package net.officefloor.plugin.web.http.security.scheme;

import java.nio.charset.Charset;
import java.security.MessageDigest;
import java.util.Map;
import net.officefloor.plugin.socket.server.http.HttpResponse;
import net.officefloor.plugin.socket.server.http.ServerHttpConnection;
import net.officefloor.plugin.socket.server.http.parse.impl.HttpRequestParserImpl;
import net.officefloor.plugin.socket.server.http.protocol.HttpStatus;
import net.officefloor.plugin.web.http.security.HttpSecurity;
import net.officefloor.plugin.web.http.security.HttpSecurityServiceManagedObjectSource;
import net.officefloor.plugin.web.http.security.store.CredentialEntry;
import net.officefloor.plugin.web.http.security.store.CredentialStore;
import net.officefloor.plugin.web.http.security.store.CredentialStoreUtil;
import net.officefloor.plugin.web.http.session.HttpSession;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:WEB-INF/lib/officeplugin_web-2.5.0.jar:net/officefloor/plugin/web/http/security/scheme/BasicHttpSecuritySource.class */
public class BasicHttpSecuritySource implements HttpSecuritySource<Dependencies> {
    public static final String PROPERTY_REALM = "http.security.basic.realm";
    private static final Charset US_ASCII = HttpRequestParserImpl.US_ASCII;
    private String realm;

    /* loaded from: input_file:WEB-INF/lib/officeplugin_web-2.5.0.jar:net/officefloor/plugin/web/http/security/scheme/BasicHttpSecuritySource$Dependencies.class */
    public enum Dependencies {
        CREDENTIAL_STORE
    }

    @Override // net.officefloor.plugin.web.http.security.scheme.HttpSecuritySource
    public void init(HttpSecuritySourceContext<Dependencies> httpSecuritySourceContext) throws Exception {
        this.realm = httpSecuritySourceContext.getProperty(PROPERTY_REALM);
        httpSecuritySourceContext.requireDependency(Dependencies.CREDENTIAL_STORE, CredentialStore.class);
    }

    @Override // net.officefloor.plugin.web.http.security.scheme.HttpSecuritySource
    public String getAuthenticationScheme() {
        return HttpSecurityServiceManagedObjectSource.BASIC_AUTHENTICATION_SCHEME;
    }

    @Override // net.officefloor.plugin.web.http.security.scheme.HttpSecuritySource
    public HttpSecurity authenticate(String str, ServerHttpConnection serverHttpConnection, HttpSession httpSession, Map<Dependencies, Object> map) throws AuthenticationException {
        String str2 = new String(Base64.decodeBase64(str), US_ASCII);
        int indexOf = str2.indexOf(58);
        if (indexOf < 0) {
            return null;
        }
        String substring = str2.substring(0, indexOf);
        String substring2 = str2.substring(indexOf + 1);
        CredentialStore credentialStore = (CredentialStore) map.get(Dependencies.CREDENTIAL_STORE);
        CredentialEntry retrieveCredentialEntry = credentialStore.retrieveCredentialEntry(substring, this.realm);
        if (retrieveCredentialEntry == null) {
            return null;
        }
        byte[] retrieveCredentials = retrieveCredentialEntry.retrieveCredentials();
        byte[] bytes = substring2.getBytes(US_ASCII);
        MessageDigest createDigest = CredentialStoreUtil.createDigest(credentialStore.getAlgorithm());
        if (createDigest != null) {
            createDigest.update(bytes);
            bytes = createDigest.digest();
        }
        if (retrieveCredentials.length != bytes.length) {
            return null;
        }
        for (int i = 0; i < retrieveCredentials.length; i++) {
            if (retrieveCredentials[i] != bytes[i]) {
                return null;
            }
        }
        return new HttpSecurityImpl(getAuthenticationScheme(), substring, retrieveCredentialEntry.retrieveRoles());
    }

    @Override // net.officefloor.plugin.web.http.security.scheme.HttpSecuritySource
    public void loadUnauthorised(ServerHttpConnection serverHttpConnection, HttpSession httpSession, Map<Dependencies, Object> map) throws AuthenticationException {
        HttpResponse httpResponse = serverHttpConnection.getHttpResponse();
        httpResponse.setStatus(HttpStatus.SC_UNAUTHORIZED);
        httpResponse.addHeader("WWW-Authenticate", getAuthenticationScheme() + " realm=\"" + this.realm + "\"");
    }
}
