package kikaha.core.modules.security;

import io.undertow.security.idm.Credential;
import io.undertow.server.HttpServerExchange;
import io.undertow.util.FlexBase64;
import io.undertow.util.HeaderValues;
import io.undertow.util.Headers;
import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.util.Iterator;
import javax.annotation.PostConstruct;
import javax.inject.Inject;
import javax.inject.Singleton;
import kikaha.config.Config;
import kikaha.core.url.StringCursor;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:kikaha/core/modules/security/BasicAuthenticationMechanism.class */
public class BasicAuthenticationMechanism implements SimplifiedAuthenticationMechanism {
    private static final Logger log = LoggerFactory.getLogger(BasicAuthenticationMechanism.class);
    private static final String BASIC_PREFIX = Headers.BASIC + " ";
    private static final int PREFIX_LENGTH = BASIC_PREFIX.length();
    private static final char COLON = ':';
    private String challenge;

    @Inject
    Config config;

    @PostConstruct
    public void defineARealm() {
        this.challenge = BASIC_PREFIX + "realm=\"" + this.config.getString("server.smart-server.application.name") + "\"";
    }

    @Override // kikaha.core.modules.security.SimplifiedAuthenticationMechanism
    public Credential readCredential(HttpServerExchange httpServerExchange) throws IOException {
        StringCursor decodedCredentialsFromHeader = getDecodedCredentialsFromHeader(httpServerExchange);
        if (decodedCredentialsFromHeader == null) {
            return null;
        }
        return convertToCredential(decodedCredentialsFromHeader);
    }

    private UsernameAndPasswordCredential convertToCredential(StringCursor stringCursor) {
        stringCursor.shiftCursorToNextChar(':');
        String substringFromLastMark = stringCursor.substringFromLastMark(1);
        stringCursor.mark();
        stringCursor.end();
        return new UsernameAndPasswordCredential(substringFromLastMark, stringCursor.substringFromLastMark());
    }

    private StringCursor getDecodedCredentialsFromHeader(HttpServerExchange httpServerExchange) {
        StringCursor stringCursor = null;
        StringCursor authenticationHeader = getAuthenticationHeader(httpServerExchange);
        if (authenticationHeader != null) {
            stringCursor = decode(getAuthString(authenticationHeader));
        }
        return stringCursor;
    }

    private StringCursor decode(String str) {
        try {
            ByteBuffer decode = FlexBase64.decode(str);
            return new StringCursor(new String(decode.array(), decode.arrayOffset(), decode.limit(), StandardCharsets.UTF_8));
        } catch (IOException e) {
            log.warn("Ignoring exception during Base64 decoding.", e);
            return null;
        }
    }

    private String getAuthString(StringCursor stringCursor) {
        stringCursor.cursorAt(PREFIX_LENGTH);
        stringCursor.mark();
        stringCursor.end();
        return stringCursor.substringFromLastMark();
    }

    private StringCursor getAuthenticationHeader(HttpServerExchange httpServerExchange) {
        HeaderValues headerValues = httpServerExchange.getRequestHeaders().get(Headers.AUTHORIZATION);
        StringCursor stringCursor = null;
        if (headerValues != null) {
            Iterator it = headerValues.iterator();
            while (it.hasNext()) {
                String str = (String) it.next();
                if (str.startsWith(BASIC_PREFIX)) {
                    stringCursor = new StringCursor(str);
                }
            }
        }
        return stringCursor;
    }

    @Override // kikaha.core.modules.security.AuthenticationMechanism
    public boolean sendAuthenticationChallenge(HttpServerExchange httpServerExchange, Session session) {
        httpServerExchange.setStatusCode(401);
        httpServerExchange.getResponseHeaders().add(Headers.WWW_AUTHENTICATE, this.challenge);
        return true;
    }
}
