package org.sonar.server.authentication;

import com.google.common.base.Charsets;
import java.util.Base64;
import java.util.Locale;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.sonar.db.DbClient;
import org.sonar.db.DbSession;
import org.sonar.db.user.UserDto;
import org.sonar.server.authentication.event.AuthenticationEvent;
import org.sonar.server.authentication.event.AuthenticationException;
import org.sonar.server.usertoken.UserTokenAuthenticator;

/* loaded from: input_file:org/sonar/server/authentication/BasicAuthenticator.class */
public class BasicAuthenticator {
    private static final Base64.Decoder BASE64_DECODER = Base64.getDecoder();
    private static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String BASIC_AUTHORIZATION = "BASIC";
    private final DbClient dbClient;
    private final CredentialsAuthenticator credentialsAuthenticator;
    private final UserTokenAuthenticator userTokenAuthenticator;
    private final AuthenticationEvent authenticationEvent;

    public BasicAuthenticator(DbClient dbClient, CredentialsAuthenticator credentialsAuthenticator, UserTokenAuthenticator userTokenAuthenticator, AuthenticationEvent authenticationEvent) {
        this.dbClient = dbClient;
        this.credentialsAuthenticator = credentialsAuthenticator;
        this.userTokenAuthenticator = userTokenAuthenticator;
        this.authenticationEvent = authenticationEvent;
    }

    public Optional<UserDto> authenticate(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(AUTHORIZATION_HEADER);
        if (header == null || !header.toUpperCase(Locale.ENGLISH).startsWith(BASIC_AUTHORIZATION)) {
            return Optional.empty();
        }
        String[] credentials = getCredentials(header);
        return Optional.of(authenticate(credentials[0], credentials[1], httpServletRequest));
    }

    private static String[] getCredentials(String str) {
        String decodedBasicAuth = getDecodedBasicAuth(str.substring(6));
        int indexOf = decodedBasicAuth.indexOf(58);
        if (indexOf <= 0) {
            throw AuthenticationException.newBuilder().setSource(AuthenticationEvent.Source.local(AuthenticationEvent.Method.BASIC)).setMessage("Decoded basic auth does not contain ':'").build();
        }
        return new String[]{decodedBasicAuth.substring(0, indexOf), decodedBasicAuth.substring(indexOf + 1)};
    }

    private static String getDecodedBasicAuth(String str) {
        try {
            return new String(BASE64_DECODER.decode(str.getBytes(Charsets.UTF_8)), Charsets.UTF_8);
        } catch (Exception e) {
            throw AuthenticationException.newBuilder().setSource(AuthenticationEvent.Source.local(AuthenticationEvent.Method.BASIC)).setMessage("Invalid basic header").build();
        }
    }

    private UserDto authenticate(String str, String str2, HttpServletRequest httpServletRequest) {
        if (!StringUtils.isEmpty(str2)) {
            return this.credentialsAuthenticator.authenticate(str, str2, httpServletRequest, AuthenticationEvent.Method.BASIC);
        }
        UserDto authenticateFromUserToken = authenticateFromUserToken(str);
        this.authenticationEvent.login(httpServletRequest, authenticateFromUserToken.getLogin(), AuthenticationEvent.Source.local(AuthenticationEvent.Method.BASIC_TOKEN));
        return authenticateFromUserToken;
    }

    private UserDto authenticateFromUserToken(String str) {
        Optional<String> authenticate = this.userTokenAuthenticator.authenticate(str);
        if (!authenticate.isPresent()) {
            throw AuthenticationException.newBuilder().setSource(AuthenticationEvent.Source.local(AuthenticationEvent.Method.BASIC_TOKEN)).setMessage("Token doesn't exist").build();
        }
        DbSession openSession = this.dbClient.openSession(false);
        Throwable th = null;
        try {
            try {
                UserDto selectActiveUserByLogin = this.dbClient.userDao().selectActiveUserByLogin(openSession, authenticate.get());
                if (selectActiveUserByLogin == null) {
                    throw AuthenticationException.newBuilder().setSource(AuthenticationEvent.Source.local(AuthenticationEvent.Method.BASIC_TOKEN)).setMessage("User doesn't exist").build();
                }
                if (openSession != null) {
                    if (0 != 0) {
                        try {
                            openSession.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        openSession.close();
                    }
                }
                return selectActiveUserByLogin;
            } finally {
            }
        } catch (Throwable th3) {
            if (openSession != null) {
                if (th != null) {
                    try {
                        openSession.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    openSession.close();
                }
            }
            throw th3;
        }
    }
}
