package com.ibm.ws.webcontainer.security.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.Trivial;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ffdc.annotation.FFDCIgnore;
import com.ibm.ws.kernel.provisioning.ExtensionConstants;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.authentication.AuthenticationData;
import com.ibm.ws.security.authentication.AuthenticationException;
import com.ibm.ws.security.authentication.AuthenticationService;
import com.ibm.ws.security.authentication.WSAuthenticationData;
import com.ibm.ws.security.registry.UserRegistry;
import com.ibm.ws.webcontainer.security.AuthResult;
import com.ibm.ws.webcontainer.security.AuthenticationResult;
import com.ibm.ws.webcontainer.security.SSOCookieHelper;
import com.ibm.ws.webcontainer.security.WebAppSecurityConfig;
import com.ibm.ws.webcontainer.security.WebAuthenticator;
import com.ibm.ws.webcontainer.security.WebRequest;
import com.ibm.ws.webcontainer.security.metadata.LoginConfiguration;
import com.ibm.ws.webcontainer.security.metadata.SecurityMetadata;
import java.util.HashMap;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:lib/com.ibm.ws.webcontainer.security_1.0.11.cl50820160805-0208.jar:com/ibm/ws/webcontainer/security/internal/BasicAuthAuthenticator.class */
public class BasicAuthAuthenticator implements WebAuthenticator {
    private static final TraceComponent tc = Tr.register(BasicAuthAuthenticator.class);
    public static final String BASIC_AUTH_HEADER_NAME = "Authorization";
    private AuthenticationService authenticationService;
    private UserRegistry userRegistry;
    private SSOCookieHelper ssoCookieHelper;
    private WebAppSecurityConfig config;
    static final long serialVersionUID = 2206597227363678721L;

    public BasicAuthAuthenticator(AuthenticationService authenticationService, UserRegistry userRegistry, SSOCookieHelper sSOCookieHelper, WebAppSecurityConfig webAppSecurityConfig) {
        this.authenticationService = null;
        this.userRegistry = null;
        this.ssoCookieHelper = null;
        this.config = null;
        this.authenticationService = authenticationService;
        this.userRegistry = userRegistry;
        this.ssoCookieHelper = sSOCookieHelper;
        this.config = webAppSecurityConfig;
    }

    @Override // com.ibm.ws.webcontainer.security.WebAuthenticator
    public AuthenticationResult authenticate(WebRequest webRequest) {
        HttpServletRequest httpServletRequest = webRequest.getHttpServletRequest();
        HttpServletResponse httpServletResponse = webRequest.getHttpServletResponse();
        AuthenticationResult handleBasicAuth = handleBasicAuth(getBasicAuthRealmName(webRequest), httpServletRequest, httpServletResponse);
        if (handleBasicAuth.getStatus() == AuthResult.SUCCESS) {
            this.ssoCookieHelper.addSSOCookiesToResponse(handleBasicAuth.getSubject(), httpServletRequest, httpServletResponse);
        }
        return handleBasicAuth;
    }

    @Override // com.ibm.ws.webcontainer.security.WebAuthenticator
    public AuthenticationResult authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HashMap<String, Object> hashMap) {
        AuthenticationResult handleBasicAuth = handleBasicAuth(this.config.getDisplayAuthenticationRealm() ? this.userRegistry.getRealm() : "defaultRealm", httpServletRequest, httpServletResponse);
        if (handleBasicAuth.getStatus() == AuthResult.SUCCESS) {
            this.ssoCookieHelper.addSSOCookiesToResponse(handleBasicAuth.getSubject(), httpServletRequest, httpServletResponse);
        }
        return handleBasicAuth;
    }

    private AuthenticationResult handleBasicAuth(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.startsWith("Basic ")) {
            return new AuthenticationResult(AuthResult.SEND_401, str);
        }
        String decodeBasicAuth = decodeBasicAuth(header.substring(6), httpServletRequest.getHeader("Authorization-Encoding"));
        int indexOf = decodeBasicAuth.indexOf(58);
        return indexOf < 0 ? new AuthenticationResult(AuthResult.SEND_401, str) : basicAuthenticate(str, decodeBasicAuth.substring(0, indexOf), decodeBasicAuth.substring(indexOf + 1), httpServletRequest, httpServletResponse);
    }

    @FFDCIgnore({AuthenticationException.class})
    public AuthenticationResult basicAuthenticate(String str, String str2, @Sensitive String str3, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        AuthenticationResult authenticationResult;
        try {
            authenticationResult = new AuthenticationResult(AuthResult.SUCCESS, this.authenticationService.authenticate("system.WEB_INBOUND", createAuthenticationData(str, str2, str3, httpServletRequest, httpServletResponse), (Subject) null));
        } catch (AuthenticationException e) {
            authenticationResult = new AuthenticationResult(AuthResult.SEND_401, e.getMessage());
        }
        authenticationResult.realm = str;
        authenticationResult.username = str2;
        authenticationResult.password = str3;
        return authenticationResult;
    }

    @Trivial
    protected AuthenticationData createAuthenticationData(String str, String str2, @Sensitive String str3, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        WSAuthenticationData wSAuthenticationData = new WSAuthenticationData();
        wSAuthenticationData.set("USERNAME", str2);
        wSAuthenticationData.set("PASSWORD", str3.toCharArray());
        wSAuthenticationData.set("HTTP_SERVLET_REQUEST", httpServletRequest);
        wSAuthenticationData.set("HTTP_SERVLET_RESPONSE", httpServletResponse);
        return wSAuthenticationData;
    }

    protected String getBasicAuthRealmName(WebRequest webRequest) {
        SecurityMetadata securityMetadata = webRequest.getSecurityMetadata();
        if (securityMetadata != null) {
            LoginConfiguration loginConfiguration = securityMetadata.getLoginConfiguration();
            if (loginConfiguration != null && loginConfiguration.getRealmName() != null) {
                return loginConfiguration.getRealmName();
            }
            if (this.config.getDisplayAuthenticationRealm()) {
                return this.userRegistry.getRealm();
            }
        }
        return "defaultRealm";
    }

    @Sensitive
    protected String decodeBasicAuth(String str, String str2) {
        String str3 = ExtensionConstants.CORE_EXTENSION;
        byte[] base64DecodeString = Base64Coder.base64DecodeString(str);
        if (base64DecodeString != null && base64DecodeString.length > 0) {
            boolean z = false;
            if (str2 != null) {
                try {
                    str3 = new String(base64DecodeString, str2);
                    z = true;
                } catch (Exception e) {
                    FFDCFilter.processException(e, "com.ibm.ws.webcontainer.security.internal.BasicAuthAuthenticator", "184", this, new Object[]{str, str2});
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "An exception is caught using the encoder: " + str2 + ". The exception is: " + e.getMessage(), new Object[0]);
                    }
                }
            }
            if (!z) {
                str3 = new String(base64DecodeString);
            }
        }
        return str3;
    }
}
