package org.apereo.cas.web.flow;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.nio.charset.Charset;
import java.util.Collections;
import java.util.Locale;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.support.spnego.authentication.principal.SpnegoCredential;
import org.apereo.cas.util.EncodingUtils;
import org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/apereo/cas/web/flow/SpnegoCredentialsAction.class */
public class SpnegoCredentialsAction extends AbstractNonInteractiveCredentialsAction {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SpnegoCredentialsAction.class);
    private final boolean send401OnAuthenticationFailure;

    public SpnegoCredentialsAction(CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver, CasWebflowEventResolver casWebflowEventResolver, AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy, boolean z) {
        super(casDelegatingWebflowEventResolver, casWebflowEventResolver, adaptiveAuthenticationPolicy);
        this.send401OnAuthenticationFailure = z;
    }

    protected Credential constructCredentialsFromRequest(RequestContext requestContext) {
        HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
        LOGGER.debug("Available request headers are [{}]", Collections.list(httpServletRequestFromExternalWebflowContext.getHeaderNames()));
        String str = (String) StringUtils.defaultIfBlank(httpServletRequestFromExternalWebflowContext.getHeader("Authorization"), httpServletRequestFromExternalWebflowContext.getHeader("Authorization".toLowerCase(Locale.ENGLISH)));
        LOGGER.debug("SPNEGO Authorization header located as [{}]", str);
        if (StringUtils.isBlank(str)) {
            LOGGER.warn("SPNEGO Authorization header is not found under [{}]", "Authorization");
            return null;
        }
        int length = str.length();
        int length2 = "Negotiate".length();
        if (length <= length2 || !str.startsWith("Negotiate")) {
            LOGGER.warn("SPNEGO Authorization header [{}] does not begin with the prefix [{}]", str, "Negotiate");
            return null;
        }
        LOGGER.debug("SPNEGO Authorization header found with [{}] bytes", Integer.valueOf(length - length2));
        byte[] decodeBase64 = EncodingUtils.decodeBase64(str.substring(length2));
        LOGGER.debug("Obtained token: [{}]. Creating credential...", new String(decodeBase64, Charset.defaultCharset()));
        return new SpnegoCredential(decodeBase64);
    }

    protected void onError(RequestContext requestContext) {
        setResponseHeader(requestContext);
    }

    protected void onSuccess(RequestContext requestContext) {
        setResponseHeader(requestContext);
    }

    protected void setResponseHeader(RequestContext requestContext) {
        SpnegoCredential credential = WebUtils.getCredential(requestContext);
        HttpServletResponse httpServletResponseFromExternalWebflowContext = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
        SpnegoCredential spnegoCredential = credential;
        byte[] nextToken = spnegoCredential.getNextToken();
        if (nextToken != null) {
            LOGGER.debug("Obtained output token: [{}]", new String(nextToken, Charset.defaultCharset()));
            httpServletResponseFromExternalWebflowContext.setHeader("WWW-Authenticate", "Negotiate " + EncodingUtils.encodeBase64(nextToken));
        } else {
            LOGGER.debug("Unable to obtain the output token required.");
        }
        if (spnegoCredential.getPrincipal() == null && this.send401OnAuthenticationFailure) {
            LOGGER.debug("Setting HTTP Status to 401");
            httpServletResponseFromExternalWebflowContext.setStatus(401);
        }
    }
}
