package org.apache.activemq.artemis.spi.core.security.jaas;

import com.sun.net.httpserver.Authenticator;
import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpPrincipal;
import com.sun.net.httpserver.HttpsExchange;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Base64;
import java.util.Iterator;
import java.util.StringTokenizer;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import org.springframework.security.web.authentication.www.BasicAuthenticationConverter;

/* loaded from: input_file:BOOT-INF/lib/artemis-server-2.33.0.jar:org/apache/activemq/artemis/spi/core/security/jaas/HttpServerAuthenticator.class */
public class HttpServerAuthenticator extends Authenticator {
    static final String REALM_PROPERTY_NAME = "httpServerAuthenticator.realm";
    static final String REQUEST_SUBJECT_ATTRIBUTE_PROPERTY_NAME = "httpServerAuthenticator.requestSubjectAttribute";
    static String DEFAULT_SUBJECT_ATTRIBUTE = "org.apache.activemq.artemis.jaasSubject";
    static final String DEFAULT_REALM = "http_server_authenticator";
    static final String AUTHORIZATION_HEADER_NAME = "Authorization";
    final String realm = System.getProperty(REALM_PROPERTY_NAME, DEFAULT_REALM);
    final String subjectRequestAttribute = System.getProperty(REQUEST_SUBJECT_ATTRIBUTE_PROPERTY_NAME, DEFAULT_SUBJECT_ATTRIBUTE);

    public Authenticator.Result authenticate(HttpExchange httpExchange) {
        try {
            LoginContext loginContext = new LoginContext(this.realm, callbackArr -> {
                Certificate[] peerCertificates;
                for (Callback callback : callbackArr) {
                    if (callback instanceof PasswordCallback) {
                        PasswordCallback passwordCallback = (PasswordCallback) callback;
                        StringTokenizer stringTokenizer = new StringTokenizer(extractAuthHeader(httpExchange));
                        String nextToken = stringTokenizer.nextToken();
                        if (BasicAuthenticationConverter.AUTHENTICATION_SCHEME_BASIC.equalsIgnoreCase(nextToken)) {
                            byte[] decode = Base64.getDecoder().decode(stringTokenizer.nextToken().getBytes(StandardCharsets.UTF_8));
                            passwordCallback.setPassword(new String(Arrays.copyOfRange(decode, Arrays.binarySearch(decode, (byte) 58) + 1, decode.length), StandardCharsets.UTF_8).toCharArray());
                        } else if ("Bearer".equalsIgnoreCase(nextToken)) {
                            passwordCallback.setPassword(stringTokenizer.nextToken().toCharArray());
                        }
                    } else if (callback instanceof NameCallback) {
                        NameCallback nameCallback = (NameCallback) callback;
                        StringTokenizer stringTokenizer2 = new StringTokenizer(extractAuthHeader(httpExchange));
                        if (BasicAuthenticationConverter.AUTHENTICATION_SCHEME_BASIC.equalsIgnoreCase(stringTokenizer2.nextToken())) {
                            byte[] decode2 = Base64.getDecoder().decode(stringTokenizer2.nextToken().getBytes(StandardCharsets.UTF_8));
                            nameCallback.setName(new String(Arrays.copyOfRange(decode2, 0, Arrays.binarySearch(decode2, (byte) 58)), StandardCharsets.UTF_8));
                        }
                    } else if (callback instanceof CertificateCallback) {
                        CertificateCallback certificateCallback = (CertificateCallback) callback;
                        if ((httpExchange instanceof HttpsExchange) && (peerCertificates = ((HttpsExchange) httpExchange).getSSLSession().getPeerCertificates()) != null && peerCertificates.length > 0) {
                            certificateCallback.setCertificates(new X509Certificate[]{(X509Certificate) peerCertificates[0]});
                        }
                    } else {
                        if (!(callback instanceof PrincipalsCallback)) {
                            throw new UnsupportedCallbackException(callback);
                        }
                        PrincipalsCallback principalsCallback = (PrincipalsCallback) callback;
                        Principal principal = httpExchange.getPrincipal();
                        if (principal == null && (httpExchange instanceof HttpsExchange)) {
                            principal = ((HttpsExchange) httpExchange).getSSLSession().getPeerPrincipal();
                        }
                        if (principal != null) {
                            principalsCallback.setPeerPrincipals(new Principal[]{principal});
                        }
                    }
                }
            });
            loginContext.login();
            httpExchange.setAttribute(this.subjectRequestAttribute, loginContext.getSubject());
            return new Authenticator.Success(new HttpPrincipal(nameFromAuthSubject(loginContext.getSubject()), this.realm));
        } catch (Exception e) {
            return new Authenticator.Failure(401);
        }
    }

    protected String extractAuthHeader(HttpExchange httpExchange) {
        return httpExchange.getRequestHeaders().getFirst("Authorization");
    }

    protected String nameFromAuthSubject(Subject subject) {
        Iterator it = subject.getPrincipals(UserPrincipal.class).iterator();
        return it.hasNext() ? ((Principal) it.next()).getName() : "";
    }
}
