package org.apache.qpid.server.management.plugin.auth;

import jakarta.servlet.http.HttpServletRequest;
import java.util.Map;
import java.util.Objects;
import org.apache.qpid.server.management.plugin.HttpManagement;
import org.apache.qpid.server.management.plugin.HttpManagementConfiguration;
import org.apache.qpid.server.management.plugin.HttpManagementUtil;
import org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator;
import org.apache.qpid.server.plugin.PluggableService;
import org.apache.qpid.server.security.TokenCarryingPrincipal;
import org.apache.qpid.server.security.auth.AuthenticationResult;
import org.apache.qpid.server.security.auth.manager.KerberosAuthenticationManager;

@PluggableService
/* loaded from: input_file:org/apache/qpid/server/management/plugin/auth/SpnegoInteractiveAuthenticator.class */
public class SpnegoInteractiveAuthenticator implements HttpRequestInteractiveAuthenticator {
    @Override // org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator
    public HttpRequestInteractiveAuthenticator.AuthenticationHandler getAuthenticationHandler(HttpServletRequest httpServletRequest, HttpManagementConfiguration httpManagementConfiguration) {
        KerberosAuthenticationManager authenticationProvider = httpManagementConfiguration.getAuthenticationProvider(httpServletRequest);
        if (!(authenticationProvider instanceof KerberosAuthenticationManager)) {
            return null;
        }
        KerberosAuthenticationManager kerberosAuthenticationManager = authenticationProvider;
        return httpServletResponse -> {
            AuthenticationResult authenticate = kerberosAuthenticationManager.authenticate(httpServletRequest.getHeader("Authorization"));
            if (authenticate == null || authenticate.getStatus() == AuthenticationResult.AuthenticationStatus.ERROR) {
                httpServletResponse.setHeader("WWW-Authenticate", "Negotiate");
                httpServletResponse.sendError(401);
                return;
            }
            TokenCarryingPrincipal mainPrincipal = authenticate.getMainPrincipal();
            if (mainPrincipal instanceof TokenCarryingPrincipal) {
                Map tokens = mainPrincipal.getTokens();
                Objects.requireNonNull(httpServletResponse);
                tokens.forEach(httpServletResponse::setHeader);
            }
            HttpManagementUtil.createServletConnectionSubjectAssertManagementAccessAndSave(kerberosAuthenticationManager.getParent(), httpServletRequest, httpManagementConfiguration.mo6getPort(httpServletRequest).getSubjectCreator(httpServletRequest.isSecure(), httpServletRequest.getServerName()).createResultWithGroups(authenticate).getSubject());
            httpServletRequest.getRequestDispatcher(HttpManagement.DEFAULT_LOGIN_URL).forward(httpServletRequest, httpServletResponse);
        };
    }

    @Override // org.apache.qpid.server.management.plugin.HttpRequestInteractiveAuthenticator
    public HttpRequestInteractiveAuthenticator.LogoutHandler getLogoutHandler(HttpServletRequest httpServletRequest, HttpManagementConfiguration httpManagementConfiguration) {
        return httpServletResponse -> {
            httpServletResponse.sendRedirect(HttpManagement.DEFAULT_LOGOUT_URL);
        };
    }

    public String getType() {
        return "SPNEGO";
    }
}
