package org.springframework.security.web.authentication.www;

import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.pdfbox.contentstream.operator.OperatorName;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.NullRememberMeServices;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:WEB-INF/lib/spring-security-web-4.2.13.RELEASE.jar:org/springframework/security/web/authentication/www/BasicAuthenticationFilter.class */
public class BasicAuthenticationFilter extends OncePerRequestFilter {
    private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;
    private AuthenticationEntryPoint authenticationEntryPoint;
    private AuthenticationManager authenticationManager;
    private RememberMeServices rememberMeServices;
    private boolean ignoreFailure;
    private String credentialsCharset;
    static final /* synthetic */ boolean $assertionsDisabled;

    public BasicAuthenticationFilter(AuthenticationManager authenticationManager) {
        this.authenticationDetailsSource = new WebAuthenticationDetailsSource();
        this.rememberMeServices = new NullRememberMeServices();
        this.ignoreFailure = false;
        this.credentialsCharset = "UTF-8";
        Assert.notNull(authenticationManager, "authenticationManager cannot be null");
        this.authenticationManager = authenticationManager;
        this.ignoreFailure = true;
    }

    public BasicAuthenticationFilter(AuthenticationManager authenticationManager, AuthenticationEntryPoint authenticationEntryPoint) {
        this.authenticationDetailsSource = new WebAuthenticationDetailsSource();
        this.rememberMeServices = new NullRememberMeServices();
        this.ignoreFailure = false;
        this.credentialsCharset = "UTF-8";
        Assert.notNull(authenticationManager, "authenticationManager cannot be null");
        Assert.notNull(authenticationEntryPoint, "authenticationEntryPoint cannot be null");
        this.authenticationManager = authenticationManager;
        this.authenticationEntryPoint = authenticationEntryPoint;
    }

    @Override // org.springframework.web.filter.GenericFilterBean, org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        Assert.notNull(this.authenticationManager, "An AuthenticationManager is required");
        if (isIgnoreFailure()) {
            return;
        }
        Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        boolean isDebugEnabled = this.logger.isDebugEnabled();
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !header.toLowerCase().startsWith("basic ")) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            String[] extractAndDecodeHeader = extractAndDecodeHeader(header, httpServletRequest);
            if (!$assertionsDisabled && extractAndDecodeHeader.length != 2) {
                throw new AssertionError();
            }
            String str = extractAndDecodeHeader[0];
            if (isDebugEnabled) {
                this.logger.debug("Basic Authentication Authorization header found for user '" + str + OperatorName.SHOW_TEXT_LINE);
            }
            if (authenticationIsRequired(str)) {
                UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(str, extractAndDecodeHeader[1]);
                usernamePasswordAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
                Authentication authenticate = this.authenticationManager.authenticate(usernamePasswordAuthenticationToken);
                if (isDebugEnabled) {
                    this.logger.debug("Authentication success: " + authenticate);
                }
                SecurityContextHolder.getContext().setAuthentication(authenticate);
                this.rememberMeServices.loginSuccess(httpServletRequest, httpServletResponse, authenticate);
                onSuccessfulAuthentication(httpServletRequest, httpServletResponse, authenticate);
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (AuthenticationException e) {
            SecurityContextHolder.clearContext();
            if (isDebugEnabled) {
                this.logger.debug("Authentication request for failed: " + e);
            }
            this.rememberMeServices.loginFail(httpServletRequest, httpServletResponse);
            onUnsuccessfulAuthentication(httpServletRequest, httpServletResponse, e);
            if (this.ignoreFailure) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } else {
                this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, e);
            }
        }
    }

    private String[] extractAndDecodeHeader(String str, HttpServletRequest httpServletRequest) throws IOException {
        try {
            String str2 = new String(Base64.decode(str.substring(6).getBytes("UTF-8")), getCredentialsCharset(httpServletRequest));
            int indexOf = str2.indexOf(":");
            if (indexOf == -1) {
                throw new BadCredentialsException("Invalid basic authentication token");
            }
            return new String[]{str2.substring(0, indexOf), str2.substring(indexOf + 1)};
        } catch (IllegalArgumentException e) {
            throw new BadCredentialsException("Failed to decode basic authentication token");
        }
    }

    private boolean authenticationIsRequired(String str) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || !authentication.isAuthenticated()) {
            return true;
        }
        return ((authentication instanceof UsernamePasswordAuthenticationToken) && !authentication.getName().equals(str)) || (authentication instanceof AnonymousAuthenticationToken);
    }

    protected void onSuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException {
    }

    protected void onUnsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException {
    }

    protected AuthenticationEntryPoint getAuthenticationEntryPoint() {
        return this.authenticationEntryPoint;
    }

    protected AuthenticationManager getAuthenticationManager() {
        return this.authenticationManager;
    }

    protected boolean isIgnoreFailure() {
        return this.ignoreFailure;
    }

    public void setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    public void setRememberMeServices(RememberMeServices rememberMeServices) {
        Assert.notNull(rememberMeServices, "rememberMeServices cannot be null");
        this.rememberMeServices = rememberMeServices;
    }

    public void setCredentialsCharset(String str) {
        Assert.hasText(str, "credentialsCharset cannot be null or empty");
        this.credentialsCharset = str;
    }

    protected String getCredentialsCharset(HttpServletRequest httpServletRequest) {
        return this.credentialsCharset;
    }

    static {
        $assertionsDisabled = !BasicAuthenticationFilter.class.desiredAssertionStatus();
    }
}
