package fitnesse.authentication;

import fitnesse.FitNesseContext;
import fitnesse.Responder;
import fitnesse.html.template.HtmlPage;
import fitnesse.http.Request;
import fitnesse.http.Response;
import fitnesse.http.SimpleResponse;
import fitnesse.slim.converters.BooleanConverter;
import fitnesse.util.Base64;
import java.io.UnsupportedEncodingException;
import java.util.Properties;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:fitnesse/authentication/NegotiateAuthenticator.class */
public class NegotiateAuthenticator extends Authenticator {
    public static final String NEGOTIATE = "Negotiate";
    protected String serviceName;
    protected Oid serviceNameType;
    protected Oid mechanism;
    protected boolean stripRealm;
    protected GSSManager manager;
    protected GSSCredential serverCreds;

    /* loaded from: input_file:fitnesse/authentication/NegotiateAuthenticator$UnauthenticatedNegotiateResponder.class */
    protected static class UnauthenticatedNegotiateResponder implements Responder {
        private String token;

        public UnauthenticatedNegotiateResponder(String str) {
            this.token = str;
        }

        @Override // fitnesse.Responder
        public Response makeResponse(FitNesseContext fitNesseContext, Request request) throws Exception {
            SimpleResponse simpleResponse = new SimpleResponse(401);
            simpleResponse.addHeader("WWW-Authenticate", this.token == null ? NegotiateAuthenticator.NEGOTIATE : "Negotiate " + this.token);
            HtmlPage newPage = fitNesseContext.pageFactory.newPage();
            newPage.addTitles("Negotiated authentication required");
            if (request == null) {
                newPage.setMainTemplate("authRequired.vm");
            } else {
                newPage.setMainTemplate("authFailed.vm");
            }
            simpleResponse.setContent(newPage.html());
            return simpleResponse;
        }
    }

    public NegotiateAuthenticator(GSSManager gSSManager, Properties properties) throws Exception {
        this.stripRealm = true;
        this.manager = gSSManager;
        configure(properties);
        initServiceCredentials();
    }

    public NegotiateAuthenticator(Properties properties) throws Exception {
        this(GSSManager.getInstance(), properties);
    }

    protected void initServiceCredentials() throws Exception {
        if (this.serviceName == null) {
            this.serverCreds = null;
        } else {
            this.serverCreds = this.manager.createCredential(this.manager.createName(this.serviceName, this.serviceNameType, this.mechanism), Integer.MAX_VALUE, this.mechanism, 2);
        }
    }

    protected void configure(Properties properties) throws Exception {
        this.serviceName = properties.getProperty("NegotiateAuthenticator.serviceName", null);
        this.serviceNameType = new Oid(properties.getProperty("NegotiateAuthenticator.serviceNameType", GSSName.NT_HOSTBASED_SERVICE.toString()));
        String property = properties.getProperty("NegotiateAuthenticator.mechanism", null);
        this.mechanism = property == null ? null : new Oid(property);
        this.stripRealm = Boolean.parseBoolean(properties.getProperty("NegotiateAuthenticator.stripRealm", BooleanConverter.TRUE));
    }

    public GSSCredential getServerCredentials() {
        return this.serverCreds;
    }

    public Oid getServiceNameType() {
        return this.serviceNameType;
    }

    public Oid getMechanism() {
        return this.mechanism;
    }

    @Override // fitnesse.authentication.Authenticator
    protected Responder unauthorizedResponder(FitNesseContext fitNesseContext, Request request) {
        return new UnauthenticatedNegotiateResponder(request.getAuthorizationPassword());
    }

    protected void negotiateCredentials(Request request) throws UnsupportedEncodingException, GSSException {
        String header = request.getHeader("Authorization");
        if (header == null || !header.toLowerCase().startsWith(NEGOTIATE.toLowerCase())) {
            request.setCredentials(null, null);
        } else {
            setCredentials(request, getToken(header));
        }
    }

    static byte[] getToken(String str) throws UnsupportedEncodingException {
        return Base64.decode(str.substring(NEGOTIATE.length()).trim().getBytes("UTF-8"));
    }

    private void setCredentials(Request request, byte[] bArr) throws GSSException, UnsupportedEncodingException {
        int indexOf;
        GSSContext createContext = this.manager.createContext(this.serverCreds);
        byte[] acceptSecContext = createContext.acceptSecContext(bArr, 0, bArr.length);
        String str = acceptSecContext == null ? null : new String(Base64.encode(acceptSecContext), "UTF-8");
        if (!createContext.isEstablished()) {
            request.setCredentials(null, str);
            return;
        }
        String gSSName = createContext.getSrcName().toString();
        if (this.stripRealm && (indexOf = gSSName.indexOf(64)) != -1) {
            gSSName = gSSName.substring(0, indexOf);
        }
        request.setCredentials(gSSName, str);
    }

    @Override // fitnesse.authentication.Authenticator
    public Responder authenticate(FitNesseContext fitNesseContext, Request request, Responder responder) throws Exception {
        negotiateCredentials(request);
        return super.authenticate(fitNesseContext, request, responder);
    }

    @Override // fitnesse.authentication.Authenticator
    public boolean isAuthenticated(String str, String str2) {
        return str != null;
    }
}
