = value.getCharChunk();
            Base64.decode(byteChunk, charChunk);
            int indexOf = charChunk.indexOf(':');
            if (indexOf < 0) {
                str = charChunk.toString();
            } else {
                char[] buffer = charChunk.getBuffer();
                str = new String(buffer, 0, indexOf);
                str2 = new String(buffer, indexOf + 1, (charChunk.getEnd() - indexOf) - 1);
            }
            byteChunk.setOffset(byteChunk.getOffset() - 6);
        } else if (byteChunk.startsWithIgnoreCase("negotiate ", 0)) {
            byteChunk.setOffset(byteChunk.getOffset() + 10);
            str = byteChunk.toString();
            byteChunk.setOffset(byteChunk.getOffset() - 10);
        }
        UserIdentity login = this.loginService.login(str, str2);
        if (login != null) {
            return new AuthResult(TomcatAuthStatus.SUCCESS, login, false);
        }
        if (!z) {
            return new AuthResult(TomcatAuthStatus.SUCCESS, this.unauthenticatedIdentity, false);
        }
        try {
            StringBuilder sb = new StringBuilder();
            sb.append("Basic realm=\"");
            if (this.realmName == null) {
                sb.append(request.getServerName());
                sb.append(':');
                sb.append(Integer.toString(request.getServerPort()));
            } else {
                sb.append(this.realmName);
            }
            sb.append('\"');
            httpServletResponse.addHeader(WWW_AUTHENTICATE, sb.toString());
            httpServletResponse.sendError(401);
            return new AuthResult(TomcatAuthStatus.SEND_CONTINUE, null, false);
        } catch (IOException e2) {
            throw new ServerAuthException(e2);
        }
    }

    @Override // org.apache.geronimo.tomcat.security.Authenticator
    public boolean secureResponse(Request request, Response response, AuthResult authResult) throws ServerAuthException {
        return true;
    }

    @Override // org.apache.geronimo.tomcat.security.Authenticator
    public String getAuthType() {
        return SPNEGO_AUTH;
    }

    @Override // org.apache.geronimo.tomcat.security.Authenticator
    public AuthResult login(String str, String str2, Request request) throws ServletException {
        UserIdentity login = this.loginService.login(str, str2);
        return login != null ? new AuthResult(TomcatAuthStatus.SUCCESS, login, false) : new AuthResult(TomcatAuthStatus.FAILURE, null, false);
    }

    @Override // org.apache.geronimo.tomcat.security.Authenticator
    public void logout(Request request) throws ServletException {
    }
}
