package org.apache.qpid.server.management.plugin.auth;

import jakarta.servlet.http.HttpServletRequest;
import java.nio.charset.StandardCharsets;
import javax.security.auth.Subject;
import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
import org.apache.qpid.server.management.plugin.HttpRequestPreemptiveAuthenticator;
import org.apache.qpid.server.model.Port;
import org.apache.qpid.server.plugin.PluggableService;
import org.apache.qpid.server.security.SubjectCreator;
import org.apache.qpid.server.security.auth.manager.UsernamePasswordAuthenticationProvider;
import org.apache.qpid.server.util.Strings;

@PluggableService
/* loaded from: input_file:org/apache/qpid/server/management/plugin/auth/BasicAuthPreemptiveAuthenticator.class */
public class BasicAuthPreemptiveAuthenticator implements HttpRequestPreemptiveAuthenticator {
    private static final String BASIC_AUTH = "BasicAuth";

    /* JADX WARN: Type inference failed for: r0v35, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r0v42, types: [byte[], byte[][]] */
    /* JADX WARN: Type inference failed for: r0v55, types: [byte[], byte[][]] */
    @Override // org.apache.qpid.server.management.plugin.HttpRequestPreemptiveAuthenticator
    public Subject attemptAuthentication(HttpServletRequest httpServletRequest, HttpManagementConfiguration httpManagementConfiguration) {
        String header = httpServletRequest.getHeader("Authorization");
        Port<?> mo6getPort = httpManagementConfiguration.mo6getPort(httpServletRequest);
        UsernamePasswordAuthenticationProvider authenticationProvider = httpManagementConfiguration.getAuthenticationProvider(httpServletRequest);
        SubjectCreator subjectCreator = mo6getPort.getSubjectCreator(httpServletRequest.isSecure(), httpServletRequest.getServerName());
        if (header == null || !(authenticationProvider instanceof UsernamePasswordAuthenticationProvider)) {
            return null;
        }
        UsernamePasswordAuthenticationProvider usernamePasswordAuthenticationProvider = authenticationProvider;
        String[] split = header.split("\\s");
        if (split.length < 2 || !"BASIC".equalsIgnoreCase(split[0])) {
            return null;
        }
        if (!(httpServletRequest.isSecure() ? httpManagementConfiguration.isHttpsBasicAuthenticationEnabled() : httpManagementConfiguration.isHttpBasicAuthenticationEnabled())) {
            return null;
        }
        byte[] decodeCharArray = Strings.decodeCharArray(split[1].toCharArray(), "basic authentication credentials");
        try {
            String[] split2 = new String(decodeCharArray, StandardCharsets.UTF_8).split(":", 2);
            if (split2.length != 2) {
                Strings.clearByteArray((byte[][]) new byte[]{decodeCharArray});
                return null;
            }
            Subject subject = subjectCreator.createResultWithGroups(usernamePasswordAuthenticationProvider.authenticate(split2[0], split2[1])).getSubject();
            Strings.clearByteArray((byte[][]) new byte[]{decodeCharArray});
            return subject;
        } catch (Throwable th) {
            Strings.clearByteArray((byte[][]) new byte[]{decodeCharArray});
            throw th;
        }
    }

    public String getType() {
        return BASIC_AUTH;
    }
}
