package org.apereo.cas.web.flow;

import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import org.apereo.cas.util.HttpRequestUtils;
import org.apereo.cas.web.flow.actions.BaseCasWebflowAction;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/SpnegoNegotiateCredentialsAction.class */
public class SpnegoNegotiateCredentialsAction extends BaseCasWebflowAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SpnegoNegotiateCredentialsAction.class);
    private final List<String> supportedBrowser;
    private final boolean ntlm;
    private final boolean mixedModeAuthentication;

    protected Event doExecute(RequestContext requestContext) {
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        HttpServletResponse httpServletResponseFromExternalWebflowContext = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
        String header = httpServletRequestFromExternalWebflowContext.getHeader("Authorization");
        String httpServletRequestUserAgent = HttpRequestUtils.getHttpServletRequestUserAgent(httpServletRequestFromExternalWebflowContext);
        LOGGER.debug("Authorization header [{}], User Agent header [{}]", header, httpServletRequestUserAgent);
        if (!StringUtils.hasText(httpServletRequestUserAgent) || this.supportedBrowser.isEmpty()) {
            LOGGER.warn("User Agent header [{}] is empty, or no browsers are supported", httpServletRequestUserAgent);
            return error();
        }
        if (!isSupportedBrowser(httpServletRequestUserAgent)) {
            LOGGER.warn("User Agent header [{}] is not supported in the list of supported browsers [{}]", httpServletRequestUserAgent, this.supportedBrowser);
            return error();
        }
        String constructMessagePrefix = constructMessagePrefix();
        if (!StringUtils.hasText(header) || !header.startsWith(constructMessagePrefix) || header.length() <= constructMessagePrefix.length()) {
            String str = this.ntlm ? "NTLM" : "Negotiate";
            LOGGER.debug("Authorization header not found or does not match the message prefix [{}]. Sending [{}] header [{}]", new Object[]{constructMessagePrefix, "WWW-Authenticate", str});
            httpServletResponseFromExternalWebflowContext.setHeader("WWW-Authenticate", str);
            httpServletResponseFromExternalWebflowContext.setStatus(401);
            if (this.mixedModeAuthentication) {
                LOGGER.debug("Mixed-mode authentication is enabled");
            } else {
                LOGGER.debug("Mixed-mode authentication is disabled. Executing completion of response");
                requestContext.getExternalContext().recordResponseComplete();
            }
        }
        return success();
    }

    protected String constructMessagePrefix() {
        return (this.ntlm ? "NTLM" : "Negotiate") + " ";
    }

    protected boolean isSupportedBrowser(String str) {
        Stream<String> stream = this.supportedBrowser.stream();
        Objects.requireNonNull(str);
        return stream.anyMatch((v1) -> {
            return r1.contains(v1);
        });
    }

    @Generated
    public SpnegoNegotiateCredentialsAction(List<String> list, boolean z, boolean z2) {
        this.supportedBrowser = list;
        this.ntlm = z;
        this.mixedModeAuthentication = z2;
    }
}
