package org.mule.extension.http.api.listener;

import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.mule.extension.http.api.HttpHeaders;
import org.mule.extension.http.api.HttpListenerResponseAttributes;
import org.mule.extension.http.api.HttpRequestAttributes;
import org.mule.extension.http.internal.HttpConnectorConstants;
import org.mule.extension.http.internal.filter.BasicUnauthorisedException;
import org.mule.runtime.api.i18n.I18nMessageFactory;
import org.mule.runtime.api.message.Message;
import org.mule.runtime.api.security.Credentials;
import org.mule.runtime.api.security.SecurityException;
import org.mule.runtime.api.security.SecurityProviderNotFoundException;
import org.mule.runtime.api.security.UnauthorisedException;
import org.mule.runtime.api.security.UnknownAuthenticationTypeException;
import org.mule.runtime.api.security.UnsupportedAuthenticationSchemeException;
import org.mule.runtime.api.util.MultiMap;
import org.mule.runtime.core.api.config.i18n.CoreMessages;
import org.mule.runtime.extension.api.annotation.param.NullSafe;
import org.mule.runtime.extension.api.annotation.param.Optional;
import org.mule.runtime.extension.api.annotation.param.Parameter;
import org.mule.runtime.extension.api.security.AuthenticationHandler;
import org.mule.runtime.http.api.HttpConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.SystemPropertyUtils;

/* loaded from: input_file:repository/org/mule/connectors/mule-http-connector/1.5.17/mule-http-connector-1.5.17-mule-plugin.jar:org/mule/extension/http/api/listener/HttpBasicAuthenticationFilter.class */
public class HttpBasicAuthenticationFilter {
    private static final char PADDING = '=';

    @Parameter
    private String realm;

    @NullSafe
    @Optional
    @Parameter
    private List<String> securityProviders;

    @Optional(defaultValue = "#[attributes]")
    @Parameter
    HttpRequestAttributes attributes;
    private static final Logger LOGGER = LoggerFactory.getLogger(HttpBasicAuthenticationFilter.class);
    private static final String HEADER_AUTHORIZATION = HttpHeaders.Names.AUTHORIZATION.toLowerCase();
    private static final Base64.Decoder DECODER = Base64.getDecoder();
    private static boolean LAX_DECODING = Boolean.getBoolean(HttpConnectorConstants.BASIC_LAX_DECODING_PROPERTY);

    public void authenticate(AuthenticationHandler authenticationHandler) throws SecurityException, SecurityProviderNotFoundException, UnknownAuthenticationTypeException {
        String str = (String) this.attributes.getHeaders().get(HEADER_AUTHORIZATION);
        LOGGER.debug("Authorization header: {}", str);
        if (str == null || !str.startsWith("Basic ")) {
            if (str != null) {
                throw new UnsupportedAuthenticationSchemeException(I18nMessageFactory.createStaticMessage("Http Basic filter doesn't know how to handle header " + str), createUnauthenticatedMessage());
            }
            throw new BasicUnauthorisedException(null, "HTTP basic authentication", "HTTP listener", createUnauthenticatedMessage());
        }
        Credentials createCredentials = createCredentials(authenticationHandler, decodeToken(str));
        try {
            authenticationHandler.setAuthentication(this.securityProviders, authenticationHandler.createAuthentication(createCredentials).setProperties(authenticationProperties(authenticationHandler)));
            LOGGER.debug("Authentication success.");
        } catch (UnauthorisedException e) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Authentication request for user: {} failed: {}", createCredentials.getUsername(), e);
            }
            throw new BasicUnauthorisedException(CoreMessages.authFailedForUser(createCredentials.getUsername()), e, createUnauthenticatedMessage());
        }
    }

    private String decodeToken(String str) throws BasicUnauthorisedException {
        String substring = str.substring(6);
        if (LAX_DECODING) {
            substring = substring.substring(0, substring.lastIndexOf(PADDING) + 1);
        }
        try {
            return new String(DECODER.decode(substring), StandardCharsets.US_ASCII);
        } catch (Exception e) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Authentication request failed: {}", e);
            }
            throw new BasicUnauthorisedException(I18nMessageFactory.createStaticMessage("Could not decode authorization header."), e, createUnauthenticatedMessage());
        }
    }

    private Credentials createCredentials(AuthenticationHandler authenticationHandler, String str) {
        String str2 = "";
        String str3 = "";
        int indexOf = str.indexOf(SystemPropertyUtils.VALUE_SEPARATOR);
        if (indexOf != -1) {
            str2 = str.substring(0, indexOf);
            str3 = str.substring(indexOf + 1);
        }
        return authenticationHandler.createCredentialsBuilder().withUsername(str2).withPassword(str3.toCharArray()).build();
    }

    private Map<String, Object> authenticationProperties(AuthenticationHandler authenticationHandler) {
        return (Map) authenticationHandler.getAuthentication().map((v0) -> {
            return v0.getProperties();
        }).orElse(Collections.emptyMap());
    }

    private Message createUnauthenticatedMessage() {
        String str;
        str = "Basic realm=";
        str = this.realm != null ? str + "\"" + this.realm + "\"" : "Basic realm=";
        MultiMap multiMap = new MultiMap();
        multiMap.put(HttpHeaders.Names.WWW_AUTHENTICATE, str);
        return Message.builder().nullValue().attributesValue(new HttpListenerResponseAttributes(HttpConstants.HttpStatus.UNAUTHORIZED.getStatusCode(), HttpConstants.HttpStatus.UNAUTHORIZED.getReasonPhrase(), multiMap)).build();
    }

    public static void refreshSystemProperties() {
        LAX_DECODING = Boolean.getBoolean(HttpConnectorConstants.BASIC_LAX_DECODING_PROPERTY);
    }
}
