package org.kaazing.gateway.security.auth;

import java.io.IOException;
import java.nio.ByteBuffer;
import java.nio.charset.Charset;
import java.util.Iterator;
import java.util.Map;
import java.util.ServiceLoader;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.kaazing.gateway.server.spi.security.AuthenticationTokenCallback;
import org.kaazing.gateway.util.Encoding;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/kaazing/gateway/security/auth/NegotiateLoginModule.class */
public class NegotiateLoginModule extends BaseStateDrivenLoginModule {
    public static final Charset UTF8 = Charset.forName("UTF-8");
    public static final String CLASS_NAME = NegotiateLoginModule.class.getName();
    public static final Logger LOG = LoggerFactory.getLogger(CLASS_NAME);
    private static final String KAAZING_TOKEN_KEY = "org.kaazing.gateway.server.auth.token";
    private static final String KAAZING_GSS_TOKEN_KEY = "org.kaazing.gateway.server.auth.gss.token";
    private boolean debug;
    private boolean tryFirstToken;
    private final NegotiateLoginModuleCallbackRegistrar callbackRegistrar = newCallbackRegistrar();

    private static NegotiateLoginModuleCallbackRegistrar newCallbackRegistrar() {
        Iterator it = ServiceLoader.load(NegotiateLoginModuleCallbackRegistrar.class).iterator();
        if (it.hasNext()) {
            return (NegotiateLoginModuleCallbackRegistrar) it.next();
        }
        return null;
    }

    @Override // org.kaazing.gateway.security.auth.BaseStateDrivenLoginModule
    public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> map, Map<String, ?> map2) {
        super.initialize(subject, callbackHandler, map, map2);
        this.debug = "true".equalsIgnoreCase((String) map2.get("debug"));
        this.tryFirstToken = "true".equalsIgnoreCase((String) map2.get("tryFirstToken"));
    }

    @Override // org.kaazing.gateway.security.auth.BaseStateDrivenLoginModule
    protected boolean doLogin() throws LoginException {
        if (!authenticationSchemeIsNegotiate()) {
            throw new LoginException("Only able to handle Negotiate authentication scheme");
        }
        if (this.tryFirstToken) {
            try {
                attemptAuthenticate(true);
                return true;
            } catch (Exception e) {
                cleanState();
                if (this.debug) {
                    LOG.debug("[NegotiateLoginModule] reading from shared state failed", e);
                }
            }
        }
        try {
            attemptAuthenticate(false);
            return true;
        } catch (Exception e2) {
            cleanState();
            if (this.debug) {
                LOG.debug("[NegotiateLoginModule] regular authentication failed", e2);
            }
            throw e2;
        }
    }

    private void attemptAuthenticate(boolean z) throws LoginException {
        try {
            String negotiateAuthToken = getNegotiateAuthToken(z);
            if (negotiateAuthToken == null) {
                throw new LoginException("No HTTP Negotiate Authentication Token found.");
            }
            if (negotiateAuthToken.startsWith("Negotiate ")) {
                negotiateAuthToken = negotiateAuthToken.substring("Negotiate ".length());
            }
            if (this.callbackRegistrar != null) {
                ByteBuffer decode = Encoding.BASE64.decode(ByteBuffer.wrap(negotiateAuthToken.getBytes(UTF8)));
                byte[] bArr = new byte[decode.remaining()];
                decode.get(bArr);
                this.sharedState.put(KAAZING_GSS_TOKEN_KEY, bArr);
                this.callbackRegistrar.register((DispatchCallbackHandler) this.handler, negotiateAuthToken, bArr);
            }
        } catch (Exception e) {
            if (this.debug) {
                LOG.debug("[NegotiateLoginModule] Exception decoding HTTP Basic Authentication token", e);
            }
            throw ((LoginException) new LoginException().initCause(e));
        }
    }

    private boolean authenticationSchemeIsNegotiate() throws LoginException {
        Callback authenticationTokenCallback = new AuthenticationTokenCallback();
        try {
            this.handler.handle(new Callback[]{authenticationTokenCallback});
            return (authenticationTokenCallback.getAuthenticationToken() == null || authenticationTokenCallback.getAuthenticationToken().getScheme() == null || !authenticationTokenCallback.getAuthenticationToken().getScheme().equalsIgnoreCase("Negotiate")) ? false : true;
        } catch (IOException | UnsupportedCallbackException e) {
            if (this.debug) {
                LOG.debug("[NegotiateLoginModule] Encountered exception handling AuthenticationTokenCallback.", e);
            }
            throw ((LoginException) new LoginException(e.getMessage()).initCause(e));
        }
    }

    private String getNegotiateAuthToken(boolean z) throws LoginException {
        if (z) {
            return (String) this.sharedState.get(KAAZING_TOKEN_KEY);
        }
        Callback authenticationTokenCallback = new AuthenticationTokenCallback();
        try {
            this.handler.handle(new Callback[]{authenticationTokenCallback});
            if (authenticationTokenCallback.getAuthenticationToken() == null) {
                return null;
            }
            return authenticationTokenCallback.getAuthenticationToken().get();
        } catch (IOException | UnsupportedCallbackException e) {
            if (this.debug) {
                LOG.debug("[NegotiateLoginModule] Encountered exception handling AuthenticationTokenCallback.", e);
            }
            throw ((LoginException) new LoginException(e.getMessage()).initCause(e));
        }
    }

    private void cleanState() {
        if (this.callbackRegistrar != null) {
            this.sharedState.remove(KAAZING_GSS_TOKEN_KEY);
            this.callbackRegistrar.unregister((DispatchCallbackHandler) this.handler);
        }
    }

    @Override // org.kaazing.gateway.security.auth.BaseStateDrivenLoginModule
    protected boolean doCommit() throws LoginException {
        return true;
    }

    @Override // org.kaazing.gateway.security.auth.BaseStateDrivenLoginModule
    protected boolean doLogout() throws LoginException {
        cleanState();
        return true;
    }
}
