package com.sun.enterprise.admin.util;

import com.sun.enterprise.admin.util.AdminLoginModule;
import com.sun.enterprise.config.serverbeans.SecureAdmin;
import com.sun.enterprise.universal.GFBase64Decoder;
import java.io.IOException;
import java.net.PasswordAuthentication;
import java.security.Principal;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.TextInputCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.glassfish.common.util.admin.AdminAuthenticator;
import org.glassfish.grizzly.http.Cookie;
import org.glassfish.grizzly.http.server.Request;
import org.glassfish.hk2.api.ServiceLocator;
import org.glassfish.internal.api.LocalPassword;

/* loaded from: input_file:com/sun/enterprise/admin/util/AdminCallbackHandler.class */
public class AdminCallbackHandler implements CallbackHandler {
    public static final String COOKIE_REST_TOKEN = "gfresttoken";
    public static final String HEADER_X_AUTH_TOKEN = "X-Auth-Token";
    private final Request request;
    private Map<String, String> headers = null;
    private static final String BASIC = "Basic ";
    private final Principal clientPrincipal;
    private final String originHost;
    private final PasswordAuthentication passwordAuthentication;
    private final String specialAdminIndicator;
    private final String token;
    private final String defaultAdminUsername;
    private final LocalPassword localPassword;
    private final ServiceLocator serviceLocator;
    private static final Level PROGRESS_LEVEL = Level.FINE;
    private static final Logger logger = GenericAdminAuthenticator.ADMSEC_LOGGER;
    private static final GFBase64Decoder decoder = new GFBase64Decoder();

    public AdminCallbackHandler(ServiceLocator serviceLocator, Request request, String str, String str2, LocalPassword localPassword) throws IOException {
        this.serviceLocator = serviceLocator;
        this.request = request;
        this.defaultAdminUsername = str2;
        this.localPassword = localPassword;
        this.clientPrincipal = request.getUserPrincipal();
        this.originHost = str != null ? str : request.getRemoteHost();
        this.passwordAuthentication = basicAuth();
        this.specialAdminIndicator = specialAdminIndicator();
        this.token = token();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ServiceLocator getServiceLocator() {
        return this.serviceLocator;
    }

    private static Map<String, String> headers(Request request) {
        HashMap hashMap = new HashMap();
        for (String str : request.getHeaderNames()) {
            hashMap.put(headerName(str), request.getHeader(str));
        }
        return hashMap;
    }

    private static String headerName(String str) {
        return str.toLowerCase(Locale.ENGLISH);
    }

    private synchronized Map<String, String> headers() {
        if (this.headers == null) {
            this.headers = headers(this.request);
        }
        return this.headers;
    }

    private String header(String str) {
        return headers().get(headerName(str));
    }

    private PasswordAuthentication basicAuth() throws IOException {
        String header = header(HttpConnectorAddress.AUTHORIZATION_KEY);
        if (header == null) {
            logger.log(PROGRESS_LEVEL, "No Authorization header found; preparing default with username {0} and empty password", this.defaultAdminUsername);
            return new PasswordAuthentication(this.defaultAdminUsername, new char[0]);
        }
        String str = new String(decoder.decodeBuffer(header.substring(BASIC.length())));
        int indexOf = str.indexOf(58);
        if (indexOf < 0) {
            logger.log(PROGRESS_LEVEL, "Authorization header contained no : to separate the username from the password; proceeding with an empty username and empty password");
            return new PasswordAuthentication("", new char[0]);
        }
        char[] charArray = str.substring(indexOf + 1).toCharArray();
        String substring = str.substring(0, indexOf);
        if (substring.isEmpty() && !this.localPassword.isLocalPassword(new String(charArray))) {
            logger.log(PROGRESS_LEVEL, "Authorization header contained no username and the password is not the local password, so continue with the default username {0}", this.defaultAdminUsername);
            substring = this.defaultAdminUsername;
        }
        logger.log(PROGRESS_LEVEL, "basicAuth processing returning PasswordAuthentication with username {0}", substring);
        return new PasswordAuthentication(substring, charArray);
    }

    private String specialAdminIndicator() {
        return header(SecureAdmin.Util.ADMIN_INDICATOR_HEADER_NAME);
    }

    private String token() {
        return header(SecureAdmin.Util.ADMIN_ONE_TIME_AUTH_TOKEN_HEADER_NAME);
    }

    private String restToken() {
        Cookie[] cookies = this.request.getCookies();
        String str = null;
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                if (COOKIE_REST_TOKEN.equals(cookie.getName())) {
                    str = cookie.getValue();
                }
            }
        }
        if (str == null) {
            str = this.request.getHeader(HEADER_X_AUTH_TOKEN);
        }
        return str;
    }

    public String getRemoteHost() {
        return this.originHost;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (Callback callback : callbackArr) {
            if (callback instanceof NameCallback) {
                ((NameCallback) callback).setName(this.passwordAuthentication.getUserName());
            } else if (callback instanceof PasswordCallback) {
                ((PasswordCallback) callback).setPassword(this.passwordAuthentication.getPassword());
            } else if (callback instanceof TextInputCallback) {
                TextInputCallback textInputCallback = (TextInputCallback) callback;
                String prompt = textInputCallback.getPrompt();
                if (AdminAuthenticator.AuthenticatorType.ADMIN_INDICATOR.name().equals(prompt)) {
                    textInputCallback.setText(specialAdminIndicator());
                } else if (AdminAuthenticator.AuthenticatorType.ADMIN_TOKEN.name().equals(prompt)) {
                    textInputCallback.setText(token());
                } else if (AdminAuthenticator.AuthenticatorType.REMOTE_HOST.name().equals(prompt)) {
                    textInputCallback.setText(remoteHost());
                } else if (AdminAuthenticator.AuthenticatorType.REST_TOKEN.name().equals(prompt)) {
                    textInputCallback.setText(restToken());
                } else if (AdminAuthenticator.AuthenticatorType.REMOTE_ADDR.name().equals(prompt)) {
                    textInputCallback.setText(remoteAddr());
                }
            } else if (callback instanceof AdminLoginModule.PrincipalCallback) {
                ((AdminLoginModule.PrincipalCallback) callback).setPrincipal(this.clientPrincipal);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PasswordAuthentication pw() {
        return this.passwordAuthentication;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Principal clientPrincipal() {
        return this.clientPrincipal;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String tkn() {
        return this.token;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String remoteHost() {
        return this.originHost;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String adminIndicator() {
        return this.specialAdminIndicator;
    }

    String remoteAddr() {
        return this.request.getRemoteAddr();
    }
}
