package com.floragunn.searchguard.authc.rest.authenticators;

import com.floragunn.codova.documents.DocNode;
import com.floragunn.codova.validation.ConfigValidationException;
import com.floragunn.codova.validation.ValidatingDocNode;
import com.floragunn.codova.validation.ValidationErrors;
import com.floragunn.codova.validation.errors.MissingAttribute;
import com.floragunn.searchguard.authc.RequestMetaData;
import com.floragunn.searchguard.authc.rest.HttpAuthenticationFrontend;
import com.floragunn.searchguard.authc.session.ApiAuthenticationFrontend;
import com.floragunn.searchguard.configuration.ConfigurationRepository;
import com.floragunn.searchguard.support.ConfigConstants;
import com.floragunn.searchguard.user.AuthCredentials;
import com.floragunn.searchsupport.cstate.ComponentState;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Map;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:com/floragunn/searchguard/authc/rest/authenticators/BasicAuthenticationFrontend.class */
public class BasicAuthenticationFrontend implements HttpAuthenticationFrontend, ApiAuthenticationFrontend {
    public static String TYPE = "basic";
    private static final Logger log = LogManager.getLogger(BasicAuthenticationFrontend.class);
    private final ComponentState componentState = new ComponentState(0, "authentication_frontend", TYPE).initialized();
    private final boolean challenge;

    public BasicAuthenticationFrontend(DocNode docNode, ConfigurationRepository.Context context) throws ConfigValidationException {
        ValidationErrors validationErrors = new ValidationErrors();
        ValidatingDocNode validatingDocNode = new ValidatingDocNode(docNode, validationErrors, context);
        this.challenge = validatingDocNode.get("challenge").withDefault(true).asBoolean();
        validatingDocNode.checkForUnusedAttributes();
        validationErrors.throwExceptionForPresentErrors();
    }

    @Override // com.floragunn.searchguard.authc.AuthenticationFrontend
    public String getType() {
        return TYPE;
    }

    @Override // com.floragunn.searchguard.authc.rest.HttpAuthenticationFrontend
    public AuthCredentials extractCredentials(RequestMetaData<?> requestMetaData) {
        AuthCredentials.Builder decodeBasicCredentials = decodeBasicCredentials(requestMetaData.getAuthorizationByScheme("basic"));
        if (decodeBasicCredentials != null) {
            return decodeBasicCredentials.authenticatorType(getType()).build();
        }
        return null;
    }

    @Override // com.floragunn.searchguard.authc.session.ApiAuthenticationFrontend
    public AuthCredentials extractCredentials(Map<String, Object> map) throws ConfigValidationException {
        ValidationErrors validationErrors = new ValidationErrors();
        if (map.get("user") == null) {
            validationErrors.add(new MissingAttribute("user", (Object) null));
        }
        if (map.get(ConfigConstants.SEARCHGUARD_AUDIT_EXTERNAL_ES_PASSWORD) == null) {
            validationErrors.add(new MissingAttribute(ConfigConstants.SEARCHGUARD_AUDIT_EXTERNAL_ES_PASSWORD, (Object) null));
        }
        validationErrors.throwExceptionForPresentErrors();
        return AuthCredentials.forUser(String.valueOf(map.get("user"))).password(String.valueOf(map.get(ConfigConstants.SEARCHGUARD_AUDIT_EXTERNAL_ES_PASSWORD)).getBytes(StandardCharsets.UTF_8)).complete().build();
    }

    @Override // com.floragunn.searchguard.authc.rest.HttpAuthenticationFrontend
    public String getChallenge(AuthCredentials authCredentials) {
        if (this.challenge) {
            return "Basic realm=\"Search Guard\"";
        }
        return null;
    }

    public ComponentState getComponentState() {
        return this.componentState;
    }

    private AuthCredentials.Builder decodeBasicCredentials(String str) {
        if (str == null) {
            return null;
        }
        String str2 = new String(Base64.getDecoder().decode(str), StandardCharsets.UTF_8);
        int indexOf = str2.indexOf(58);
        if (indexOf != -1) {
            return AuthCredentials.forUser(str2.substring(0, indexOf)).password((str2.length() - 1 != indexOf ? str2.substring(indexOf + 1) : "").getBytes(StandardCharsets.UTF_8)).complete();
        }
        log.debug("Invalid 'Authorization' header; no colon found.");
        return null;
    }
}
