package io.quarkus.vertx.http.runtime.security;

import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpResponseStatus;
import io.quarkus.security.AuthenticationFailedException;
import io.quarkus.security.credential.PasswordCredential;
import io.quarkus.security.identity.IdentityProviderManager;
import io.quarkus.security.identity.SecurityIdentity;
import io.quarkus.security.identity.request.AuthenticationRequest;
import io.quarkus.security.identity.request.UsernamePasswordAuthenticationRequest;
import io.quarkus.vertx.http.runtime.security.HttpCredentialTransport;
import io.smallrye.mutiny.Uni;
import io.vertx.ext.web.RoutingContext;
import jakarta.inject.Singleton;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.regex.Pattern;
import org.jboss.logging.Logger;

@Singleton
/* loaded from: input_file:io/quarkus/vertx/http/runtime/security/BasicAuthenticationMechanism.class */
public class BasicAuthenticationMechanism implements HttpAuthenticationMechanism {
    public static final String SILENT = "silent";
    public static final String CHARSET = "charset";
    public static final String USER_AGENT_CHARSETS = "user-agent-charsets";
    private final String challenge;
    private static final String BASIC = "basic";
    private static final String COLON = ":";
    private final boolean silent;
    private final Charset charset;
    private final Map<Pattern, Charset> userAgentCharsets;
    private static final Logger log = Logger.getLogger(BasicAuthenticationMechanism.class);
    private static final String BASIC_PREFIX = "basic ";
    private static final String LOWERCASE_BASIC_PREFIX = BASIC_PREFIX.toLowerCase(Locale.ENGLISH);
    private static final int PREFIX_LENGTH = BASIC_PREFIX.length();

    public BasicAuthenticationMechanism(String str) {
        this(str, false);
    }

    public BasicAuthenticationMechanism(String str, boolean z) {
        this(str, z, StandardCharsets.UTF_8, Collections.emptyMap());
    }

    public BasicAuthenticationMechanism(String str, boolean z, Charset charset, Map<Pattern, Charset> map) {
        this.challenge = str == null ? BASIC : "basic realm=\"" + str + "\"";
        this.silent = z;
        this.charset = charset;
        this.userAgentCharsets = Collections.unmodifiableMap(new LinkedHashMap(map));
    }

    @Deprecated
    public BasicAuthenticationMechanism(String str, String str2) {
        this(str, str2, false);
    }

    @Deprecated
    public BasicAuthenticationMechanism(String str, String str2, boolean z) {
        this(str, str2, z, StandardCharsets.UTF_8, Collections.emptyMap());
    }

    @Deprecated
    public BasicAuthenticationMechanism(String str, String str2, boolean z, Charset charset, Map<Pattern, Charset> map) {
        this.challenge = "basic realm=\"" + str + "\"";
        this.silent = z;
        this.charset = charset;
        this.userAgentCharsets = Collections.unmodifiableMap(new LinkedHashMap(map));
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
    public Uni<SecurityIdentity> authenticate(RoutingContext routingContext, IdentityProviderManager identityProviderManager) {
        String str;
        List<String> all = routingContext.request().headers().getAll(HttpHeaderNames.AUTHORIZATION);
        if (all != null) {
            for (String str2 : all) {
                if (str2.toLowerCase(Locale.ENGLISH).startsWith(LOWERCASE_BASIC_PREFIX)) {
                    byte[] decode = Base64.getDecoder().decode(str2.substring(PREFIX_LENGTH));
                    Charset charset = this.charset;
                    if (!this.userAgentCharsets.isEmpty() && (str = routingContext.request().headers().get(HttpHeaderNames.USER_AGENT)) != null) {
                        Iterator<Map.Entry<Pattern, Charset>> it = this.userAgentCharsets.entrySet().iterator();
                        while (true) {
                            if (!it.hasNext()) {
                                break;
                            }
                            Map.Entry<Pattern, Charset> next = it.next();
                            if (next.getKey().matcher(str).find()) {
                                charset = next.getValue();
                                break;
                            }
                        }
                    }
                    String str3 = new String(decode, charset);
                    int indexOf = str3.indexOf(COLON);
                    if (indexOf <= -1) {
                        return Uni.createFrom().failure(new AuthenticationFailedException());
                    }
                    String substring = str3.substring(0, indexOf);
                    char[] charArray = str3.substring(indexOf + 1).toCharArray();
                    log.debugf("Found basic auth header %s:***** (decoded using charset %s)", substring, charset);
                    UsernamePasswordAuthenticationRequest usernamePasswordAuthenticationRequest = new UsernamePasswordAuthenticationRequest(substring, new PasswordCredential(charArray));
                    HttpSecurityUtils.setRoutingContextAttribute(usernamePasswordAuthenticationRequest, routingContext);
                    routingContext.put(HttpAuthenticationMechanism.class.getName(), this);
                    return identityProviderManager.authenticate(usernamePasswordAuthenticationRequest);
                }
            }
        }
        return Uni.createFrom().optional(Optional.empty());
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
    public Uni<ChallengeData> getChallenge(RoutingContext routingContext) {
        if (this.silent && routingContext.request().headers().get(HttpHeaderNames.AUTHORIZATION) == null) {
            return Uni.createFrom().optional(Optional.empty());
        }
        return Uni.createFrom().item(new ChallengeData(HttpResponseStatus.UNAUTHORIZED.code(), HttpHeaderNames.WWW_AUTHENTICATE, this.challenge));
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
    public Set<Class<? extends AuthenticationRequest>> getCredentialTypes() {
        return Collections.singleton(UsernamePasswordAuthenticationRequest.class);
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
    public Uni<HttpCredentialTransport> getCredentialTransport(RoutingContext routingContext) {
        return Uni.createFrom().item(new HttpCredentialTransport(HttpCredentialTransport.Type.AUTHORIZATION, BASIC));
    }

    @Override // io.quarkus.vertx.http.runtime.security.HttpAuthenticationMechanism
    public int getPriority() {
        return 2000;
    }
}
