package com.ibm.ws.webcontainer.security.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.InjectedTrace;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.security.authentication.AuthenticationData;
import com.ibm.ws.security.authentication.AuthenticationException;
import com.ibm.ws.security.authentication.AuthenticationService;
import com.ibm.ws.security.authentication.WSAuthenticationData;
import com.ibm.ws.security.registry.UserRegistry;
import com.ibm.ws.webcontainer.security.SSOCookieHelper;
import com.ibm.ws.webcontainer.security.WebAppSecurityConfig;
import com.ibm.ws.webcontainer.security.metadata.LoginConfiguration;
import com.ibm.ws.webcontainer.util.Base64Coder;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@TraceOptions(traceGroups = {TraceConstants.TRACE_GROUP}, traceGroup = "", messageBundle = TraceConstants.MESSAGE_BUNDLE, traceExceptionThrow = false, traceExceptionHandling = false)
@TraceObjectField(fieldName = "$$$tc$$$", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:lib/com.ibm.ws.webcontainer.security_1.0.1.20150314-1754.jar:com/ibm/ws/webcontainer/security/internal/BasicAuthAuthenticator.class */
public class BasicAuthAuthenticator implements WebAuthenticator {
    public static final String BASIC_AUTH_HEADER_NAME = "Authorization";
    private AuthenticationService authenticationService;
    private UserRegistry userRegistry;
    private SSOCookieHelper ssoCookieHelper;
    private WebAppSecurityConfig config;
    static final long serialVersionUID = -2551925018967228654L;
    private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register(BasicAuthAuthenticator.class);

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public BasicAuthAuthenticator(AuthenticationService authenticationService, UserRegistry userRegistry, SSOCookieHelper sSOCookieHelper, WebAppSecurityConfig webAppSecurityConfig) {
        this.authenticationService = null;
        this.userRegistry = null;
        this.ssoCookieHelper = null;
        this.config = null;
        this.authenticationService = authenticationService;
        this.userRegistry = userRegistry;
        this.ssoCookieHelper = sSOCookieHelper;
        this.config = webAppSecurityConfig;
    }

    @Override // com.ibm.ws.webcontainer.security.internal.WebAuthenticator
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public AuthenticationResult authenticate(WebRequest webRequest) {
        HttpServletRequest httpServletRequest = webRequest.getHttpServletRequest();
        HttpServletResponse httpServletResponse = webRequest.getHttpServletResponse();
        AuthenticationResult handleBasicAuth = handleBasicAuth(getBasicAuthRealmName(webRequest), httpServletRequest, httpServletResponse);
        if (handleBasicAuth.getStatus() == AuthResult.SUCCESS) {
            this.ssoCookieHelper.addSSOCookiesToResponse(handleBasicAuth.getSubject(), httpServletRequest, httpServletResponse);
        }
        return handleBasicAuth;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    private AuthenticationResult handleBasicAuth(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader(BASIC_AUTH_HEADER_NAME);
        if (header == null || !header.startsWith("Basic ")) {
            return new AuthenticationResult(AuthResult.SEND_401, str);
        }
        String header2 = httpServletRequest.getHeader("Authorization-Encoding");
        if (header2 == null) {
            header2 = null;
        }
        boolean z = false;
        if (header2 != null && (r0 = header2.length()) > 0) {
            try {
                header = Base64Coder.base64Decode(header.substring(6), header2);
                int length = 1;
                z = true;
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.internal.BasicAuthAuthenticator", "89", this, new Object[]{str, httpServletRequest, httpServletResponse});
                z = false;
            }
        }
        if (!z) {
            header = Base64Coder.base64Decode(header.substring(6));
        }
        int indexOf = header.indexOf(58);
        return indexOf < 0 ? new AuthenticationResult(AuthResult.SEND_401, str) : basicAuthenticate(str, header.substring(0, indexOf), header.substring(indexOf + 1), httpServletRequest, httpServletResponse);
    }

    @FFDCIgnore({AuthenticationException.class})
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    public AuthenticationResult basicAuthenticate(String str, String str2, @Sensitive String str3, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        AuthenticationResult authenticationResult;
        try {
            authenticationResult = new AuthenticationResult(AuthResult.SUCCESS, this.authenticationService.authenticate("system.WEB_INBOUND", createAuthenticationData(str, str2, str3, httpServletRequest, httpServletResponse), (Subject) null));
        } catch (AuthenticationException e) {
            authenticationResult = new AuthenticationResult(AuthResult.SEND_401, e.getMessage());
        }
        authenticationResult.realm = str;
        authenticationResult.username = str2;
        authenticationResult.password = str3;
        return authenticationResult;
    }

    @Trivial
    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected AuthenticationData createAuthenticationData(String str, String str2, @Sensitive String str3, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        WSAuthenticationData wSAuthenticationData = new WSAuthenticationData();
        wSAuthenticationData.set(AuthenticationData.USERNAME, str2);
        wSAuthenticationData.set(AuthenticationData.PASSWORD, str3.toCharArray());
        wSAuthenticationData.set(AuthenticationData.HTTP_SERVLET_REQUEST, httpServletRequest);
        wSAuthenticationData.set(AuthenticationData.HTTP_SERVLET_RESPONSE, httpServletResponse);
        return wSAuthenticationData;
    }

    @InjectedTrace({"com.ibm.ws.ras.instrument.internal.bci.FFDCMethodAdapter"})
    protected String getBasicAuthRealmName(WebRequest webRequest) {
        LoginConfiguration loginConfiguration = webRequest.getSecurityMetadata().getLoginConfiguration();
        return (loginConfiguration == null || loginConfiguration.getRealmName() == null) ? this.config.getDisplayAuthenticationRealm() ? this.userRegistry.getRealm() : "Default Realm" : loginConfiguration.getRealmName();
    }
}
