package org.apache.tomee.security.cdi;

import java.util.Optional;
import java.util.function.Supplier;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.security.enterprise.AuthenticationException;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import javax.security.enterprise.credential.BasicAuthenticationCredential;
import javax.security.enterprise.identitystore.CredentialValidationResult;
import javax.security.enterprise.identitystore.IdentityStoreHandler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.HttpHeaders;

@ApplicationScoped
/* loaded from: input_file:lib/tomee-security-8.0.8.jar:org/apache/tomee/security/cdi/BasicAuthenticationMechanism.class */
public class BasicAuthenticationMechanism implements HttpAuthenticationMechanism {

    @Inject
    private IdentityStoreHandler identityStoreHandler;

    @Inject
    private Supplier<BasicAuthenticationMechanismDefinition> basicAuthenticationMechanismDefinition;

    @Override // javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism
    public AuthenticationStatus validateRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) throws AuthenticationException {
        try {
            CredentialValidationResult validate = this.identityStoreHandler.validate(parseAuthenticationHeader(httpServletRequest.getHeader("Authorization")));
            if (validate.getStatus().equals(CredentialValidationResult.Status.VALID)) {
                return httpMessageContext.notifyContainerAboutLogin(validate);
            }
        } catch (IllegalArgumentException | IllegalStateException e) {
        }
        if (!httpMessageContext.isProtected()) {
            return httpMessageContext.doNothing();
        }
        String realmName = this.basicAuthenticationMechanismDefinition.get().realmName();
        if (realmName.isEmpty()) {
            httpServletResponse.setHeader(HttpHeaders.WWW_AUTHENTICATE, "Basic");
        } else {
            httpServletResponse.setHeader(HttpHeaders.WWW_AUTHENTICATE, String.format("Basic realm=\"%s\"", realmName));
        }
        return httpMessageContext.responseUnauthorized();
    }

    private BasicAuthenticationCredential parseAuthenticationHeader(String str) {
        return (BasicAuthenticationCredential) Optional.ofNullable(str).filter(str2 -> {
            return !str2.isEmpty();
        }).filter(str3 -> {
            return str3.startsWith("Basic ");
        }).map(str4 -> {
            return str4.substring(6);
        }).map(BasicAuthenticationCredential::new).orElseGet(() -> {
            return new BasicAuthenticationCredential("");
        });
    }
}
