package com.floragunn.searchguard.legacy.auth;

import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.codova.validation.errors.MissingAttribute;
import com.floragunn.searchguard.TypedComponent;
import com.floragunn.searchguard.authc.AuthenticatorUnavailableException;
import com.floragunn.searchguard.authc.CredentialsException;
import com.floragunn.searchguard.authc.legacy.LegacyHTTPAuthenticator;
import com.floragunn.searchguard.authc.session.ApiAuthenticationFrontend;
import com.floragunn.searchguard.legacy.LegacyComponentFactory;
import com.floragunn.searchguard.user.AuthCredentials;
import com.floragunn.searchsupport.cstate.ComponentState;
import java.nio.charset.StandardCharsets;
import java.nio.file.Path;
import java.util.Base64;
import java.util.Map;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.opensearch.common.settings.Settings;
import org.opensearch.common.util.concurrent.ThreadContext;
import org.opensearch.rest.RestRequest;

/* loaded from: input_file:com/floragunn/searchguard/legacy/auth/HTTPBasicAuthenticator.class */
public class HTTPBasicAuthenticator implements LegacyHTTPAuthenticator, ApiAuthenticationFrontend {
    private final ComponentState componentState = new ComponentState(0, "authentication_frontend", "basic", HTTPBasicAuthenticator.class).initialized();
    protected static final Logger log = LogManager.getLogger(HTTPBasicAuthenticator.class);
    public static TypedComponent.Info<LegacyHTTPAuthenticator> INFO = new TypedComponent.Info<LegacyHTTPAuthenticator>() { // from class: com.floragunn.searchguard.legacy.auth.HTTPBasicAuthenticator.1
        public Class<LegacyHTTPAuthenticator> getType() {
            return LegacyHTTPAuthenticator.class;
        }

        public String getName() {
            return "basic";
        }

        public TypedComponent.Factory<LegacyHTTPAuthenticator> getFactory() {
            return LegacyComponentFactory.adapt(HTTPBasicAuthenticator::new);
        }
    };

    public HTTPBasicAuthenticator(Settings settings, Path path) {
    }

    public AuthCredentials extractCredentials(RestRequest restRequest, ThreadContext threadContext) {
        AuthCredentials.Builder extractCredentials;
        if (restRequest.paramAsBoolean("force_login", false) || (extractCredentials = extractCredentials(restRequest.header("Authorization"))) == null) {
            return null;
        }
        return extractCredentials.authenticatorType(getType()).build();
    }

    public String getType() {
        return "basic";
    }

    public String getChallenge(AuthCredentials authCredentials) {
        return "Basic realm=\"Search Guard\"";
    }

    public AuthCredentials extractCredentials(Map<String, Object> map) throws CredentialsException, ConfigValidationException, AuthenticatorUnavailableException {
        ValidationErrors validationErrors = new ValidationErrors();
        if (map.get("user") == null) {
            validationErrors.add(new MissingAttribute("user", (Object) null));
        }
        if (map.get("password") == null) {
            validationErrors.add(new MissingAttribute("password", (Object) null));
        }
        validationErrors.throwExceptionForPresentErrors();
        return AuthCredentials.forUser(String.valueOf(map.get("user"))).password(String.valueOf(map.get("password")).getBytes(StandardCharsets.UTF_8)).complete().build();
    }

    public ComponentState getComponentState() {
        return this.componentState;
    }

    private static AuthCredentials.Builder extractCredentials(String str) {
        if (str == null) {
            return null;
        }
        if (!str.trim().toLowerCase().startsWith("basic ")) {
            log.debug("No 'Basic Authorization' header, send 401 and 'WWW-Authenticate Basic'");
            return null;
        }
        String str2 = new String(Base64.getDecoder().decode(str.split(" ")[1]), StandardCharsets.UTF_8);
        int indexOf = str2.indexOf(58);
        String str3 = null;
        String str4 = null;
        if (indexOf > 0) {
            str3 = str2.substring(0, indexOf);
            str4 = str2.length() - 1 != indexOf ? str2.substring(indexOf + 1) : "";
        }
        if (str3 != null && str4 != null) {
            return AuthCredentials.forUser(str3).password(str4.getBytes(StandardCharsets.UTF_8)).complete();
        }
        log.debug("Invalid 'Authorization' header, send 401 and 'WWW-Authenticate Basic'");
        return null;
    }
}
