package org.glassfish.soteria.mechanisms;

import java.lang.annotation.Annotation;
import javax.security.enterprise.AuthenticationException;
import javax.security.enterprise.AuthenticationStatus;
import javax.security.enterprise.authentication.mechanism.http.BasicAuthenticationMechanismDefinition;
import javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism;
import javax.security.enterprise.authentication.mechanism.http.HttpMessageContext;
import javax.security.enterprise.credential.Password;
import javax.security.enterprise.credential.UsernamePasswordCredential;
import javax.security.enterprise.identitystore.CredentialValidationResult;
import javax.security.enterprise.identitystore.IdentityStoreHandler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.HttpHeaders;
import javax.xml.bind.DatatypeConverter;
import org.glassfish.soteria.Utils;
import org.glassfish.soteria.cdi.CdiUtils;

/* loaded from: input_file:org/glassfish/soteria/mechanisms/BasicAuthenticationMechanism.class */
public class BasicAuthenticationMechanism implements HttpAuthenticationMechanism {
    private final BasicAuthenticationMechanismDefinition basicAuthenticationMechanismDefinition;

    protected BasicAuthenticationMechanism() {
        this.basicAuthenticationMechanismDefinition = null;
    }

    public BasicAuthenticationMechanism(BasicAuthenticationMechanismDefinition basicAuthenticationMechanismDefinition) {
        this.basicAuthenticationMechanismDefinition = basicAuthenticationMechanismDefinition;
    }

    @Override // javax.security.enterprise.authentication.mechanism.http.HttpAuthenticationMechanism
    public AuthenticationStatus validateRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMessageContext httpMessageContext) throws AuthenticationException {
        String[] credentials = getCredentials(httpServletRequest);
        if (!Utils.isEmpty(credentials)) {
            CredentialValidationResult validate = ((IdentityStoreHandler) CdiUtils.getBeanReference(IdentityStoreHandler.class, new Annotation[0])).validate(new UsernamePasswordCredential(credentials[0], new Password(credentials[1])));
            if (validate.getStatus() == CredentialValidationResult.Status.VALID) {
                return httpMessageContext.notifyContainerAboutLogin(validate.getCallerPrincipal(), validate.getCallerGroups());
            }
        }
        if (!httpMessageContext.isProtected()) {
            return httpMessageContext.doNothing();
        }
        httpServletResponse.setHeader(HttpHeaders.WWW_AUTHENTICATE, String.format("Basic realm=\"%s\"", this.basicAuthenticationMechanismDefinition.realmName()));
        return httpMessageContext.responseUnauthorized();
    }

    private String[] getCredentials(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(HttpHeaders.AUTHORIZATION);
        if (Utils.isEmpty(header) || !header.startsWith("Basic ")) {
            return null;
        }
        return new String(DatatypeConverter.parseBase64Binary(header.substring(6))).split(":");
    }
}
