package org.jasig.cas.support.spnego.web.flow;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jasig.cas.support.spnego.util.SpnegoConstants;
import org.jasig.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;
import org.springframework.webflow.action.AbstractAction;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:org/jasig/cas/support/spnego/web/flow/SpnegoNegociateCredentialsAction.class */
public final class SpnegoNegociateCredentialsAction extends AbstractAction {
    private static final Logger LOGGER = LoggerFactory.getLogger(SpnegoNegociateCredentialsAction.class);
    private boolean ntlm;
    private boolean mixedModeAuthentication;
    private String messageBeginPrefix = constructMessagePrefix();
    private List<String> supportedBrowser = new ArrayList();

    public SpnegoNegociateCredentialsAction() {
        this.supportedBrowser.add("MSIE");
        this.supportedBrowser.add("Trident");
        this.supportedBrowser.add("Firefox");
        this.supportedBrowser.add("AppleWebKit");
    }

    protected Event doExecute(RequestContext requestContext) {
        HttpServletRequest httpServletRequest = WebUtils.getHttpServletRequest(requestContext);
        HttpServletResponse httpServletResponse = WebUtils.getHttpServletResponse(requestContext);
        String header = httpServletRequest.getHeader(SpnegoConstants.HEADER_AUTHORIZATION);
        String header2 = httpServletRequest.getHeader(SpnegoConstants.HEADER_USER_AGENT);
        LOGGER.debug("Authorization header [{}], User Agent header [{}]", header, header2);
        if (!StringUtils.hasText(header2) || this.supportedBrowser.isEmpty()) {
            LOGGER.debug("User Agent header [{}] is empty, or no browsers are supported", header2);
            return success();
        }
        if (!isSupportedBrowser(header2)) {
            LOGGER.debug("User Agent header [{}] is not supported in the list of supported browsers [{}]", header2, this.supportedBrowser);
            return success();
        }
        if (!StringUtils.hasText(header) || !header.startsWith(this.messageBeginPrefix) || header.length() <= this.messageBeginPrefix.length()) {
            String str = this.ntlm ? SpnegoConstants.NTLM : SpnegoConstants.NEGOTIATE;
            LOGGER.debug("Authorization header not found or does not match the message prefix [{}]. Sending [{}] header [{}]", new Object[]{this.messageBeginPrefix, SpnegoConstants.HEADER_AUTHENTICATE, str});
            httpServletResponse.setHeader(SpnegoConstants.HEADER_AUTHENTICATE, str);
            httpServletResponse.setStatus(401);
            if (!this.mixedModeAuthentication) {
                LOGGER.debug("Mixed-mode authentication is disabled. Executing completion of response");
                requestContext.getExternalContext().recordResponseComplete();
            }
        }
        return success();
    }

    public void setNtlm(boolean z) {
        this.ntlm = z;
        this.messageBeginPrefix = constructMessagePrefix();
    }

    public void setSupportedBrowser(List<String> list) {
        this.supportedBrowser = list;
    }

    public void setMixedModeAuthentication(boolean z) {
        this.mixedModeAuthentication = z;
    }

    protected String constructMessagePrefix() {
        return (this.ntlm ? SpnegoConstants.NTLM : SpnegoConstants.NEGOTIATE) + ' ';
    }

    protected boolean isSupportedBrowser(String str) {
        Iterator<String> it = this.supportedBrowser.iterator();
        while (it.hasNext()) {
            if (str.contains(it.next())) {
                return true;
            }
        }
        return false;
    }
}
