package org.zowe.apiml.security.common.login;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import java.util.Optional;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.zowe.apiml.security.common.error.AuthMethodNotSupportedException;
import org.zowe.apiml.security.common.error.ResourceAccessExceptionHandler;

/* loaded from: input_file:BOOT-INF/lib/apiml-security-common-2.13.7.jar:org/zowe/apiml/security/common/login/LoginFilter.class */
public class LoginFilter extends NonCompulsoryAuthenticationProcessingFilter {
    private final AuthenticationSuccessHandler successHandler;
    private final AuthenticationFailureHandler failureHandler;
    private final ResourceAccessExceptionHandler resourceAccessExceptionHandler;
    private final ObjectMapper mapper;

    public LoginFilter(String str, AuthenticationSuccessHandler authenticationSuccessHandler, AuthenticationFailureHandler authenticationFailureHandler, ObjectMapper objectMapper, AuthenticationManager authenticationManager, ResourceAccessExceptionHandler resourceAccessExceptionHandler) {
        super(str);
        this.successHandler = authenticationSuccessHandler;
        this.failureHandler = authenticationFailureHandler;
        this.mapper = objectMapper;
        this.resourceAccessExceptionHandler = resourceAccessExceptionHandler;
        setAuthenticationManager(authenticationManager);
    }

    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        if (httpServletRequest.getMethod().equals(HttpMethod.POST.name())) {
            return doAuth(httpServletRequest, httpServletResponse, getCredentialFromAuthorizationHeader(httpServletRequest).orElse(getCredentialsFromBody(httpServletRequest).orElse(null)));
        }
        throw new AuthMethodNotSupportedException(httpServletRequest.getMethod());
    }

    public Authentication doAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, LoginRequest loginRequest) throws ServletException {
        if (loginRequest == null) {
            return null;
        }
        try {
            if (StringUtils.isBlank(loginRequest.getUsername()) || ArrayUtils.isEmpty(loginRequest.getPassword())) {
                throw new AuthenticationCredentialsNotFoundException("Username or password not provided.");
            }
            Authentication authentication = null;
            try {
                authentication = getAuthenticationManager().authenticate(new UsernamePasswordAuthenticationToken(loginRequest.getUsername(), loginRequest));
            } catch (RuntimeException e) {
                this.resourceAccessExceptionHandler.handleException(httpServletRequest, httpServletResponse, e);
            }
            return authentication;
        } finally {
            loginRequest.evictSensitiveData();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Authentication authentication) throws IOException, ServletException {
        this.successHandler.onAuthenticationSuccess(httpServletRequest, httpServletResponse, authentication);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public void unsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        SecurityContextHolder.clearContext();
        this.failureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException);
    }

    public static Optional<LoginRequest> getCredentialFromAuthorizationHeader(HttpServletRequest httpServletRequest) {
        return Optional.ofNullable(httpServletRequest.getHeader("Authorization")).filter(str -> {
            return str.startsWith("Basic");
        }).map(str2 -> {
            return str2.replaceFirst("Basic", "").trim();
        }).filter(str3 -> {
            return !str3.isEmpty();
        }).map(LoginFilter::mapBase64Credentials);
    }

    private static LoginRequest mapBase64Credentials(String str) {
        byte[] bArr = null;
        try {
            bArr = Base64.getDecoder().decode(str);
            int indexOf = ArrayUtils.indexOf(bArr, (byte) 58);
            if (indexOf <= 0) {
                if (bArr != null) {
                    Arrays.fill(bArr, (byte) 0);
                }
                throw new BadCredentialsException("Invalid basic authentication header");
            }
            byte[] bArr2 = null;
            try {
                bArr2 = Arrays.copyOfRange(bArr, indexOf + 1, bArr.length);
                char[] cArr = new char[bArr2.length];
                for (int i = 0; i < bArr2.length; i++) {
                    cArr[i] = (char) bArr2[i];
                }
                LoginRequest loginRequest = new LoginRequest(new String(Arrays.copyOfRange(bArr, 0, indexOf), StandardCharsets.UTF_8), cArr);
                if (bArr2 != null) {
                    Arrays.fill(bArr2, (byte) 0);
                }
                if (bArr != null) {
                    Arrays.fill(bArr, (byte) 0);
                }
                return loginRequest;
            } catch (Throwable th) {
                if (bArr2 != null) {
                    Arrays.fill(bArr2, (byte) 0);
                }
                throw th;
            }
        } catch (Throwable th2) {
            if (bArr != null) {
                Arrays.fill(bArr, (byte) 0);
            }
            throw th2;
        }
    }

    private Optional<LoginRequest> getCredentialsFromBody(HttpServletRequest httpServletRequest) {
        try {
            return httpServletRequest.getInputStream().available() == 0 ? Optional.empty() : Optional.of(this.mapper.readValue(httpServletRequest.getInputStream(), LoginRequest.class));
        } catch (IOException e) {
            this.logger.debug("Authentication problem: login object has wrong format");
            throw new AuthenticationCredentialsNotFoundException("Login object has wrong format.");
        }
    }
}
