package org.omnifaces.security.jaspic.authmodules;

import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.message.AuthException;
import javax.security.auth.message.AuthStatus;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.omnifaces.security.cdi.Beans;
import org.omnifaces.security.jaspic.Utils;
import org.omnifaces.security.jaspic.core.HttpMsgContext;
import org.omnifaces.security.jaspic.core.HttpServerAuthModule;
import org.omnifaces.security.jaspic.user.TokenAuthenticator;

/* loaded from: input_file:org/omnifaces/security/jaspic/authmodules/TokenAuthModule.class */
public class TokenAuthModule extends HttpServerAuthModule {
    private static final Pattern tokenPattern = Pattern.compile("OmniLogin\\s+auth\\s*=\\s*(.*)");

    @Override // org.omnifaces.security.jaspic.core.HttpServerAuthModule
    public AuthStatus validateHttpRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMsgContext httpMsgContext) throws AuthException {
        TokenAuthenticator tokenAuthenticator;
        String token = getToken(httpServletRequest);
        return (Utils.isEmpty(token) || (tokenAuthenticator = (TokenAuthenticator) Beans.getReferenceOrNull(TokenAuthenticator.class)) == null || !tokenAuthenticator.authenticate(token)) ? httpMsgContext.isProtected() ? httpMsgContext.responseNotFound() : httpMsgContext.doNothing() : httpMsgContext.notifyContainerAboutLogin(tokenAuthenticator.getUserName(), tokenAuthenticator.getApplicationRoles());
    }

    private String getToken(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (Utils.isEmpty(header)) {
            return null;
        }
        Matcher matcher = tokenPattern.matcher(header);
        if (matcher.matches()) {
            return matcher.group(1);
        }
        return null;
    }
}
