package org.apache.catalina.authenticator;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.util.Base64;
import org.apache.catalina.connector.Request;
import org.apache.http.protocol.HTTP;
import org.apache.juli.logging.Log;
import org.apache.juli.logging.LogFactory;
import org.apache.tomcat.util.buf.ByteChunk;
import org.apache.tomcat.util.buf.MessageBytes;

/* loaded from: input_file:tomcat-embed-core-10.1.25.jar:org/apache/catalina/authenticator/BasicAuthenticator.class */
public class BasicAuthenticator extends AuthenticatorBase {
    private final Log log = LogFactory.getLog((Class<?>) BasicAuthenticator.class);
    private Charset charset = StandardCharsets.ISO_8859_1;
    private String charsetString = null;
    private boolean trimCredentials = false;

    /* loaded from: input_file:tomcat-embed-core-10.1.25.jar:org/apache/catalina/authenticator/BasicAuthenticator$BasicCredentials.class */
    public static class BasicCredentials {
        private static final String METHOD = "basic ";
        private final Charset charset;
        private final boolean trimCredentials;
        private final ByteChunk authorization;
        private final int initialOffset;
        private int base64blobOffset;
        private int base64blobLength;
        private String username;
        private String password;

        public BasicCredentials(ByteChunk byteChunk, Charset charset) throws IllegalArgumentException {
            this(byteChunk, charset, false);
        }

        @Deprecated
        public BasicCredentials(ByteChunk byteChunk, Charset charset, boolean z) throws IllegalArgumentException {
            this.username = null;
            this.password = null;
            this.authorization = byteChunk;
            this.initialOffset = byteChunk.getStart();
            this.charset = charset;
            this.trimCredentials = z;
            parseMethod();
            parseCredentials(parseBase64());
        }

        public String getUsername() {
            return this.username;
        }

        public String getPassword() {
            return this.password;
        }

        private void parseMethod() throws IllegalArgumentException {
            if (!this.authorization.startsWithIgnoreCase(METHOD, 0)) {
                throw new IllegalArgumentException(AuthenticatorBase.sm.getString("basicAuthenticator.notBasic"));
            }
            this.base64blobOffset = this.initialOffset + METHOD.length();
            this.base64blobLength = this.authorization.getLength() - METHOD.length();
        }

        private byte[] parseBase64() throws IllegalArgumentException {
            byte[] bArr = new byte[this.base64blobLength];
            System.arraycopy(this.authorization.getBuffer(), this.base64blobOffset, bArr, 0, this.base64blobLength);
            byte[] decode = Base64.getDecoder().decode(bArr);
            this.authorization.setStart(this.initialOffset);
            if (decode == null) {
                throw new IllegalArgumentException(AuthenticatorBase.sm.getString("basicAuthenticator.notBase64"));
            }
            return decode;
        }

        private void parseCredentials(byte[] bArr) throws IllegalArgumentException {
            int i = -1;
            int i2 = 0;
            while (true) {
                if (i2 >= bArr.length) {
                    break;
                }
                if (bArr[i2] == 58) {
                    i = i2;
                    break;
                }
                i2++;
            }
            if (i < 0) {
                this.username = new String(bArr, this.charset);
            } else {
                this.username = new String(bArr, 0, i, this.charset);
                this.password = new String(bArr, i + 1, (bArr.length - i) - 1, this.charset);
                if (this.password.length() > 1 && this.trimCredentials) {
                    this.password = this.password.trim();
                }
            }
            if (this.username.length() <= 1 || !this.trimCredentials) {
                return;
            }
            this.username = this.username.trim();
        }
    }

    public String getCharset() {
        return this.charsetString;
    }

    public void setCharset(String str) {
        if (str == null || str.isEmpty()) {
            this.charset = StandardCharsets.ISO_8859_1;
        } else {
            if (!HTTP.UTF_8.equalsIgnoreCase(str)) {
                throw new IllegalArgumentException(sm.getString("basicAuthenticator.invalidCharset"));
            }
            this.charset = StandardCharsets.UTF_8;
        }
        this.charsetString = str;
    }

    @Deprecated
    public boolean getTrimCredentials() {
        return this.trimCredentials;
    }

    @Deprecated
    public void setTrimCredentials(boolean z) {
        this.trimCredentials = z;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    protected boolean doAuthenticate(Request request, HttpServletResponse httpServletResponse) throws IOException {
        if (checkForCachedAuthentication(request, httpServletResponse, true)) {
            return true;
        }
        MessageBytes value = request.getCoyoteRequest().getMimeHeaders().getValue("authorization");
        if (value != null) {
            value.toBytes();
            try {
                BasicCredentials basicCredentials = new BasicCredentials(value.getByteChunk(), this.charset, getTrimCredentials());
                String username = basicCredentials.getUsername();
                String password = basicCredentials.getPassword();
                Principal authenticate = this.context.getRealm().authenticate(username, password);
                if (authenticate != null) {
                    register(request, httpServletResponse, authenticate, HttpServletRequest.BASIC_AUTH, username, password);
                    return true;
                }
            } catch (IllegalArgumentException e) {
                if (this.log.isDebugEnabled()) {
                    this.log.debug(sm.getString("basicAuthenticator.invalidAuthorization", e.getMessage()));
                }
            }
        }
        StringBuilder sb = new StringBuilder(16);
        sb.append("Basic realm=\"");
        sb.append(getRealmName(this.context));
        sb.append('\"');
        if (this.charsetString != null && !this.charsetString.isEmpty()) {
            sb.append(", charset=");
            sb.append(this.charsetString);
        }
        httpServletResponse.setHeader("WWW-Authenticate", sb.toString());
        httpServletResponse.sendError(401);
        return false;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    protected String getAuthMethod() {
        return HttpServletRequest.BASIC_AUTH;
    }

    @Override // org.apache.catalina.authenticator.AuthenticatorBase
    protected boolean isPreemptiveAuthPossible(Request request) {
        MessageBytes value = request.getCoyoteRequest().getMimeHeaders().getValue("authorization");
        return value != null && value.startsWithIgnoreCase("basic ", 0);
    }
}
