package com.stormpath.sdk.servlet.http.authc;

import com.stormpath.sdk.application.Application;
import com.stormpath.sdk.authc.AuthenticationOptions;
import com.stormpath.sdk.authc.AuthenticationRequest;
import com.stormpath.sdk.authc.AuthenticationResult;
import com.stormpath.sdk.directory.AccountStore;
import com.stormpath.sdk.lang.Assert;
import com.stormpath.sdk.lang.Strings;
import com.stormpath.sdk.servlet.authc.SuccessfulAuthenticationRequestEvent;
import com.stormpath.sdk.servlet.authc.impl.DefaultFailedAuthenticationRequestEvent;
import com.stormpath.sdk.servlet.authc.impl.DefaultSuccessfulAuthenticationRequestEvent;
import com.stormpath.sdk.servlet.event.RequestEvent;
import com.stormpath.sdk.servlet.event.impl.Publisher;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/stormpath/sdk/servlet/http/authc/AuthorizationHeaderAuthenticator.class */
public class AuthorizationHeaderAuthenticator implements HeaderAuthenticator {
    private static final Logger log = LoggerFactory.getLogger(AuthorizationHeaderAuthenticator.class);
    private static final String AUTHENTICATE_HEADER = "WWW-Authenticate";
    private static final String AUTHORIZATION = "Authorization";
    private final AuthorizationHeaderParser parser = new DefaultAuthorizationHeaderParser();
    private final Map<String, HttpAuthenticationScheme> schemes;
    private final boolean sendChallengeOnFailure;
    private final Publisher<RequestEvent> eventPublisher;

    public AuthorizationHeaderAuthenticator(List<HttpAuthenticationScheme> list, boolean z, Publisher<RequestEvent> publisher) {
        Assert.notEmpty(list, "AuthenticationScheme list cannot be null or empty.");
        Assert.notNull(publisher, "Event Publisher cannot be null.");
        this.sendChallengeOnFailure = z;
        this.eventPublisher = publisher;
        this.schemes = new LinkedHashMap(list.size());
        for (HttpAuthenticationScheme httpAuthenticationScheme : list) {
            this.schemes.put(httpAuthenticationScheme.getName().toLowerCase(), httpAuthenticationScheme);
        }
    }

    protected Publisher<RequestEvent> getEventPublisher() {
        return this.eventPublisher;
    }

    @Override // com.stormpath.sdk.servlet.http.authc.HttpAuthenticator
    public HttpAuthenticationResult authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HttpCredentials parse = this.parser.parse(httpServletRequest.getHeader(AUTHORIZATION));
        String clean = Strings.clean(parse.getSchemeName());
        AuthenticationRequest authenticationRequest = null;
        if (clean != null) {
            HttpAuthenticationScheme httpAuthenticationScheme = this.schemes.get(parse.getSchemeName().toLowerCase());
            if (parse.getSchemeValue() != null) {
                DefaultHttpAuthenticationAttempt defaultHttpAuthenticationAttempt = new DefaultHttpAuthenticationAttempt(httpServletRequest, httpServletResponse, parse);
                HttpAuthenticationResult httpAuthenticationResult = null;
                try {
                    authenticationRequest = toAuthenticationRequest(defaultHttpAuthenticationAttempt);
                    httpAuthenticationResult = httpAuthenticationScheme.authenticate(defaultHttpAuthenticationAttempt);
                } catch (Throwable th) {
                    log.debug("Unable to authenticate request with authentication scheme '" + clean + "': " + th.getMessage() + "  Sending HTTP challenge response.", th);
                }
                if (httpAuthenticationResult != null) {
                    publish(createSuccessEvent(defaultHttpAuthenticationAttempt, authenticationRequest, httpAuthenticationResult.getAuthenticationResult()));
                    return httpAuthenticationResult;
                }
            }
        }
        if (this.sendChallengeOnFailure) {
            sendChallenge(httpServletRequest, httpServletResponse);
        }
        HttpAuthenticationException httpAuthenticationException = new HttpAuthenticationException("Unable to successfully authenticate request with Authorization header.");
        try {
            publish(new DefaultFailedAuthenticationRequestEvent(httpServletRequest, httpServletResponse, authenticationRequest, httpAuthenticationException));
        } catch (Throwable th2) {
            log.warn("Unable to publish failed authentication request event due to exception: {}. Ignoring and propagating original authentication exception {}.", new Object[]{th2, httpAuthenticationException, th2});
        }
        throw httpAuthenticationException;
    }

    protected Application getApplication(HttpServletRequest httpServletRequest) {
        return (Application) httpServletRequest.getAttribute(Application.class.getName());
    }

    @Override // com.stormpath.sdk.servlet.http.authc.HeaderAuthenticator
    public void sendChallenge(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String realmName = getRealmName(httpServletRequest);
        httpServletResponse.setStatus(401);
        Iterator<HttpAuthenticationScheme> it = this.schemes.values().iterator();
        while (it.hasNext()) {
            httpServletResponse.addHeader(AUTHENTICATE_HEADER, createWwwAuthenticateHeaderValue(it.next(), realmName));
        }
    }

    protected String getRealmName(HttpServletRequest httpServletRequest) {
        return getApplication(httpServletRequest).getName();
    }

    protected String createWwwAuthenticateHeaderValue(HttpAuthenticationScheme httpAuthenticationScheme, String str) {
        return httpAuthenticationScheme.getName() + " realm=\"" + str + "\"";
    }

    protected AuthenticationRequest toAuthenticationRequest(final HttpAuthenticationAttempt httpAuthenticationAttempt) {
        return new AuthenticationRequest() { // from class: com.stormpath.sdk.servlet.http.authc.AuthorizationHeaderAuthenticator.1
            public Object getPrincipals() {
                return httpAuthenticationAttempt.getCredentials();
            }

            public Object getCredentials() {
                return httpAuthenticationAttempt.getCredentials();
            }

            public String getHost() {
                return httpAuthenticationAttempt.getRequest().getRemoteHost();
            }

            public void clear() {
            }

            public AccountStore getAccountStore() {
                return null;
            }

            public AuthenticationOptions getResponseOptions() {
                return null;
            }

            public String getOrganizationNameKey() {
                return null;
            }
        };
    }

    protected SuccessfulAuthenticationRequestEvent createSuccessEvent(HttpAuthenticationAttempt httpAuthenticationAttempt, AuthenticationRequest authenticationRequest, AuthenticationResult authenticationResult) {
        return new DefaultSuccessfulAuthenticationRequestEvent(httpAuthenticationAttempt.getRequest(), httpAuthenticationAttempt.getResponse(), authenticationRequest, authenticationResult);
    }

    protected void publish(RequestEvent requestEvent) {
        getEventPublisher().publish(requestEvent);
    }
}
