package io.hawt.system;

import io.hawt.util.Strings;
import io.hawt.web.auth.AuthenticationConfiguration;
import java.security.cert.X509Certificate;
import java.util.function.Consumer;
import javax.security.auth.Subject;
import javax.servlet.http.HttpServletRequest;
import org.apache.karaf.jaas.boot.principal.ClientPrincipal;
import org.apache.logging.log4j.message.ParameterizedMessage;
import org.slf4j.Logger;

/* loaded from: input_file:hawtio.war:WEB-INF/lib/hawtio-system-2.17.7.jar:io/hawt/system/AbstractAuthenticator.class */
public abstract class AbstractAuthenticator implements Authenticator {
    private final Logger log;
    protected HttpServletRequest request;
    protected AuthenticationConfiguration authConfiguration;
    protected String username;
    protected String password;
    protected X509Certificate[] certificates;

    public AbstractAuthenticator(Logger logger, HttpServletRequest httpServletRequest, AuthenticationConfiguration authenticationConfiguration, String str, String str2) {
        this.log = logger;
        this.request = httpServletRequest;
        this.authConfiguration = authenticationConfiguration;
        this.username = str;
        this.password = str2;
    }

    public AbstractAuthenticator(Logger logger, HttpServletRequest httpServletRequest, AuthenticationConfiguration authenticationConfiguration) {
        this.log = logger;
        this.request = httpServletRequest;
        this.authConfiguration = authenticationConfiguration;
        Authentication.extractAuthHeader(httpServletRequest, (str, str2) -> {
            this.username = str;
            this.password = str2;
        });
        Object attribute = httpServletRequest.getAttribute("javax.servlet.request.X509Certificate");
        if (attribute != null) {
            this.certificates = (X509Certificate[]) attribute;
        }
    }

    public boolean isUsernamePasswordSet() {
        return Strings.isNotBlank(this.username) && Strings.isNotBlank(this.password);
    }

    public boolean hasNoCredentials() {
        return (!isUsernamePasswordSet() || this.username.equals("public")) && this.certificates == null;
    }

    @Override // io.hawt.system.Authenticator
    public final AuthenticateResult authenticate(Consumer<Subject> consumer) {
        if (hasNoCredentials()) {
            return AuthenticateResult.NO_CREDENTIALS;
        }
        Subject doAuthenticate = doAuthenticate();
        if (doAuthenticate == null) {
            return AuthenticateResult.NOT_AUTHORIZED;
        }
        if (consumer != null) {
            try {
                consumer.accept(doAuthenticate);
            } catch (Exception e) {
                this.log.warn("Failed to execute privileged action:", (Throwable) e);
            }
        }
        return AuthenticateResult.AUTHORIZED;
    }

    public final Subject initSubject() {
        Subject subject = new Subject();
        try {
            subject.getPrincipals().add(new ClientPrincipal("hawtio", this.request.getRemoteHost() + ParameterizedMessage.ERROR_MSG_SEPARATOR + this.request.getRemotePort()));
        } catch (Throwable th) {
        }
        return subject;
    }

    protected abstract Subject doAuthenticate();
}
